Re: Hacked
From: Karl Levinson, mvp (levinson_k_at_despammed.com)
Date: 03/26/05
- Next message: Karl Levinson, mvp: "Re: SysInternals' RootKit Revealer reports "System - Error dumping hiv"
- Previous message: lecter: "Re: System Restore Not Turning On"
- In reply to: johnstep: "Hacked"
- Next in thread: Frank Saunders, MS-MVP, IE/OE: "Re: Hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Mar 2005 07:41:58 -0500
"johnstep" <ai7802@wayne.edu> wrote in message
news:OGQr9YUMFHA.2132@TK2MSFTNGP14.phx.gbl...
> Does a hacker need adminstrative permissions to drop a backdoor program on
> your computer and excute it?
No. A hacker can do most things without administrative privileges. Of
course, most hackers do get administrative privileges... partly because most
people run Windows day to day by logging in with administrator privileges,
partly because most remote network service buffer overflows grant
administrator-equivalent privileges. Also, if you are running as a user
that is in the local Power Users group, it is reportedly not too hard to
escalate your privileges to administrator, if you needed to, so MS and
others recommend not using that group at all if you can help it.
A non-administrator user can still copy and write executable files to your
disk, run those files, see your data files and most of your Windows files
[unless you or your administrator have intentionally changed the ACL
permissions on the files and folders], send email viruses out, run a remote
access Trojan that listens for incoming connections, install hidden software
to use your computer as an FTP server, etc. A non-administrator user
cannnot add or change user accounts, is hindered in being able to get your
SAM database of local users and passwords, and *might* have difficulty
making a malicious program re-load if you log out and a different user ID is
used to log back into your computer.
Running Windows as non-administrator is a good security practice, but
contrary to popular belief, it does NOT hinder most viruses or worms.
Running as non-admin does successfully block most of today's adware and
spyware, but only because adware and spyware authors have no need to try to
write programs that work as non-administrator, because few people do so.
Note that if your hard drive was not formatted as NTFS at the time that
Windows was being installed, then every user on your computer has
permissions to all of the files on your hard drive. If this applies to you,
this can be fixed. I believe the default permissions on all drives besides
your C: drive is also that every user has full permission.
- Next message: Karl Levinson, mvp: "Re: SysInternals' RootKit Revealer reports "System - Error dumping hiv"
- Previous message: lecter: "Re: System Restore Not Turning On"
- In reply to: johnstep: "Hacked"
- Next in thread: Frank Saunders, MS-MVP, IE/OE: "Re: Hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
