Prev: TT Livescan Database Update Information - 7-31-2010
Next: Anti-virus & signature updates
From: Lil' Abner on 31 Jul 2010 23:39
"Joe" <joe(a)invalid.invalid> wrote in
news:i2vhk3$1op$1(a)news.eternal-september.org:

> It was suggested to me in the community forum for Norton- that a way
> to less the chance of malware from web pages is to use a user account
> rather than my admin. account because the user account has less access
> to system resources.

I have a customer who brings his computer in to me about once a month to
remove one of the rogue security apps. He blames it on the grandchildren
when they visit and I suspect he's probably right.
So I am going to put the user account thing to a test. Actually, when you
do a fresh install of Avira 10, the first time you reboot, it pops up a
warning about having administrator rights, so there must be some
credibility about the user account idea.
I already have it set up now and have tested a couple of things. You can't
run msconfig. You can run regedit but if you try to change anything, it
won't let you. It let me update Avira and SuperAntispyware definitions, but
it won't allow MalwareBytes to update.
I'm not sure what all else it will allow or disallow but it is worth a try.
The only real time protection it has on it is Avira 10 and Windows
Defender. Avira usually asks you to shut Windows Defender off when you
install it, but on this machine it didn't.
I have a shop computer I may put a limited account on and try and see if I
can infect it. I'll post the results.
Before anyone asks, I keep an Acronis disk image of that hard drive on
another physical drive and when I'm done playing, I just restoreit.

--
--- Everybody has a right to my opinion. ---
From: FromTheRafters on 1 Aug 2010 15:55
"Joe" <joe(a)invalid.invalid> wrote in message
news:i34gcm$k56$1(a)news.eternal-september.org...

[...]

> One of the features, "Try and Decide", supposedly is
> also a great way to limit malware from web sites- it uses a special
> locked section of the hard drive
> where it mimics system files- any changes to those
> while running this feature only changes the virtual
> system files in the protected zone.

[...]

> [...] Try and Decide- supposedly the system is safe
> from any malware.

That is, any malware that requires accessing those particular things
that you prevent it from having access to. Mostly this ability to write
to an actual disk is for malware that is designed to be persistent or
recurring.

> Now, I don't know if this logic is valid but it might be.
> Somebody in a Norton community forum suggested
> that some malware can still damage the system.

That's true, but damaging the system isn't the only problem to address
regarding malware.


From: dominik lenn� on 6 Aug 2010 03:38
Within a non-admin account any program I deliberately start will have no
admin-rights and so will not have the possibility do dig itself deeply into
the registry or boot sector, as I understand it.

But what about exloits exploiting malware, that is code, that starts by
overwriting more or less arbitrary parts of the cpu associated memory - do
the non-admin-account restriction of rights still apply for that, so that
access to registry and boot sector is blocked? Does the OS somehow contain
events of this kind?

Dominik


From: FromTheRafters on 6 Aug 2010 06:35
"dominik lenn�" <dlenne(a)web.de> wrote in message
news:8c1sfhFi53U1(a)mid.individual.net...
> Within a non-admin account any program I deliberately start will have
> no admin-rights and so will not have the possibility do dig itself
> deeply into the registry or boot sector, as I understand it.

True.

> But what about exloits exploiting malware, that is code, that starts
> by overwriting more or less arbitrary parts of the cpu associated
> memory - do the non-admin-account restriction of rights still apply
> for that, so that access to registry and boot sector is blocked? Does
> the OS somehow contain events of this kind?

If I understand your question, no. There will still be privilege
escalation exploits from time to time.


From: FromTheRafters on 6 Aug 2010 17:59
"Wolf K" <wekirch(a)sympatico.ca> wrote in message
news:JZU6o.358382$ae7.209123(a)unlimited.newshosting.com...
On 06/08/2010 03:38, dominik lenn� wrote:
> Within a non-admin account any program I deliberately start will have
> no
> admin-rights and so will not have the possibility do dig itself deeply
> into
> the registry or boot sector, as I understand it.

Correct, but it does have access to system resources (else it couldn't
run at all.)

> But what about exploits exploiting malware, that is code, that starts
> by
> overwriting more or less arbitrary parts of the cpu associated
> memory - do
> the non-admin-account restriction of rights still apply for that, so
> that
> access to registry and boot sector is blocked? Does the OS somehow
> contain
> events of this kind?
>
> Dominik

Yes, some malware will do this, and can do it even from a user account.
How it's done depends on the OS, but all software must call system
resources. AIUI, if malware inserts a system call that gives it access
at a deeper level, then it can wreak havoc. This is the method used by
viruses and worms.

[...]

***
A minor point.

Exploit based malware includes true worms, but not most true viruses.
Viruses don't require *any* software vulnerabilities. There is some
confusion on this point because many viruses were written to demonstrate
software vulnerabilities, although the action that makes a virus a virus
is not dependent upon them.
***


 |  Next  |  Last
Pages: 1 2
Prev: TT Livescan Database Update Information - 7-31-2010
Next: Anti-virus & signature updates