Re: registry hacked under XP limited account
From: Karl Levinson, mvp (levinson_k_at_despammed.com)
Date: 05/28/05
- Next message: Jason: "Re: Click please"
- Previous message: lecter: "registry hacked under XP limited account"
- In reply to: lecter: "registry hacked under XP limited account"
- Next in thread: Stefan Kanthak: "Re: registry hacked under XP limited account"
- Reply: Stefan Kanthak: "Re: registry hacked under XP limited account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 28 May 2005 08:29:33 -0400
"lecter" <2@2.com> wrote in message
news:kvfg91p7db9bm491idlkjnlobvkp3eo21h@4ax.com...
> I have a computer run under winxp system. And one day I found that
> the registry was modified and I couldn't run any .exe file! (the
> problem have been solved by input a registry key.)
> The thing I want to know is that the registry can be modified
> under winXP limited account?
Very very easily. Running as limited account does VERY LITTLE to stop
viruses. Anyone who tells you any different is mistaken. Even well-known
people at Microsoft have this misconception.
Running as limited user does prevent much spyware and adware today, but only
because the authors of that malware see no need to make their programs work
as limited users. This tactic will NOT be effective against future malware.
Malware running as limited user can do anything that you can do. If you
were able to change the registry and fix the problem while logged in as a
limited user, then malware would have the same permissions. You can see the
permissions of that registry value by clicking Start, Run and typing
REGEDT32. Also, many viruses use buffer overflows or could theoretically
use other exploits like local privilege escalation to gain full System
privileges, regardless of the permissions of the currently logged-in user.
If the registry value you fixed did not give Write permission to your
limited account [or to the Users or Everyone groups], then I would go to
http://windowsupdate.microsoft.com to check to make sure your system has all
its critical Windows patches to prevent remote buffer overflow viruses.
If you have multiple user accounts sharing one machine, logging in as a
limited user may prevent malware from loading and running when other people
log in. If you are the only user of your machine, however, that limitation
means absolutely nothing. Even if multiple people use the same system, they
can all become infected if they all happen to run a shared infected file,
for example.
What running as limited user does primarily is prevent the user from
changing the system configuration too much, mainly to implement change
control within an enterprise. It also makes it harder for malware running
under your account to do some things like create new login accounts. It's
also a security best practice, but not really because of viruses or malware.
Running as limited user does not prevent you from becoming infected, sending
out infected emails or packets, infecting other systems, deleting all your
data, searching your data for credit card numbers and passwords, running a
listening service, etc.
Note also that "Power User" is really not a very limited user. It is easy
to escalate privileges to Administrator. Also, most accounts in the Guests
group are not as limited by default as you might think.
RUNNING AS LIMITED USER DOES LITTLE OR NOTHING AGAINST VIRUSES. Spread the
word.
- Next message: Jason: "Re: Click please"
- Previous message: lecter: "registry hacked under XP limited account"
- In reply to: lecter: "registry hacked under XP limited account"
- Next in thread: Stefan Kanthak: "Re: registry hacked under XP limited account"
- Reply: Stefan Kanthak: "Re: registry hacked under XP limited account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
