Re: How effective is a Limited User Account?
- From: Shark <alien51@xxxxxxxxxxxx>
- Date: Thu, 29 Nov 2007 08:41:58 -0800 (PST)
On Nov 27, 4:00 pm, Niniel <Nin...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Look, the bottom line is this:
Running a limited account does not mean you are absolutely safe. Having an
army of AV and ASW programs does not mean you are absolutely safe.
The fact of the matter is that software has bugs. These bugs can be found
and exploited.
Then there is software where the security holes are actually features - see
ActiveX.
I'm well aware of that but thanks. Personally, I don't expect
infallibility in security setups. But I do try to understand the
limitations of any given method.
NoScript is a tool to protect you from browser-based attacks - specially
prepared web sites that use JavaScript and other scripting for phishing
attacks, and other attacks. Or even badly programmed legitimate sites that
allow hackers to insert and execute code. (It's quite scary. I recently read
an article on a German computer site where an editor had checked out a bank's
site and without trying too hard found multiple ways for cross scripting
attacks to succeed).
I'll give it a try, thanks for the tip.
Also, if you browse down to the thread about SAM databases you'll see that
the windows security settings reside in memory unencrypted, and that there
are tools who can read them. That entire database is very badly protected, it
can be easily cracked and altered (which sometimes works in your favour, e.g.
if you have to break into your own box after malware took over - check out
UBCD4Win).
Aha! And so I finally perceive the true limitation of permissions: it
can be cracked! I thought this was much harder to do.... After reading
that post and investigating a little further it turns out that
cracking the permissions database is a matter of seconds. From the
little I read, you must have physical access to the local machine
(which is not possible to the Internet attacker) but I get the idea.
In relation to viruses cracking permissions I came across this
Microsoft Security Bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
In the recent past, I think it was the most serious flaw where a user
would get infected simply by hovering the mouse over a malicious
webpage. Of the seven vulnerabilities associated with this flaw, FIVE
were "Elevation of Privilege", meaning: bypassing limited user
accounts!
My conclusion is this. Limited User Accounts are very effective in
deterring viruses installing on your system. They are so effective
that the simple elevation of privileges is a legitimate target for
hackers. Limited User Rights is another hoop hackers have to jump
before taking control.
.
- References:
- How effective is a Limited User Account?
- From: Shark
- Re: How effective is a Limited User Account?
- From: Shark
- Re: How effective is a Limited User Account?
- From: Niniel
- How effective is a Limited User Account?
- Prev by Date: 'offline update' of virus definitions
- Next by Date: Re: How to access a user folder to retrieve files from another system?
- Previous by thread: Re: How effective is a Limited User Account?
- Next by thread: Re: How effective is a Limited User Account?
- Index(es):
Relevant Pages
|
