From: Lil' Abner on 31 Jul 2010 23:39 "Joe" <joe(a)invalid.invalid> wrote in news:i2vhk3$1op$1(a)news.eternal-september.org: > It was suggested to me in the community forum for Norton- that a way > to less the chance of malware from web pages is to use a user account > rather than my admin. account because the user account has less access > to system resources. I have a customer who brings his computer in to me about once a month to remove one of the rogue security apps. He blames it on the grandchildren when they visit and I suspect he's probably right. So I am going to put the user account thing to a test. Actually, when you do a fresh install of Avira 10, the first time you reboot, it pops up a warning about having administrator rights, so there must be some credibility about the user account idea. I already have it set up now and have tested a couple of things. You can't run msconfig. You can run regedit but if you try to change anything, it won't let you. It let me update Avira and SuperAntispyware definitions, but it won't allow MalwareBytes to update. I'm not sure what all else it will allow or disallow but it is worth a try. The only real time protection it has on it is Avira 10 and Windows Defender. Avira usually asks you to shut Windows Defender off when you install it, but on this machine it didn't. I have a shop computer I may put a limited account on and try and see if I can infect it. I'll post the results. Before anyone asks, I keep an Acronis disk image of that hard drive on another physical drive and when I'm done playing, I just restoreit. -- --- Everybody has a right to my opinion. ---
From: FromTheRafters on 1 Aug 2010 15:55 "Joe" <joe(a)invalid.invalid> wrote in message news:i34gcm$k56$1(a)news.eternal-september.org... [...] > One of the features, "Try and Decide", supposedly is > also a great way to limit malware from web sites- it uses a special > locked section of the hard drive > where it mimics system files- any changes to those > while running this feature only changes the virtual > system files in the protected zone. [...] > [...] Try and Decide- supposedly the system is safe > from any malware. That is, any malware that requires accessing those particular things that you prevent it from having access to. Mostly this ability to write to an actual disk is for malware that is designed to be persistent or recurring. > Now, I don't know if this logic is valid but it might be. > Somebody in a Norton community forum suggested > that some malware can still damage the system. That's true, but damaging the system isn't the only problem to address regarding malware.
From: dominik lenn� on 6 Aug 2010 03:38 Within a non-admin account any program I deliberately start will have no admin-rights and so will not have the possibility do dig itself deeply into the registry or boot sector, as I understand it. But what about exloits exploiting malware, that is code, that starts by overwriting more or less arbitrary parts of the cpu associated memory - do the non-admin-account restriction of rights still apply for that, so that access to registry and boot sector is blocked? Does the OS somehow contain events of this kind? Dominik
From: FromTheRafters on 6 Aug 2010 06:35 "dominik lenn�" <dlenne(a)web.de> wrote in message news:8c1sfhFi53U1(a)mid.individual.net... > Within a non-admin account any program I deliberately start will have > no admin-rights and so will not have the possibility do dig itself > deeply into the registry or boot sector, as I understand it. True. > But what about exloits exploiting malware, that is code, that starts > by overwriting more or less arbitrary parts of the cpu associated > memory - do the non-admin-account restriction of rights still apply > for that, so that access to registry and boot sector is blocked? Does > the OS somehow contain events of this kind? If I understand your question, no. There will still be privilege escalation exploits from time to time.
From: FromTheRafters on 6 Aug 2010 17:59 "Wolf K" <wekirch(a)sympatico.ca> wrote in message news:JZU6o.358382$ae7.209123(a)unlimited.newshosting.com... On 06/08/2010 03:38, dominik lenn� wrote: > Within a non-admin account any program I deliberately start will have > no > admin-rights and so will not have the possibility do dig itself deeply > into > the registry or boot sector, as I understand it. Correct, but it does have access to system resources (else it couldn't run at all.) > But what about exploits exploiting malware, that is code, that starts > by > overwriting more or less arbitrary parts of the cpu associated > memory - do > the non-admin-account restriction of rights still apply for that, so > that > access to registry and boot sector is blocked? Does the OS somehow > contain > events of this kind? > > Dominik Yes, some malware will do this, and can do it even from a user account. How it's done depends on the OS, but all software must call system resources. AIUI, if malware inserts a system call that gives it access at a deeper level, then it can wreak havoc. This is the method used by viruses and worms. [...] *** A minor point. Exploit based malware includes true worms, but not most true viruses. Viruses don't require *any* software vulnerabilities. There is some confusion on this point because many viruses were written to demonstrate software vulnerabilities, although the action that makes a virus a virus is not dependent upon them. ***
|
Next
|
Last
Pages: 1 2 Prev: TT Livescan Database Update Information - 7-31-2010 Next: Anti-virus & signature updates |