Archived from groups: microsoft.public.windowsxp.security_admin,24hoursupport.helpdesk,alt.computer.security (
More info?)
Karl Levinson, mvp wrote:
> No no no! Running Windows, Internet explorer, etc. as non-administrator
> does NOTHING, ZERO, to prevent viruses. People running as non-admin can
> still be infected, flood the network with virus traffic, have their
> passwords and credit card numbers and keystrokes logged and emailed out to
> an attacker, change the registry to re-load the virus when the computer is
> rebooted, etc.
>
> It IS very effective at preventing spyware and adware [spyware meaning
> programs that track your browsing habits for advertising purposes, not
> malicious attacks like keystroke loggers]. This helps mainly because the
> spyware and adware authors are lazy. They could very easily re-write their
> programs to work as non-admin if they wanted to. These programs are mainly
> a nuisance and a moderate threat to your privacy.
>
> Running as non-admin mainly helps you control what the user can install and
> configure on the system, not what an outside attacker or malicious code can
> do. Most of the things that malicious code wants to do, it can do as a
> non-admin. Most viruses don't try or need to use any administrator
> privileges. And once a human attacker has non-admin privileges on a system,
> it is not too hard to do lots of bad things with those privileges, or
> escalate to admin privileges on that system or another system.
>
> When it comes to viruses, running as non-admin does help a little on Windows
> systems shared by multiple users: one infected user does not automatically
> infect everyone else on the computer. For systems used by just one user,
> this matters not.
>
> There are a number of articles out there on how running as non-admin helps
> against viruses. Many of them are mistaken.
>
> Running as non-admin is NOT anti-virus. If you don't believe me, look at
> most of the recent viruses, network and email worms, etc. and consider
> whether running as non-admin would have stopped them. Zotob, Mydoom, Mimail,
> etc. etc. are NOT hindered by running as non-admin.
>
>
> <deguza@hotmail.com> wrote in message
> news:1125548037.219996.252920@g44g2000cwa.googlegroups.com...
>
>>Hello All:
>>
>>I'm considering setting up another account on my XP professional with
>>no administrator rights to minimize getting viruses. Our IT department
>>at work to the way the administrator rights from users do Windows 2000
>>computers, saying that this will prevent infections.
>>
>>What I'm wondering is if there are still infection risks with this type
>>of account on an XP professional environment.
>>
>>Any comments would be appreciated.
>>
>>Deguza
>>
>
>
>
It reduces some of the vulnerabilities however some exploits allow
privilege escalation which makes the point mute. Using the Microsoft
Drop my rights tool you can have users by default run with restricted
perms for routine web activities but doing this will not eliminate
potential compromises. It will reduce the threat.
We have several thousand users who use IE without major issue, however
IE use is not by my choice (in spite of God complex, we do not
necessarily control). Because it is not by choice it requires a number
of proactive measures to reduce infection rates.
Vigilance is key.
Blocking a number of known spyware scum sites from communicating is one
method. Layered firewalls are essential as well as segmented networks
with various DMZs and SDMZs.
Blocking various ActiveX and DCOM controls from operating is yet another
vector constraint.
IDS tools to identify various inappropriate or questionable activity.
Centralized viral management.
Mail Spam filtering, and blocking various problematic networks that
communication is not required at the mail gateway.
Last and foremost is user education. If you can get users to stop risky
behaviors, and teach them about the threat, remove a few users loudly
who violate policies in place to protect the network, it goes a long way
to reduce compromise rate. All users should have computer use
agreements in place and management support to enforce policies.
Policies should be aimed at risky behaviors.
Yes, we find spyware on occasion, but if you analyze how the infection
occurred and what it is, you can usually prevent it from reoccurring.
With IDS you can usually identify abnormal patterns and activity fairly
quickly.
From my perspective IE is job security
Winged