Comments on: Microsoft Warns of Uptick in Attacks on Unpatched Windows Flaw

By: drzaiusapelord

drzaiusapelord — Mon, 19 Jul 2010 17:50:34 +0000

What? Runas is a basic functionlity of the OS since the NT days. Windows handles multiple security contexts. Your user account is one and the admin accounts are another. Runas lets you change them. Saying Runas is a stop-gap is like saying su or sudo are stopgaps too.

Like or Dislike: 2 1

By: David McCullough

David McCullough — Sun, 11 Jul 2010 22:03:36 +0000

Great points here. I have family whose computers I regularly maintain and I believe that having them use a limited user account has saved me a lot of grief and time.

I’d prefer to see them all using 64bit Windows 7 due to its inherent protections but it’s not going to happen right away so we use the defenses that we have available.

I appreciate and have learned a lot from the informed audience here at krebsonsecurity.com.

Like or Dislike: 1 1

By: 67GTV

67GTV — Fri, 09 Jul 2010 18:12:03 +0000

The RunAs command is merely a stop-gap solution to, as the name implies, simply RUN an application. ALL installations and updates should be run under the Local Administrator account. RunAs will not give full access to the Registry among other system resources.

Like or Dislike: 0 4

By: drzaiusapelord

drzaiusapelord — Fri, 09 Jul 2010 14:44:51 +0000

Shift-right-click and select RunAs. Now just run it as admin. No need to log out.

Like or Dislike: 2 1

By: Bob

Bob — Wed, 07 Jul 2010 19:41:58 +0000

Where ever I can, I set up limited users. If my daughter needs to install something (she’s 34) she still calls dad to help her. I have put the MS Security Essentials on all our computers (desktops, laptop, and netbook) and run limited users all the time.

Knock on wood, no problems yet.

Like or Dislike: 1 4

By: 67GTV

67GTV — Wed, 07 Jul 2010 16:17:29 +0000

As Aurelius so succinctly stated, all Windows Updates and patches should be applied while logged on under the Local Administrator account. Setting Windows Update to download and install patches automatically foregoes the hassle of this log off/log on routine on a monthly basis.

Kudos to you Bob, for running as a Limited User! It may be an inconvenience to have to log off then back on under the Local Administrator account, but this is also inconvenient for malware execution. Most malicious software cannot deliver the intended payload due to lack of authority under the Limited User’s account.

Like or Dislike: 3 3

By: Aurelius

Aurelius — Tue, 06 Jul 2010 08:53:39 +0000

ALL updates to the system require Admin privileges. Absolutely all. The only updates that don’t require Admin privileges are updates that don’t actually affect the entire OS installation but just one user account.

This vulnerability probably isn’t even exploitable with a decent browser, btw. Opera for example should not process HCP urls so it shouldn’t be vulnerable (unless you’re using the WMP plugin, which you probably shouldn’t be). See here: http://my.opera.com/community/forums/topic.dml?id=610682

Well-loved. Like or Dislike: 9 1

By: Bob

Bob — Tue, 06 Jul 2010 05:33:42 +0000

I clicked on the link to download the Fixit routine. It landed on my desktop. I run as a limited user. It won’t install unless I’m an admimistrator. Why can’t Microsoft (or anybody who is updating a program) tell the user what rights and permissions are required BEFORE you download the update?

Hot debate. What do you think? 5 7

By: n3td3v

n3td3v — Tue, 06 Jul 2010 00:17:57 +0000

Hidden due to low comment rating. Click here to see.

Poorly-rated. Like or Dislike: 5 15

By: David Chasey

David Chasey — Mon, 05 Jul 2010 21:03:45 +0000

My assumption has been that it’s better to be free of a third party website, such as The Washington Post and The New York Times. – David

Hot debate. What do you think? 7 6