Ormandy did users a valuable service by alerting them to the fact that the door was open, and not letting Microsoft keep that fact hidden from their customers.

The criminals find the open attack vectors without needing security warnings to direct them!

Like or Dislike: 3  1

That’s why I prefaced my mention of Drop My Rights with the phrase “If it’s too inconvenient to run XP as a non-admin”.

I’m one of those who spends almost as much time doing Admin tasks as anything else. Before Drop My Rights, all I could do was install the best FW/AV/AS available, work in a VM whenever possible and use products such as Sandboxie, BufferZone or DefenseWall.

I find most HIPS products to be too cumbersome and chatty, but DMR or one of the three mentioned above seems more acceptable to me.

Please note that I also limited my claim for DMR to say “this offers *SOME* [new emphasis mine] of the protection of a Limited User Account”, and prefaced it with the thought that some malware writers may find a way around DMR, if they haven’t already.

Like or Dislike: 2  0

I’m OK with that. Ormandy’s one of the good guys too.

Like or Dislike: 4  2

Nice post XAdmin. I’ve disabled the security and help center on my 2 pcs. Never used it anyway.

Well-loved. Like or Dislike: 5  0

Just a minor suggestion: rather than your alerts having the Subject of “[Krebs on Security] Once Hourly Digest Email,” might you instead replace the portion following the bracket with the descriptor, which in the case of this alert is “Security Alert for Windows XP Users”?

Your Post columns continue to be missed (along with the monthly chat sessions).

Regards,

AJ

Like or Dislike: 3  2

You just start ALL browsers, email clients or any other internet enabled apps from specially modified shortcuts that invoke “Down My Rights” which then invokes the target app with limited rights.

The following link is for a user group’s page with links to the Microsoft download page for DMR and a zip file with shortcuts already modified to use DMR.

http://cybercoyote.org/security/drop.shtml

However, to be protected, you must not use any desktop URL shortcuts, because they would circumvent the solution. Favorites or Bookmarks should only be opened from within a browser invoked by “Down My Rights”.

Another slight adjustment is that any Setup executable, which would require Admin rights, cannot be “Run” from the internet. It must be “Saved”, then run from a folder opened in Windows Explorer, not directly from within IE or any other browser running from DMR.

If you use DMR with Firefox, it will even block you from running an installation from DownThemAll, but it’s easy enough to right-click and “Open (the) directory”. Because Windows Explorer is already running with your full rights, you can then install the downloaded item from within its folder.

Unless the bad guys have figured out how to write their malware to invoke themselves from Windows Explorer instead of the browser’s context, this offers some of the protection of a Limited User Account. Does anyone know of any malware designed to get around DMR this way?

Like or Dislike: 2  1

As a non-geek, I always (try to) surf the net on a user account because security blogs say so. If you drive XP and haven’t created a user account for surfing the net, please do so. It’s like seatbelts – they came with the car but to get the protection, you have to exercise the option (put them on) every(!) time you get in the car.

Well-loved. Like or Dislike: 8  3