Infection risks with an account with no administrator rights?

Discussion in 'Computer Security' started by deguza@hotmail.com, Sep 1, 2005.

  1. Guest

    Hello All:

    I'm considering setting up another account on my XP professional with
    no administrator rights to minimize getting viruses. Our IT department
    at work to the way the administrator rights from users do Windows 2000
    computers, saying that this will prevent infections.

    What I'm wondering is if there are still infection risks with this type
    of account on an XP professional environment.

    Any comments would be appreciated.

    Deguza
     
    , Sep 1, 2005
    #1
    1. Advertising

  2. Imhotep Guest

    wrote:

    > Hello All:
    >
    > I'm considering setting up another account on my XP professional with
    > no administrator rights to minimize getting viruses. Our IT department
    > at work to the way the administrator rights from users do Windows 2000
    > computers, saying that this will prevent infections.
    >
    > What I'm wondering is if there are still infection risks with this type
    > of account on an XP professional environment.
    >
    > Any comments would be appreciated.
    >
    > Deguza


    Can you retype this sentence?

    Our IT department at work to the way the administrator rights from users do
    Windows 2000 computers, saying that this will prevent infections.

    As a general rule it is better to not have users with local or domain
    administrator rights...The reason is simple. Think of it like this. If you
    have local/domain admin rights on your account and you execute a virus,
    guess what, that virus also has local/domain admin rights...get it?

    Imhotep
     
    Imhotep, Sep 1, 2005
    #2
    1. Advertising

  3. Duane Arnold Guest

    wrote in news:1125548037.219996.252920
    @g44g2000cwa.googlegroups.com:

    > Hello All:
    >
    > I'm considering setting up another account on my XP professional with
    > no administrator rights to minimize getting viruses. Our IT department
    > at work to the way the administrator rights from users do Windows 2000
    > computers, saying that this will prevent infections.
    >
    > What I'm wondering is if there are still infection risks with this type
    > of account on an XP professional environment.
    >
    > Any comments would be appreciated.
    >
    > Deguza
    >


    If the user account doesn't have Admin rights, the registry cannot be
    changed, files cannot be written or deleted from the Windows/System32
    directory, installs cannot take place etc, etc, malware will inherit the
    security context of the user account it is using at the time of the
    compromise.

    The link explains some other security measures one could implement on the
    XP Pro O/S.

    http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

    Duane :)
     
    Duane Arnold, Sep 1, 2005
    #3
  4. Kompu Kid Guest

    Duane, this is very good. It is last updated in December 2003, though.
    Do you think it covers everything?

    Deguza
     
    Kompu Kid, Sep 1, 2005
    #4
  5. Kompu Kid wrote:
    > Duane, this is very good. It is last updated in December 2003,
    > though. Do you think it covers everything?


    If it was written yesterday, it would not cover everything.

    --
    Shenan Stanley
    MS-MVP
    --
    How To Ask Questions The Smart Way
    http://www.catb.org/~esr/faqs/smart-questions.html
     
    Shenan Stanley, Sep 1, 2005
    #5
  6. Duane Arnold Guest

    "Kompu Kid" <> wrote in news:1125554719.897613.162040
    @z14g2000cwz.googlegroups.com:

    > Duane, this is very good. It is last updated in December 2003, though.
    > Do you think it covers everything?
    >
    > Deguza
    >
    >


    Here is another link that someone pointed me to. I kind of looked at it but
    not that much.

    http://www.ntsvcfg.de/ntsvcfg_eng.html

    Here is the one for Win 2K and I think you'll notice that there is not that
    much of a difference with the XP one for basic security.

    http://labmice.techtarget.com/articles/securingwin2000.htm

    However, if you want to know more, then I suggest that you obtain the
    Resource Kit books. Maybe, they are at the public library.
    ISBN 0-7356-1974-3 and ISBN 0-7356-1868-2 and both books have CD(s) with
    many scripts and whatnot to apply to the XP O/S, along with many chapters
    about configuring the Windows O/S for security and other things.

    Duane :)
     
    Duane Arnold, Sep 1, 2005
    #6
  7. No no no! Running Windows, Internet explorer, etc. as non-administrator
    does NOTHING, ZERO, to prevent viruses. People running as non-admin can
    still be infected, flood the network with virus traffic, have their
    passwords and credit card numbers and keystrokes logged and emailed out to
    an attacker, change the registry to re-load the virus when the computer is
    rebooted, etc.

    It IS very effective at preventing spyware and adware [spyware meaning
    programs that track your browsing habits for advertising purposes, not
    malicious attacks like keystroke loggers]. This helps mainly because the
    spyware and adware authors are lazy. They could very easily re-write their
    programs to work as non-admin if they wanted to. These programs are mainly
    a nuisance and a moderate threat to your privacy.

    Running as non-admin mainly helps you control what the user can install and
    configure on the system, not what an outside attacker or malicious code can
    do. Most of the things that malicious code wants to do, it can do as a
    non-admin. Most viruses don't try or need to use any administrator
    privileges. And once a human attacker has non-admin privileges on a system,
    it is not too hard to do lots of bad things with those privileges, or
    escalate to admin privileges on that system or another system.

    When it comes to viruses, running as non-admin does help a little on Windows
    systems shared by multiple users: one infected user does not automatically
    infect everyone else on the computer. For systems used by just one user,
    this matters not.

    There are a number of articles out there on how running as non-admin helps
    against viruses. Many of them are mistaken.

    Running as non-admin is NOT anti-virus. If you don't believe me, look at
    most of the recent viruses, network and email worms, etc. and consider
    whether running as non-admin would have stopped them. Zotob, Mydoom, Mimail,
    etc. etc. are NOT hindered by running as non-admin.


    <> wrote in message
    news:...
    > Hello All:
    >
    > I'm considering setting up another account on my XP professional with
    > no administrator rights to minimize getting viruses. Our IT department
    > at work to the way the administrator rights from users do Windows 2000
    > computers, saying that this will prevent infections.
    >
    > What I'm wondering is if there are still infection risks with this type
    > of account on an XP professional environment.
    >
    > Any comments would be appreciated.
    >
    > Deguza
    >
     
    Karl Levinson, mvp, Sep 1, 2005
    #7
  8. Winged Guest

    Karl Levinson, mvp wrote:
    > No no no! Running Windows, Internet explorer, etc. as non-administrator
    > does NOTHING, ZERO, to prevent viruses. People running as non-admin can
    > still be infected, flood the network with virus traffic, have their
    > passwords and credit card numbers and keystrokes logged and emailed out to
    > an attacker, change the registry to re-load the virus when the computer is
    > rebooted, etc.
    >
    > It IS very effective at preventing spyware and adware [spyware meaning
    > programs that track your browsing habits for advertising purposes, not
    > malicious attacks like keystroke loggers]. This helps mainly because the
    > spyware and adware authors are lazy. They could very easily re-write their
    > programs to work as non-admin if they wanted to. These programs are mainly
    > a nuisance and a moderate threat to your privacy.
    >
    > Running as non-admin mainly helps you control what the user can install and
    > configure on the system, not what an outside attacker or malicious code can
    > do. Most of the things that malicious code wants to do, it can do as a
    > non-admin. Most viruses don't try or need to use any administrator
    > privileges. And once a human attacker has non-admin privileges on a system,
    > it is not too hard to do lots of bad things with those privileges, or
    > escalate to admin privileges on that system or another system.
    >
    > When it comes to viruses, running as non-admin does help a little on Windows
    > systems shared by multiple users: one infected user does not automatically
    > infect everyone else on the computer. For systems used by just one user,
    > this matters not.
    >
    > There are a number of articles out there on how running as non-admin helps
    > against viruses. Many of them are mistaken.
    >
    > Running as non-admin is NOT anti-virus. If you don't believe me, look at
    > most of the recent viruses, network and email worms, etc. and consider
    > whether running as non-admin would have stopped them. Zotob, Mydoom, Mimail,
    > etc. etc. are NOT hindered by running as non-admin.
    >
    >
    > <> wrote in message
    > news:...
    >
    >>Hello All:
    >>
    >>I'm considering setting up another account on my XP professional with
    >>no administrator rights to minimize getting viruses. Our IT department
    >>at work to the way the administrator rights from users do Windows 2000
    >>computers, saying that this will prevent infections.
    >>
    >>What I'm wondering is if there are still infection risks with this type
    >>of account on an XP professional environment.
    >>
    >>Any comments would be appreciated.
    >>
    >>Deguza
    >>

    >
    >
    >

    It reduces some of the vulnerabilities however some exploits allow
    privilege escalation which makes the point mute. Using the Microsoft
    Drop my rights tool you can have users by default run with restricted
    perms for routine web activities but doing this will not eliminate
    potential compromises. It will reduce the threat.

    We have several thousand users who use IE without major issue, however
    IE use is not by my choice (in spite of God complex, we do not
    necessarily control). Because it is not by choice it requires a number
    of proactive measures to reduce infection rates.

    Vigilance is key.

    Blocking a number of known spyware scum sites from communicating is one
    method. Layered firewalls are essential as well as segmented networks
    with various DMZs and SDMZs.

    Blocking various ActiveX and DCOM controls from operating is yet another
    vector constraint.

    IDS tools to identify various inappropriate or questionable activity.

    Centralized viral management.

    Mail Spam filtering, and blocking various problematic networks that
    communication is not required at the mail gateway.

    Last and foremost is user education. If you can get users to stop risky
    behaviors, and teach them about the threat, remove a few users loudly
    who violate policies in place to protect the network, it goes a long way
    to reduce compromise rate. All users should have computer use
    agreements in place and management support to enforce policies.

    Policies should be aimed at risky behaviors.

    Yes, we find spyware on occasion, but if you analyze how the infection
    occurred and what it is, you can usually prevent it from reoccurring.

    With IDS you can usually identify abnormal patterns and activity fairly
    quickly.

    From my perspective IE is job security :p

    Winged
     
    Winged, Sep 2, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PJD

    XP Administrator Rights--Having Problems

    PJD, Sep 20, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    11,258
  2. boskeboy

    administrator rights

    boskeboy, Oct 21, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    332
    boskeboy
    Oct 21, 2004
  3. Fred

    administrator rights

    Fred, Oct 21, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    336
  4. Replies:
    7
    Views:
    539
    Winged
    Sep 2, 2005
  5. richard

    NO administrator rights?

    richard, Nov 9, 2007, in forum: Computer Support
    Replies:
    3
    Views:
    466
    richard
    Nov 9, 2007
Loading...

Share This Page