Prev: Control Panel Unavailable
Next: TT Livescan Database Update Information - 7-31-2010
From: Wolf K on 30 Jul 2010 18:58
On 30/07/2010 17:53, Joe wrote:
> It was suggested to me in the community forum for Norton- that a way to
> less the chance of malware from web pages is to use a user account
> rather than my admin. account because the user account has less access
> to system resources.

Malware doesn't need 100% access to system resources. Most malware these
days it mostly designed to harvest information, or to use your computer
to transmit spam. For thsi user-level access is enough.

[snip reference to the "sandbox" or virtual machine method of testing
possible dangerous (infected) software]

HTH
wolf k.
From: Wolf K on 6 Aug 2010 10:27
On 06/08/2010 03:38, dominik lenné wrote:
> Within a non-admin account any program I deliberately start will have no
> admin-rights and so will not have the possibility do dig itself deeply into
> the registry or boot sector, as I understand it.

Correct, but it does have access to system resources (else it couldn't
run at all.)

> But what about exploits exploiting malware, that is code, that starts by
> overwriting more or less arbitrary parts of the cpu associated memory - do
> the non-admin-account restriction of rights still apply for that, so that
> access to registry and boot sector is blocked? Does the OS somehow contain
> events of this kind?
>
> Dominik

Yes, some malware will do this, and can do it even from a user account.
How it's done depends on the OS, but all software must call system
resources. AIUI, if malware inserts a system call that gives it access
at a deeper level, then it can wreak havoc. This is the method used by
viruses and worms. The difficulty of doing that varies: relatively easy
with Windows, and difficult with Linux and OS-X.

However, in practical terms, it makes little difference. Even a limited
user's access to system resources is enough for the kind of malware
that's the real threat these days: trojans, which are used to download
and activate the spambots and spyware which are the crooks' tools for
getting your personal data and hijacking your e-mail. Any malware
running in your user account will have the rights and privileges of that
account. This includes access to the web, the keyboard, data storage,
etc. The malware can use your programs' system calls to run in the
background. IOW, it can do anything the user can do.

Windows by default allows a non-admin user far more rights than OS-X or
Linux do. But although OS-X and Linux limit these rights by default,
they are not immune. People will still open e-mail attachments, and
browsers must have some ability to execute code offered by other
machines. These routes of infection cannot be blocked 100%, the only
thing you can do is scan incoming data for signs of malware.

cheers,
wolf k.

From: Wolf K on 6 Aug 2010 19:22
On 06/08/2010 17:59, FromTheRafters wrote:
> "Wolf K"<wekirch(a)sympatico.ca> wrote in message
> news:JZU6o.358382$ae7.209123(a)unlimited.newshosting.com...
> On 06/08/2010 03:38, dominik lenné wrote:
>> Within a non-admin account any program I deliberately start will have
>> no
>> admin-rights and so will not have the possibility do dig itself deeply
>> into
>> the registry or boot sector, as I understand it.
>
> Correct, but it does have access to system resources (else it couldn't
> run at all.)
>
>> But what about exploits exploiting malware, that is code, that starts
>> by
>> overwriting more or less arbitrary parts of the cpu associated
>> memory - do
>> the non-admin-account restriction of rights still apply for that, so
>> that
>> access to registry and boot sector is blocked? Does the OS somehow
>> contain
>> events of this kind?
>>
>> Dominik
>
> Yes, some malware will do this, and can do it even from a user account.
> How it's done depends on the OS, but all software must call system
> resources. AIUI, if malware inserts a system call that gives it access
> at a deeper level, then it can wreak havoc. This is the method used by
> viruses and worms.
>
> [...]
>
> ***
> A minor point.
>
> Exploit based malware includes true worms, but not most true viruses.
> Viruses don't require *any* software vulnerabilities. There is some
> confusion on this point because many viruses were written to demonstrate
> software vulnerabilities, although the action that makes a virus a virus
> is not dependent upon them.
> ***
>
>

Thanks. Subtle, but significant.

wolf k.

 | 
Pages: 1
Prev: Control Panel Unavailable
Next: TT Livescan Database Update Information - 7-31-2010