Sign in with
Sign up | Sign in
Your question

Infection risks with an account with no administrator righ..

Last response: in Windows XP
Share
Anonymous
a b 8 Security
September 1, 2005 1:13:57 AM

Archived from groups: microsoft.public.windowsxp.security_admin,24hoursupport.helpdesk,alt.computer.security (More info?)

Hello All:

I'm considering setting up another account on my XP professional with
no administrator rights to minimize getting viruses. Our IT department
at work to the way the administrator rights from users do Windows 2000
computers, saying that this will prevent infections.

What I'm wondering is if there are still infection risks with this type
of account on an XP professional environment.

Any comments would be appreciated.

Deguza
Anonymous
a b 8 Security
September 1, 2005 2:23:56 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Sorry, I used voice recognition, and it seems like it did not do a
good job...

The sentence should read: "Our IT department at work took away the
administrator rights from users on Windows 2000 computers, saying that
this will prevent infections. "

Deguza
Anonymous
a b 8 Security
September 1, 2005 3:05:19 AM

Archived from groups: microsoft.public.windowsxp.security_admin,24hoursupport.helpdesk,alt.computer.security (More info?)

Duane, this is very good. It is last updated in December 2003, though.
Do you think it covers everything?

Deguza
Related resources
Anonymous
a b 8 Security
September 1, 2005 5:46:29 AM

Archived from groups: microsoft.public.windowsxp.security_admin,24hoursupport.helpdesk,alt.computer.security (More info?)

Kompu Kid wrote:
> Duane, this is very good. It is last updated in December 2003,
> though. Do you think it covers everything?

If it was written yesterday, it would not cover everything.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
September 1, 2005 8:28:37 AM

Archived from groups: microsoft.public.windowsxp.security_admin,24hoursupport.helpdesk,alt.computer.security (More info?)

deguza@hotmail.com wrote:

> Hello All:
>
> I'm considering setting up another account on my XP professional with
> no administrator rights to minimize getting viruses. Our IT department
> at work to the way the administrator rights from users do Windows 2000
> computers, saying that this will prevent infections.
>
> What I'm wondering is if there are still infection risks with this type
> of account on an XP professional environment.
>
> Any comments would be appreciated.
>
> Deguza

Can you retype this sentence?

Our IT department at work to the way the administrator rights from users do
Windows 2000 computers, saying that this will prevent infections.

As a general rule it is better to not have users with local or domain
administrator rights...The reason is simple. Think of it like this. If you
have local/domain admin rights on your account and you execute a virus,
guess what, that virus also has local/domain admin rights...get it?

Imhotep
Anonymous
a b 8 Security
September 1, 2005 9:18:43 AM

Archived from groups: microsoft.public.windowsxp.security_admin,24hoursupport.helpdesk,alt.computer.security (More info?)

deguza@hotmail.com wrote in news:1125548037.219996.252920
@g44g2000cwa.googlegroups.com:

> Hello All:
>
> I'm considering setting up another account on my XP professional with
> no administrator rights to minimize getting viruses. Our IT department
> at work to the way the administrator rights from users do Windows 2000
> computers, saying that this will prevent infections.
>
> What I'm wondering is if there are still infection risks with this type
> of account on an XP professional environment.
>
> Any comments would be appreciated.
>
> Deguza
>

If the user account doesn't have Admin rights, the registry cannot be
changed, files cannot be written or deleted from the Windows/System32
directory, installs cannot take place etc, etc, malware will inherit the
security context of the user account it is using at the time of the
compromise.

The link explains some other security measures one could implement on the
XP Pro O/S.

http://labmice.techtarget.com/articles/winxpsecurityche...

Duane :) 
Anonymous
a b 8 Security
September 1, 2005 11:01:49 AM

Archived from groups: microsoft.public.windowsxp.security_admin,24hoursupport.helpdesk,alt.computer.security (More info?)

"Kompu Kid" <deguza@hotmail.com> wrote in news:1125554719.897613.162040
@z14g2000cwz.googlegroups.com:

> Duane, this is very good. It is last updated in December 2003, though.
> Do you think it covers everything?
>
> Deguza
>
>

Here is another link that someone pointed me to. I kind of looked at it but
not that much.

http://www.ntsvcfg.de/ntsvcfg_eng.html

Here is the one for Win 2K and I think you'll notice that there is not that
much of a difference with the XP one for basic security.

http://labmice.techtarget.com/articles/securingwin2000....

However, if you want to know more, then I suggest that you obtain the
Resource Kit books. Maybe, they are at the public library.
ISBN 0-7356-1974-3 and ISBN 0-7356-1868-2 and both books have CD(s) with
many scripts and whatnot to apply to the XP O/S, along with many chapters
about configuring the Windows O/S for security and other things.

Duane :) 
Anonymous
a b 8 Security
September 1, 2005 11:35:57 AM

Archived from groups: microsoft.public.windowsxp.security_admin,24hoursupport.helpdesk,alt.computer.security (More info?)

No no no! Running Windows, Internet explorer, etc. as non-administrator
does NOTHING, ZERO, to prevent viruses. People running as non-admin can
still be infected, flood the network with virus traffic, have their
passwords and credit card numbers and keystrokes logged and emailed out to
an attacker, change the registry to re-load the virus when the computer is
rebooted, etc.

It IS very effective at preventing spyware and adware [spyware meaning
programs that track your browsing habits for advertising purposes, not
malicious attacks like keystroke loggers]. This helps mainly because the
spyware and adware authors are lazy. They could very easily re-write their
programs to work as non-admin if they wanted to. These programs are mainly
a nuisance and a moderate threat to your privacy.

Running as non-admin mainly helps you control what the user can install and
configure on the system, not what an outside attacker or malicious code can
do. Most of the things that malicious code wants to do, it can do as a
non-admin. Most viruses don't try or need to use any administrator
privileges. And once a human attacker has non-admin privileges on a system,
it is not too hard to do lots of bad things with those privileges, or
escalate to admin privileges on that system or another system.

When it comes to viruses, running as non-admin does help a little on Windows
systems shared by multiple users: one infected user does not automatically
infect everyone else on the computer. For systems used by just one user,
this matters not.

There are a number of articles out there on how running as non-admin helps
against viruses. Many of them are mistaken.

Running as non-admin is NOT anti-virus. If you don't believe me, look at
most of the recent viruses, network and email worms, etc. and consider
whether running as non-admin would have stopped them. Zotob, Mydoom, Mimail,
etc. etc. are NOT hindered by running as non-admin.


<deguza@hotmail.com> wrote in message
news:1125548037.219996.252920@g44g2000cwa.googlegroups.com...
> Hello All:
>
> I'm considering setting up another account on my XP professional with
> no administrator rights to minimize getting viruses. Our IT department
> at work to the way the administrator rights from users do Windows 2000
> computers, saying that this will prevent infections.
>
> What I'm wondering is if there are still infection risks with this type
> of account on an XP professional environment.
>
> Any comments would be appreciated.
>
> Deguza
>
Anonymous
a b 8 Security
September 1, 2005 3:28:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In article <1125552236.274405.253140@f14g2000cwb.googlegroups.com>,
deguza@hotmail.com says...
> Sorry, I used voice recognition, and it seems like it did not do a
> good job...
>
> The sentence should read: "Our IT department at work took away the
> administrator rights from users on Windows 2000 computers, saying that
> this will prevent infections. "

We do the same, as you don't need Admin rights to do your daily work in
most cases.

It's a very good means to prevent installation of malicious code by
"users". In all our offices/network/clients we run like that and have
never had a compromise, but it's not the only method.

Mark

--

spam999free@rrohio.com
remove 999 in order to email me
Anonymous
a b 8 Security
September 2, 2005 12:48:39 AM

Archived from groups: microsoft.public.windowsxp.security_admin,24hoursupport.helpdesk,alt.computer.security (More info?)

Karl Levinson, mvp wrote:
> No no no! Running Windows, Internet explorer, etc. as non-administrator
> does NOTHING, ZERO, to prevent viruses. People running as non-admin can
> still be infected, flood the network with virus traffic, have their
> passwords and credit card numbers and keystrokes logged and emailed out to
> an attacker, change the registry to re-load the virus when the computer is
> rebooted, etc.
>
> It IS very effective at preventing spyware and adware [spyware meaning
> programs that track your browsing habits for advertising purposes, not
> malicious attacks like keystroke loggers]. This helps mainly because the
> spyware and adware authors are lazy. They could very easily re-write their
> programs to work as non-admin if they wanted to. These programs are mainly
> a nuisance and a moderate threat to your privacy.
>
> Running as non-admin mainly helps you control what the user can install and
> configure on the system, not what an outside attacker or malicious code can
> do. Most of the things that malicious code wants to do, it can do as a
> non-admin. Most viruses don't try or need to use any administrator
> privileges. And once a human attacker has non-admin privileges on a system,
> it is not too hard to do lots of bad things with those privileges, or
> escalate to admin privileges on that system or another system.
>
> When it comes to viruses, running as non-admin does help a little on Windows
> systems shared by multiple users: one infected user does not automatically
> infect everyone else on the computer. For systems used by just one user,
> this matters not.
>
> There are a number of articles out there on how running as non-admin helps
> against viruses. Many of them are mistaken.
>
> Running as non-admin is NOT anti-virus. If you don't believe me, look at
> most of the recent viruses, network and email worms, etc. and consider
> whether running as non-admin would have stopped them. Zotob, Mydoom, Mimail,
> etc. etc. are NOT hindered by running as non-admin.
>
>
> <deguza@hotmail.com> wrote in message
> news:1125548037.219996.252920@g44g2000cwa.googlegroups.com...
>
>>Hello All:
>>
>>I'm considering setting up another account on my XP professional with
>>no administrator rights to minimize getting viruses. Our IT department
>>at work to the way the administrator rights from users do Windows 2000
>>computers, saying that this will prevent infections.
>>
>>What I'm wondering is if there are still infection risks with this type
>>of account on an XP professional environment.
>>
>>Any comments would be appreciated.
>>
>>Deguza
>>
>
>
>
It reduces some of the vulnerabilities however some exploits allow
privilege escalation which makes the point mute. Using the Microsoft
Drop my rights tool you can have users by default run with restricted
perms for routine web activities but doing this will not eliminate
potential compromises. It will reduce the threat.

We have several thousand users who use IE without major issue, however
IE use is not by my choice (in spite of God complex, we do not
necessarily control). Because it is not by choice it requires a number
of proactive measures to reduce infection rates.

Vigilance is key.

Blocking a number of known spyware scum sites from communicating is one
method. Layered firewalls are essential as well as segmented networks
with various DMZs and SDMZs.

Blocking various ActiveX and DCOM controls from operating is yet another
vector constraint.

IDS tools to identify various inappropriate or questionable activity.

Centralized viral management.

Mail Spam filtering, and blocking various problematic networks that
communication is not required at the mail gateway.

Last and foremost is user education. If you can get users to stop risky
behaviors, and teach them about the threat, remove a few users loudly
who violate policies in place to protect the network, it goes a long way
to reduce compromise rate. All users should have computer use
agreements in place and management support to enforce policies.

Policies should be aimed at risky behaviors.

Yes, we find spyware on occasion, but if you analyze how the infection
occurred and what it is, you can usually prevent it from reoccurring.

With IDS you can usually identify abnormal patterns and activity fairly
quickly.

From my perspective IE is job security :-P

Winged
!