microsoft.public.windowsxp.security_admin
back to index
From: Shark
Date: Thursday, November 29, 2007 10:41 AM
Subject: Re: How effective is a Limited User Account?
On Nov 27, 4:00 pm, Niniel
> Look, the bottom line is this:
>
> Running a limited account does not mean you are absolutely safe. Having an
> army of AV and ASW programs does not mean you are absolutely safe.
>
> The fact of the matter is that software has bugs. These bugs can be found
> and exploited.
> Then there is software where the security holes are actually features - see
> ActiveX.
I'm well aware of that but thanks. Personally, I don't expect
infallibility in security setups. But I do try to understand the
limitations of any given method.
> NoScript is a tool to protect you from browser-based attacks - specially
> prepared web sites that use JavaScript and other scripting for phishing
> attacks, and other attacks. Or even badly programmed legitimate sites that
> allow hackers to insert and execute code. (It's quite scary. I recently read
> an article on a German computer site where an editor had checked out a bank's
> site and without trying too hard found multiple ways for cross scripting
> attacks to succeed).
I'll give it a try, thanks for the tip.
> Also, if you browse down to the thread about SAM databases you'll see that
> the windows security settings reside in memory unencrypted, and that there
> are tools who can read them. That entire database is very badly protected, it
> can be easily cracked and altered (which sometimes works in your favour, e.g.
> if you have to break into your own box after malware took over - check out
> UBCD4Win).
Aha! And so I finally perceive the true limitation of permissions: it
can be cracked! I thought this was much harder to do.... After reading
that post and investigating a little further it turns out that
cracking the permissions database is a matter of seconds. From the
little I read, you must have physical access to the local machine
(which is not possible to the Internet attacker) but I get the idea.
In relation to viruses cracking permissions I came across this
Microsoft Security Bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
In the recent past, I think it was the most serious flaw where a user
would get infected simply by hovering the mouse over a malicious
webpage. Of the seven vulnerabilities associated with this flaw, FIVE
were "Elevation of Privilege", meaning: bypassing limited user
accounts!
My conclusion is this. Limited User Accounts are very effective in
deterring viruses installing on your system. They are so effective
that the simple elevation of privileges is a legitimate target for
hackers. Limited User Rights is another hoop hackers have to jump
before taking control.
