I want to hear from anyone who has used this method and how it has worked for them.

http://www.mechbgon.com/srp/

I use it on my Win7 Pro 64-bit system and was using it on XP Pro before that.

It works nicely as a sort of poor man's anti-executable. I like the control it gives you in that executables can not run outside of Windows and Program Files folders unless otherwise specified.

I used it a while back on an XP system in conjunction with LUA and it seemed pretty good. I understand that it's not 100% bulletproof and has been picked apart a bit by those who understand the details much more than I. But I think that along with LUA it can be an effective strategy. I haven't tried SRP yet on my Win 7 x64 system as it seems to be someone of a sticky proposition, I don't have Pro or Ultimate, just Home Premium.

@Reimer

Are you using it a long with LUA and SuRun? If so, any problems

@Kerodo

Did you have any problems running your apps? Did you use SuRun with it?

My goal is to use LUA, SRP with SuRun.

SRP is important part of my security setup (http://www.wilderssecurity.com/showpost.php?p=1750694&postcount=10614) on Windows 7 Ultimate x64. It is working very well. Follow the guide and deny everything else. You are good to go.

-{ Quote: "
My goal is to use LUA, SRP with SuRun." }-
That's what I use on my machines, works great. I haven't had any real-time malware scanners running in ages and everything is still clean.

SuRun makes a limited account much easier, I would definitely install it. What OS do you use? If you have Windows 7 you need the latest beta of SuRun, which can be downloaded from links in the forum.

@Boyfriend, Johnny123

Thanks for the positive feedback. I'm using Vista Ultimate 32bit.

Oh, so they are making SuRun for windows 7, that's good to hear.

When I first ran across the link in first post I thought that was a neat setup and I wouldn't have to invest more money in security software; sounds like a winner to me. Some of the simplest things work best.

I need to nuke this set of windows and when I reinstall I will set this up.

With Vista you can use the 1.2.0.8 version. Apparently Windows 7 does a few things differently which are adressed in the beta version.

It is a neat setup and it works! No updates required, no blue screens, no system drag. I have Avira installed on one system and Avast on the other without the real-time guards so that I can scan files I download. I do a system scan every once in a while to turn off the dire warnings of not having done a scan, but they never find anything.

If you're re-installing that's a good time to set it up. This helps to avoid ownership problems that might occur if you switch an existing account to LUA. Install all the drivers and printers or whatever and then make yourself a new limited account. Then install SuRun in the admin account and add your LUA to the SuRunners group. Then you can install all your apps. You can do this in the LUA using SuRun. Nice part about this is that you are still in your user environment, only the installer process is running with elevated privileges.

I was worried about installing software and it running properly in LUA, but you rest my fears on that.

-{ Quote: "
@Kerodo

Did you have any problems running your apps? Did you use SuRun with it?

My goal is to use LUA, SRP with SuRun." }-
Nope, no problems running apps. I didn't use SuRun....

-{ Quote: "I was worried about installing software and it running properly in LUA, but you rest my fears on that." }-
Be aware that there are some apps that don't work properly in a LUA. Games are notorious for this and there are some security (!) apps that don't work right as LUA. Threatfire and Rising AV come to mind. They won't update unless you're running as admin. A security app that requires you to run as admin is an oxymoron. Some developers are apparently still in Win 9x mode.

You can ask around here and I'm sure people will give some tips on what works well with a LUA. IrfanView is a good example of an app that's done right. It asks if you want to install it for all users and you can select to install the .ini file to your user profile instead of the program folder. Some burning apps (like Ashampoo) will say you have no optical drives if you don't start it as admin. I use a burner called ONES, and it doesn't have any problems at all running in LUA. I'm sure Windchild, tlu and Lucy can give you some good suggestions here.

Some apps don't work in a LUA because they do things you don't have privileges to do, which makes sense. Defraggers come to mind and things like Tuneup Utilities. Image for Windows also has to run as admin. This is when SuRun comes in handy. Just right click and select run as administrator. Give it a go, it doesn't take long to get used to it.

Johnny, thanks for all the good info. I'm in preparation mode now (make sure I have everything I need and backing up certain things) before the installation.

I have one question for you. I forgot there is two Admin accounts, one is local computer privliges and then there is the real Admin account that is disabled by default. Which did you use with SuRun?

Using SuRun latest beta in Win7 for a few days has been a pleasant experience so far :)

-{ Quote: "
I have one question for you. I forgot there is two Admin accounts, one is local computer privliges and then there is the real Admin account that is disabled by default. Which did you use with SuRun?" }-
Leave the account you make during the installation as it is. Before you do anything else, make a limited account in addition to this. Let's say they're called admin and user. Log on to admin, install SuRun and then there is some configuration to do with that. On the second tab, SuRunners Group, you need to add "user" to the group.

On the first tab there's a button at the bottom to click with recommended settings for home users. If you don't feel like playing with it, just click that. I would recommend checking to show advanced features because there are other things you may want to set up, like allowing the LUA to set the time, change the SuRun settings, whether or not a password is required, etc. For example, I have it set to not ask for a password because I'm too lazy to type that in all the time and my admin account doesn't have a password to start with. This may sound weird, but if you can control physical access to the computer, it's actually safer to have no password for the admin account. To log on to an account without a password you have to be actually using that computer, you can't log on remotely. Got that tip from Aaron Margosis' blog. He's the MS guy that wrote MakeMeAdmin.

-{ Quote: "Using SuRun latest beta in Win7 for a few days has been a pleasant experience so far :)" }-
Have you left UAC turned on? From looking in the beta forum it seems like there were some problems with UAC picking things off before SuRun got a chance to do anything. I would guess that you might be able to just turn off UAC, but I'm not sure about this.

-{ Quote: "Have you left UAC turned on? From looking in the beta forum it seems like there were some problems with UAC picking things off before SuRun got a chance to do anything. I would guess that you might be able to just turn off UAC, but I'm not sure about this." }-

Right, and I should clarify although a pleasant experience, not a perfect one, either, because I did encounter one issue where I was experimenting with Secunia PSI starting with Windows via automaigically with SuRun, no password, but UAC did indeed intercept and interfere. For me this is at least a minor issue because I don't really want PSI starting with Windows, but at least whenever I want to run it, I can do so with a right-click run as Administrator with SuRun context menu selection and avoid typing the normally required UAC credentials. I think turning off UAC, as you suggest, would likely resolve the issue, but I didn't bother trying because I don't want it disabled.

I disable the option "Try to detect if unknown applications need to start with elevated rights". If I want to start something elevated I just right click and select "start as administrator". I enable UAC because it virtualizes write attempts to program files directory.

-{ Quote: " I enable UAC because it virtualizes write attempts to program files directory." }-
I don't quite understand this. In a limited account you don't have write privileges in that directory, seems a bit redundant. If you start an app as administrator and it writes to %Program Files% and UAC "virtualizes" it, does that mean it's gone when you re-boot? Inquiring minds want to know ;)

It isn't redundant, the visualization works regardless of elevation. Write attempts get redirected to C:\Users\<user>\AppData\Local\VirtualStore, those files aren't gone after reboot.

-{ Quote: "It isn't redundant, the visualization works regardless of elevation. Write attempts get redirected to C:\Users\<user>\AppData\Local\VirtualStore, those files aren't gone after reboot." }-
I'm feeling a bit dense because I don't see the point. In a LUA if a malware tries to write to Program Files it can't because there are no write privileges for that directory. So what's the advantage of having the malware written to this VirtualStore directory rather than not being written at all?

What do you do when you want something written to Program Files, like when you update an application? Everything that's been written to Program Files lands in this VirtualStore? I just don't get it, please enlighten me.

Some info on UAC:

-http://technet.microsoft.com/en-us/library/dd835548(WS.10).aspx

-{ Quote: "I'm feeling a bit dense because I don't see the point. In a LUA if a malware tries to write to Program Files it can't because there are no write privileges for that directory. So what's the advantage of having the malware written to this VirtualStore directory rather than not being written at all?" }-

It's for compatibility not security. As the link provided by wat0114 indicates, virtualization is "a short-term fix and not a long-term solution".

-{ Quote: "Application developers should modify their applications to be compliant with the Windows 7 logo program as soon as possible, rather than relying on file, folder, and registry virtualization." }-

There are two types of apps that virtualization makes them compatible with Win 7.

1) An administrative app that needs to write to program files or other protected areas but isn't UAC compliant.
2) A normal app that doesn't really need to write to program files and could instead write to ProgramData or user profile but is either old or its developer didn't care about Win 7 compatibility.

-{ Quote: "
What do you do when you want something written to Program Files, like when you update an application? Everything that's been written to Program Files lands in this VirtualStore? I just don't get it, please enlighten me." }-

If a program you use updates its files to its program folder then yes it will be redirected to VirtualStore.






-{ Quote: "It isn't redundant, the visualization works ..." }-

FF Dictionary... ::)

This visrtualization aspect of UAC is an interesting (to me, anyway) topic. In the link under UAC Architecture (I've underlined some points):

-{ Quote: "Virtualization

Because system administrators in enterprise environments attempt to secure systems, many line-of-business (LOB) applications are designed to use only a standard user access token. As a result, IT administrators do not need to replace the majority of applications when running Windows 7 with UAC enabled.

Windows 7 includes file and registry virtualization technology for applications that are not UAC compliant and that require an administrator's access token to run correctly. Virtualization ensures that even applications that are not UAC compliant are compatible with Windows 7. When an administrative application that is not UAC compliant attempts to write to a protected directory, such as Program Files, UAC gives the application its own virtualized view of the resource it is attempting to change. The virtualized copy is maintained in the user's profile. This strategy creates a separate copy of the virtualized file for each user that runs the non-compliant application.

Most application tasks operate properly by using virtualization features. Although virtualization allows a majority of applications to run, it is a short-term fix and not a long-term solution. Application developers should modify their applications to be compliant with the Windows 7 logo program as soon as possible, rather than relying on file, folder, and registry virtualization.

Virtualization is not in option in the following scenarios:

* Virtualization does not apply to applications that are elevated and run with a full administrative access token.

* Virtualization supports only 32-bit applications. Non-elevated 64-bit applications simply receive an access denied message when they attempt to acquire a handle (a unique identifier) to a Windows object. Native Windows 64-bit applications are required to be compatible with UAC and to write data into the correct locations.

* Virtualization is disabled for an application if the application includes an application manifest with a requested execution level attribute." }-

This last point puzzles me. i have no idea what it means ???

But it does seem execution level does matter where virtualization is concerned, or am I misunderstanding something?

The term virtualization is somewhat ambiguous in this situation I believe. Most of us are used to thinking of a virtual machine like vmBox or vmWare. This to me is the pinnacle of virtulization - a complete virtual computer running its own OS on your OS. Simply boggles the mind :blink:

This type of virtualization is more like Sandboxie. Sandboxie creates a physical location for what it houses in c:\sandbox. This M$ virtualization is like that, the physical files are on the drive for the system to see. M$ differs from Sandboxie though in that Sandboxie keeps the OS from "interacting" with the sandboxes and regstries unless the user means to interact with them. M$ keeps everything on the OS. The registry values are simply in a special "area" of the registry. The files, you can access them just like normal.

A manifest is a piece of code that a program has in it. Maybe you could think of it as a header or cover sheet. One thing it does to declare that the program needs administrator rights. UAC is built around this aspect. UAC "pops up" because it reads the manifest, finds whether the program needs admin rights, and if so, asks you for permission to elevate.

Older programs may not have a manifest, or the manifest just doesn't have the correct data for use with UAC. Of course maybe the programmer didn't want to incude a manifest, who knows. But what is M$ to do without one? UAC won't work because there is nothing to tell M$ whether the program will need admin rights. With no manifest, the program might start, but would be unable to do what its intended purpose was because it needed admin rights.

Remember, UAC is supposed to nag developers into coding things properly for user accounts rather than admin accounts. The "transitional" period is still here. M$ is still using UAC to allow time for developers to leave full admin modes and begin to work properly in user accounts. Of course not all programs are meant to do that, but many could if they were built differently.

M$ has a dilema. There are many older programs that must run as admin to work, because they write to HKLM or Program Files, areas that are off limits for users. If they wanted people to buy Vista, they had to make sure it worked with older programs. So, they came up with virtualization. All it means is that when a program is run, and the program tries to do something that a user cannot do, special areas are allocated for it to do them in, so that the program continues to work.

For example, if your program from 2002 keeps its profile in Program Files, when ran in Vista it will not be able to write there. The program might start, but be unable to save the settings. Virtualization allows the program to write to what it thinks is Program Files, and there for work properly. But in fact the writes are being redirected, via the virtualization, to an area that is meant for such purposes, but not the real Program Files. The same is true of the registry. A special area is kept aside so that the program works and thinks it is writing to HKLM, but in fact it is not.

Now imagine that you forced a program to start virtualized. What does that mean? Well, it means that if it were to write somewhere, it would be in a virtualized area. That only means that it is not writing to the real area. Does it mean the program can't modify a system critical file? It should, because it only thinks it is writing to the real location. I don't know all the details. I don't know how it handles certain aspects. For example, if you run a program virtualized, and then modify a system file (like autoexec.bat), does it create a copy in the virtual area, similar to how Sandboxie does it? Or does it just not save at all? Don't know.

I am only sharing that the virtualization comes about because M$ needs older programs to still run right now. They clearly state that this is a temporary fix. How temporary? LOL. Might be a long time. At some point they want thier OS to be 100% user mode like Linux is. All programs would need to be compliant with such a scheme or they won't work as intended. Can you imagine if they had done that starting with Vista or 7? How long would you have used it if much of the software you owned wouldn't work in LUA, and thus would be of no use to you unless you were full admin or wanted to RunAs all the time?

Sul.

Sully, very nicely explained :thumb: Thanks!

-{ Quote: "Sully, very nicely explained :thumb: Thanks!" }-
Yes, it now makes sense. Also your two underlined points,

Virtualization does not apply to applications that are elevated and run with a full administrative access token.

Virtualization supports only 32-bit applications.


help out as well. The way Sadeghi described it you would have an empty %Program Files% directory.

-{ Quote: "Sully, very nicely explained :thumb: Thanks!" }-

x2 :thumb:

-{ Quote: "Does it mean the program can't modify a system critical file? It should, because it only thinks it is writing to the real location. I don't know all the details. I don't know how it handles certain aspects. For example, if you run a program virtualized, and then modify a system file (like autoexec.bat), does it create a copy in the virtual area, similar to how Sandboxie does it? Or does it just not save at all? Don't know." }-

Executable files are not virtualized.

I went on a field trip to MSDN for a couple days. I did not see that noted anywhere. I didn't find if there is a list of approved filetypes to virtualize. I found lots of infos on what it is, and why it was made, but not much uber technical. Even the docs on how to implement and program for UAC didn't give this type of info.

Do you have any references? Seems I am about to enable UAC and dive into the dark waters of "prompt for elevation", "prompt for elevation", "prompt for elevation". LOL, as much as I am about to tweak and hack in testing, this is sure to be a slow experiment.

Sul.

BTW, ever mess with the virtualize flags on individual keys in HKLM\Software? Just wondering if there is any use to go down that path ;)

-{ Quote: "
Do you have any references? Seems I am about to enable UAC and dive into the dark waters of "prompt for elevation", "prompt for elevation", "prompt for elevation". LOL, as much as I am about to tweak and hack in testing, this is sure to be a slow experiment.

Sul.

BTW, ever mess with the virtualize flags on individual keys in HKLM\Software? Just wondering if there is any use to go down that path ;)" }-

From Inside Windows Vista User Account Control (http://technet.microsoft.com/en-us/magazine/2007.06.uac.aspx):
-{ Quote: "The file system locations that are virtualized for legacy processes are %ProgramFiles%, %ProgramData%, and %SystemRoot%, excluding some specific subdirectories. However, any file with an executable extension, including .exe, .bat, .scr, .vbs, and others, is excluded from virtualization. This means that programs that update themselves from a standard user account fail instead of creating private versions of their executables that aren’t visible to an administrator running a global updater. To add additional extensions to the exception list, enter them in the following registry key and reboot:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Luafv\Parameters\ExcludedExtensionsAdd
" }-

P.S. I haven't dabbled in the stuff in your last sentence.

I took the plunge. I installed Surun (on fresh set of windows) and used the SRP link that is in the first post of this thread.

I didn't expect not to be able to make a folder for Program files or not to be able to kill something in task manager. Will see, time wil tell.

-{ Quote: "I took the plunge. I installed Surun (on fresh set of windows) and used the SRP link that is in the first post of this thread.

I didn't expect not to be able to make a folder for Program files or not to be able to kill something in task manager. Will see, time wil tell." }-
The LUA isn't supposed to be able to make a folder in Program Files, that's an important part of the security plan. If you want to create files or folders in these areas, right-click in a blank space in the folder and from the context menu select "SuRun Explorer here". Then you'll get a new instance of Windows Explorer with elevated privileges (you'll see that the smiley in the tray is then red instead of green).

In the task manager you can only kill processes that you started as a limited user. You can get around this by opening the task manager and right clicking the title bar of the window and selecting "Restart as Administrator". Note that sometimes you have to try different places on the title bar before it shows in the context menu. Not sure if this is a bug or a feature ::)

I was hoping to here from you, thanks for the tips.

If this is the way it supposed to be by design then I guess it's for good reason... not really a deal breaker.

Are you able to execute or install programs from the desktop, my documents?

I can and it puzzles me because with SRP your not supposed to be able to do that. Well, either way I know I'm much safer and that feels good. Actually, it's only been one day since this change and I'm already used to it so that means it stays. I don't mind change if the pay-off is good.

I can't believe how quick and easy it was to set up and no overhead from the changes.

I'm using Windows Vista Advanced Firewall, Emsisoft AntiMalware, Sandboxie for security. My system runs much better.

-{ Quote: "I was hoping to here from you, thanks for the tips.

If this is the way it supposed to be by design then I guess it's for good reason... not really a deal breaker." }-Right, the idea is that where you are allowed to execute something you aren't allowed to write, and this no-write privileges also applies to malware.

-{ Quote: "Are you able to execute or install programs from the desktop, my documents?

I can and it puzzles me because with SRP your not supposed to be able to do that." }-No, not unless I right-click it and select "Start as Administrator". I take it you set up SRP from the instructions in the link, from MechBgon. You might want to double check that you actually did the "Apply" part of his instructions. I can't think of any other reason why it isn't working right. Also be 100% sure that the SRP rules don't apply to administrators, otherwise you'll have headaches.

Another thing, just to be sure, open the settings for SuRun and on the last tab (probably called Advanced in English) make sure the box down at the bottom is checked that Administrators are the owners of files and directories created by admin-rights users (or something to that effect).

-{ Quote: "

No, not unless I right-click it and select "Start as Administrator". I take it you set up SRP from the instructions in the link, from MechBgon. You might want to double check that you actually did the "Apply" part of his instructions. I can't think of any other reason why it isn't working right. Also be 100% sure that the SRP rules don't apply to administrators, otherwise you'll have headaches." }-

No, it's working the way it's supposed to. SuRun makes it so easy I forgot I was right clicking and "Start as Admin" and it didn't dawn on me.

I noticed if I need to install something and it has a windows installer with the silver wheel looking thing; it refuses to install even if I click "Start as Admin". Then the SRP kicks in and says I can't, so I have to then go to Admin account and install it from there.

If it's not a windows installer I'm able to install it through standard account.

-{ Quote: "Another thing, just to be sure, open the settings for SuRun and on the last tab (probably called Advanced in English) make sure the box down at the bottom is checked that Administrators are the owners of files and directories created by admin-rights users (or something to that effect)." }-

Yes, I have that checked. Are we protected from keyloggers by SRP? I worry more about them than anything. I was thinking of buying a program if needed.

-{ Quote: "Are we protected from keyloggers by SRP? " }-
Yes - unless you installed them willfully with admin rights ;)

-{ Quote: "No, it's working the way it's supposed to. SuRun makes it so easy I forgot I was right clicking and "Start as Admin" and it didn't dawn on me." }-That's nice to hear. SuRun really does make life easier with a limited account. Sounds like you've adjusted really quick. ;D

-{ Quote: "I noticed if I need to install something and it has a windows installer with the silver wheel looking thing; it refuses to install even if I click "Start as Admin". Then the SRP kicks in and says I can't, so I have to then go to Admin account and install it from there." }-Do you mean a .msi installation file? If so, when I right click these I have three choices, install, repair or uninstall as administrator.

-{ Quote: " Are we protected from keyloggers by SRP? " }-tlu answered this question. Glad to see him participate in your thread, he knows much more about this.

-{ Quote: "
tlu answered this question. Glad to see him participate in your thread, he knows much more about this." }-
Thanks:) However, I moved to Linux in the meantime and start Windows in Virtualbox only when I need it. Thus, SuRun has become a rather remote matter for me ;D

@Rilla927: I suggest that you read the very good SuRun tutorial (http://www.dedoimedo.com/computers/surun.html) of our friend Mrk. And I've noticed that you already participate in the SuRun forum:thumb: Kay Bruns, the SuRun author, is very helpful in solving any problems.

I've started using it and for the most part I like it but i'm back here to get help with it. So far it works great I don't notice any difference except that when I try to update SuperAntiSpyware or MalwareBytes the updates go through the documents and settings first and that's a place the software restriction policy wont let things run from, according to mechbgon things can only run from C:\program files & C:\Windows so both programs say the updates were successful but event viewer says otherwise. Also Yupdater from Yahoo Messenger won't start but the Yahoo Messenger still works good except I can't see the smileys they're all blacked out when running it from a limited account, the audibles work fine though go figure lol. Any help appreciated thanks. :-\

-{ Quote: "I've started using it and for the most part I like it but i'm back here to get help with it. So far it works great I don't notice any difference except that when I try to update SuperAntiSpyware or MalwareBytes the updates go through the documents and settings first and that's a place the software restriction policy wont let things run from, according to mechbgon things can only run from C:\program files & C:\Windows so both programs say the updates were successful but event viewer says otherwise. Also Yupdater from Yahoo Messenger won't start but the Yahoo Messenger still works good except I can't see the smileys they're all blacked out when running it from a limited account, the audibles work fine though go figure lol. Any help appreciated thanks. :-\" }-
I'm not familiar with these applications. It might be necessary to define new path rules as mentioned by mechbgon if they need executables to be started in Documents and Settings. It's also possible that they try to save/modify files in their c:\program files subdirectories (a bad behavior if this is the case) where you don't have write permission as a limited user - if possible only for specific files to be updated. Or you can start these apps with SuRun.

-{ Quote: "That's nice to hear. SuRun really does make life easier with a limited account. Sounds like you've adjusted really quick. ;D " }-

Yes I have and loving it.

-{ Quote: "Do you mean a .msi installation file? If so, when I right click these I have three choices, install, repair or uninstall as administrator. ]/quote]

Yes, I have those options too.

-{ Quote: "tlu answered this question. Glad to see him participate in your thread, he knows much more about this." }-

A sigh....of relief.

-{ Quote: "Thanks:) However, I moved to Linux in the meantime and start Windows in Virtualbox only when I need it. Thus, SuRun has become a rather remote matter for me ;D

@Rilla927: I suggest that you read the very good SuRun tutorial (http://www.dedoimedo.com/computers/surun.html) of our friend Mrk. And I've noticed that you already participate in the SuRun forum:thumb: Kay Bruns, the SuRun author, is very helpful in solving any problems." }-

Hi tlu,

I have gone over that with a fine tooth comb in order to install SuRun. I wanted to make sure I understood everything. I'm glad SuRun has a forum.
This little program is a god send;D

@SAustn2

It shouldn't bother the updates. My AV updates with out elevated priviliges. Now Malwarebytes is a different story cuz I use the free version. I right click and "Start as Admin" and hit update.

Now, I'm taking a closer look at all this, there maybe a bug. Why can I d/l a file to my desktop or my doc's. My AV program is running with full priviliges and it is not setup that way through SuRun. It's not even listed in SuRun. I can make any change I wish. I can lauch notepad with out a peep.

Take a look at this link
http://www.vistax64.com/vista-security/51354-software-restriction-policy-srs-problems.html

Hello tlu and Rilla,

I guess I assumed virus and spyware scanners downloaded their definition update files to the documents and settings area under application data and with a software restriction policy i was thinking the programs couldn't use them since they weren't located in program files or the windows directory.
And i think i made this more complicated than i should have:-[ . Your answers made it so clear and simple all I needed to do was either use SuRun which I don't know too much about or either just right click the program and run as administrator. Im still trying to get used to a limited xp account with that and admin. account, it feels like im trying to take care of 2 computers it was kind of confusing at first lol.
Thank you so much tlu and Rilla! Have a good one, SA

@SAustn

Do you have outbound rules made (in your FW) so your programs update okay? It gets easier, no worry; if you need help there are plenty of people around to help you. I'm just learning about this stuff too.

-{ Quote: "Now, I'm taking a closer look at all this, there maybe a bug. Why can I d/l a file to my desktop or my doc's. My AV program is running with full priviliges and it is not setup that way through SuRun. It's not even listed in SuRun. I can make any change I wish. I can lauch notepad with out a peep.
" }-
You can download to the desktop or My Documents because they're both in your user profile. You are allowed to write there, which is logical otherwise you would never be able to save any files. You can't execute them, however (assuming they are executable files) unless you right-click > Start as Administrator. You can launch Notepad because it's somewhere in %SystemRoot% where you are allowed to execute files. If you made a copy of Notepad and put it on your desktop or My Documents and it will execute, then yes, something is weird.

Which AV do you have? The important parts of AVs run as System. For example, when I update Avira or run a scan with it, the SuRun smiley turns into a stop sign with an exclamation point. That means it's running with System privileges. That's OK, it wouldn't be able to work properly in an LUA if it didn't.

-{ Quote: "If you made a copy of Notepad and put it on your desktop or My Documents and it will execute, then yes, something is weird.
" }-

I guess he didn't copy it to the desktop but created a link. This would work.

-{ Quote: "I guess he didn't copy it to the desktop but created a link. This would work." }-
I would imagine this is the case since it appears that Rilla has everything else working properly.

BTW, I also use kafu.exe from heise online. Do you think this is redundant when using LUA & SRP?

Are there any file types we should add to the default Designated File Types list for SRP?

-{ Quote: "
BTW, I also use kafu.exe from heise online. Do you think this is redundant when using LUA & SRP?" }-
Actually yes. I answered this question already here (http://www.wilderssecurity.com/showpost.php?p=1764997&postcount=8). Another aspect would be that an already installed application executed as a limited user wants to change autostarts without asking you (although it may be a legimitate request). kafu would prevent that, so you have better control over what such an app is doing. The downside is that apps that you want to start automatically (like a local spam proxy) have to be started once with SuRun (not with runas!) to make this possible. And: Since you had to install this app with admin rights before, it would have been able to manipulate any autostart locations during the installation process anyhow. To sum up: kafu doesn't serve any useful purpose with LUA & SRP.

It all comes down to a very simple rule: Only install trustworthy applications from trustworthy sources. If you follow this rule, a LUA/SRP combo is an excellent protection against nearly all threats.

@Rilla No I only use Windows XP firewall It doesn't ever seem to give me problems. I just looked under its exceptions tab and none of the security apps are listed. The only one thats strange is Windows Media Player Network Sharing Service is listed 6 times for some reason. The only ones enabled with checkmarks are Network Diagnostics for Windows XP and Yahoo! Messenger. Seems like I read somewhere that the firewall in XP only blocks unsolicited inbound connections and not outbound so I'm guessing the security apps wouldnt have a problem with retreiving updates since theyre solicited.

-{ Quote: " To sum up: kafu doesn't serve any useful purpose with LUA & SRP.
" }-OK, thanks. In the future I can skip this part. Undoing it now would probably be a pita.

-{ Quote: "You can download to the desktop or My Documents because they're both in your user profile. You are allowed to write there, which is logical otherwise you would never be able to save any files. You can't execute them, however (assuming they are executable files) unless you right-click > Start as Administrator. You can launch Notepad because it's somewhere in %SystemRoot% where you are allowed to execute files. If you made a copy of Notepad and put it on your desktop or My Documents and it will execute, then yes, something is weird." }-
Okay, I thought all d/l's went to the "Downloads" folder in my doc's only. I can create anything in notepad and save it to my desktop or my doc's and click open and it opens. Is this supposed to do that?

-{ Quote: "Which AV do you have? The important parts of AVs run as System. For example, when I update Avira or run a scan with it, the SuRun smiley turns into a stop sign with an exclamation point. That means it's running with System privileges. That's OK, it wouldn't be able to work properly in an LUA if it didn't." }-
My av is Emsisoft AntiMalware. At first I had put it in SuRun with elevated priviliges and then took it out. When I click on the program it doesn't ask me if I want to run it elevated or not, it just opens. The circle doesn't change colors, it stays green.

-{ Quote: "@Rilla No I only use Windows XP firewall It doesn't ever seem to give me problems. I just looked under its exceptions tab and none of the security apps are listed. The only one thats strange is Windows Media Player Network Sharing Service is listed 6 times for some reason. The only ones enabled with checkmarks are Network Diagnostics for Windows XP and Yahoo! Messenger. Seems like I read somewhere that the firewall in XP only blocks unsolicited inbound connections and not outbound so I'm guessing the security apps wouldnt have a problem with retreiving updates since theyre solicited." }-
Okay, XP has inbound only. It would be a good idea to use a firewall for outbound connections. Last I remember (someone can correct me if I'm wrong) WMP, Yahoo shouldn't need inbound connections.

In fact I have all inbound blocked no exceptions. Then all my rules for outbound connections.

-{ Quote: "Okay, I thought all d/l's went to the "Downloads" folder in my doc's only. I can create anything in notepad and save it to my desktop or my doc's and click open and it opens. Is this supposed to do that?" }-Yes, that's fine. You have created a .txt file, which of course isn't executable. When you double-click it, it opens with Notepad, which itself is located in a place where you are allowed to execute executable files.

-{ Quote: "My av is Emsisoft AntiMalware. At first I had put it in SuRun with elevated priviliges and then took it out. When I click on the program it doesn't ask me if I want to run it elevated or not, it just opens. The circle doesn't change colors, it stays green." }-This is also OK. The GUI is not running as system, so it stays green. The important part runs as a service, but you don't see it. Nothing to worry about. Avira does things a bit different. The updater and the Luke Filewalker scan thing have their own GUIs, which is why the smiley turns to the red stop sign w/exclamation point when they run.

BTW, with EAM you can set in the configuration what each user is allowed to do, you have probably seen that.

Referring to EAM, no I didn't see anything like that. It's probably right in front of me. Ever since this last escapade of malware on my system I don't let anyone use my computer.

I told hubby and family they can use a Live CD, no exceptions cuz they don't listen.

-{ Quote: "Referring to EAM, no I didn't see anything like that. It's probably right in front of me." }- It's in the configuration, in German the tab says Berechtigungen (Privileges) I believe. For each user you can check off different boxes of things they are allowed or not allowed to do.

-{ Quote: "I told hubby and family they can use a Live CD, no exceptions cuz they don't listen." }-LOL, I guess that's one way of dealing with it. OTOH, you could make them a separate limited account. That way they can only hose their own account. If they screw something up you just delete their account and it's all gone.

@Rilla, But wouldn't Windows media player need inbound to retrieve missing album info and doesn't Yahoo Messenger need inbound for when my friends talk to me or when i listen to Yahoo radio plugin? Or if i block those will those features still work?

WMP (last I remember) connects out for that information. Here a quick little test, uncheck both from inbound and reboot and they should still work since you have no block rules into place for outbound. You can always recheck them if needed.

Finally I found a couple of the Errors caused by Software Restriction Policy. If anyone knows how I can make exceptions for these in SRP I'd be really happy to know but if its impossible then its no biggie since you guys have helped me already by telling me to use the Run As option which isn't hard to do. Here's the Errors: Date: 10/30/2010 Source: Software Restriction Policy Time: 7:10:00 PM Category: None Type: Warning Event ID: 865 User: N/A Computer: (my computers name) And the Description: Access to C:\DOCUME~1\(MyUsername)\LOCALS~1\Temp\SSUPDATE.EXE has been restricted by your Administrator by the default software restriction policy level. That ones for when i try to update SuperAntiSpyware from my limited account. The program SuperAntiSpyware let me install it for all users. This other ones from Yahoo Messenger,Date: 10/30/2010 Source: Software Restriction Policy Time: 7:35:46 PM Category: None Type: Warning Event ID: 865 User: N/A Computer: (my computers name) And the Description: Access to C:\Documents and Settings\All Users\Application Data\Yahoo!\YUPDATER\YUPDATER.EXE has been restricted by your Administrator by the default software restriction policy level.I'm not really sure what YUPDATER.EXE does but it doesn't seem to stop the Yahoo messenger program from working. @Rilla I'm fixing to go back into my administrators account and try what you said about the little test but I'm assuming you mean to uncheck the exceptions for the programs, WMP network sharing is already unchecked but i'll try unchecking Yahoo Messenger and see if it still works thanks. Ps HAPPY HALLOWEEN ALL!![/COLOR][/COLOR]

You should be able to add those paths to Additional Rules. Just open the folder, right click and choose New Path rule... then add the paths to the executable that were blocked.

Used SRP for quite some time, became more annoying than a HIPS ;D, and sometimes rules would work and sometimes not :thumbd:
So i got rid of it ;D

-{ Quote: "Used SRP for quite some time, became more annoying than a HIPS ;D, and sometimes rules would work and sometimes not :thumbd: " }-
I've been using SRP for years, and I've never had this problem. If the New Path Rule adresses the correct executable it works. Period.
-{ Quote: " So i got rid of it ;D" }-
Quite obviously, you did something wrong. SRP is much easier and much less troublesome than ony HIPS.

-{ Quote: "Quite obviously, you did something wrong. SRP is much easier and much less troublesome than ony HIPS." }-

Absolutely, unequivocally right.

It seems like people are having difficulties with SRP, and AppLocker for that matter, with executable that need to run under the "less conventional" directories such as user\john-jane doe\Appdata or user-john\jane doe\Application data. An example of one I've got for Applocker;

%OSDRIVE%\Users\myson\AppData\LocalLow\Panda3D\hosts\ToontownOnline\*

A few of these type are going to be necessary for everything to work right. It's up to the user to do a little digging, then create the rules needed.

-{ Quote: "Used SRP for quite some time, became more annoying than a HIPS ;D, and sometimes rules would work and sometimes not :thumbd:
So i got rid of it ;D" }-
You obviously fudged up somewhere. Read this guide (http://www.mechbgon.com/srp/), SRP made simple.

BTW, if you aren't using a limited account I don't see much point in setting up a SRP.

-{ Quote: "Finally I found a couple of the Errors caused by Software Restriction Policy. If anyone knows how I can make exceptions for these in SRP I'd be really happy to know but if its impossible then its no biggie since you guys have helped me already by telling me to use the Run As option which isn't hard to do. Here's the Errors: Date: 10/30/2010 Source: Software Restriction Policy Time: 7:10:00 PM Category: None Type: Warning Event ID: 865 User: N/A Computer: (my computers name) And the Description: Access to C:\DOCUME~1\(MyUsername)\LOCALS~1\Temp\SSUPDATE.EXE has been restricted by your Administrator by the default software restriction policy level. That ones for when i try to update SuperAntiSpyware from my limited account. The program SuperAntiSpyware let me install it for all users. This other ones from Yahoo Messenger,Date: 10/30/2010 Source: Software Restriction Policy Time: 7:35:46 PM Category: None Type: Warning Event ID: 865 User: N/A Computer: (my computers name) And the Description: Access to C:\Documents and Settings\All Users\Application Data\Yahoo!\YUPDATER\YUPDATER.EXE has been restricted by your Administrator by the default software restriction policy level." }-

Are you using SuRun? If not, it would address these problems.

-{ Quote: "I'm not really sure what YUPDATER.EXE does but it doesn't seem to stop the Yahoo messenger program from working. @Rilla I'm fixing to go back into my administrators account and try what you said about the little test but I'm assuming you mean to uncheck the exceptions for the programs, WMP network sharing is already unchecked but i'll try unchecking Yahoo Messenger and see if it still works thanks. Ps HAPPY HALLOWEEN ALL!![/color][/color]" }-

Yes, uncheck WMP and Yahoo for inbound connection and see.

So would my New Path Rules look like this: C:\DOCUME~1\(MyUsername)\LOCALS~1\Temp\SSUPDATE.EXE as written in the event viewer, or C:\Documents and Settings\(MyUsername)\Local Settings\Temp\SSUPDATE.EXE as how its listed on the address bar in Windows Explorer?
And then for YUPDATER i'm guessing to make the rule the same as it looks in event viewer like this? C:\Documents and Settings\All Users\Application Data\Yahoo!\YUPDATER\YUPDATER.EXE Oh and I have a question if I make these rules for these parts of documents and settings will SRP still keep executables from running from there besides these 2 exceptions. Thank you all very much for your input. Hopefully this won't be too hard lol.
Hey Rilla all my exceptions in Windows Firewall are unchecked and I haven't came across any problems so far, Yahoo Messenger is still working fine do you think that exception is only for file transfers In the messenger program? Also I haven't put a check mark in Don't allow exceptions box under the general tab like you've done except on yours it says Block all incoming connections. Would you check that also if you were me? I like how it shows all the additional information behind your Windows Firewall dialog box is that Vista? Oh I almost forgot no i'm not using SuRun it sounds like it would be very helpfull though. I guess I was afraid it would add an extra process I guess i'm kind of a TweakFreak :wacko: lol.
Thanks again everyone!

-{ Quote: "

Okay, first off, if you install SuRun and use it you won't need any of those path rules. On rare occassion you might have to make a path rule. So far I have not run into a situation where I needed to do that. SuRun allows you to run any program you need with full Admin rights by right clicking on "Start as Admin". I just installed it for the first time two weeks ago on my fresh install of windows and it works very well. You want to make sure your system is clean. Here is a tutorial on how to install SuRun. This is what I used. It's much simpler than it looks. SuRun makes life much easier.
http://www.dedoimedo.com/computers/surun.html

I read through it many times before I got started to make sure I understood it correctly. If you have any questions just ask I'm always around as well the others.


-{ Quote: "Hey Rilla all my exceptions in Windows Firewall are unchecked and I haven't came across any problems so far, Yahoo Messenger is still working fine do you think that exception is only for file transfers In the messenger program?" }-
No, it should work fine. Test it out and transfer a file to a friend or family member and then have them transfer a file to you. If you need a rule for this we can see if Yahoo Messenger is listed in the exceptions tab and check it if needed.

-{ Quote: " Also I haven't put a check mark in Don't allow exceptions box under the general tab like you've done except on yours it says Block all incoming connections. Would you check that also if you were me?" }-
Yes, it's a whole lot safer that way. You can keep an eye on the firewall log Windows\System32\Logfiles\Firewall and open it with notepad in Vista so I would imagine it's the same in XP. You can take a look and see.

SuRun uses very little resources, in fact you don't know it's even there.

OMGGG HAHAHAHA, i felt everyone was against me ;D J/K :thumb:

Yeah, i actually set SRP and it DID work for quite some time (1 month) without any flaws, then everything started to get boring and i started playing with apps, and every single time i played with new apps i had to create rules "DUH" (While in a HIPS i just set to learn mode and then check the rules) :thumb: :thumb:
Then came the appcrash with the flash player files in System32, i allowed every single damn thing from flashplayer (I knew which files were affected each time, Event Manager :thumb: ) for some reason it won't work.
So i just got annoyed and deactivated it ;D

And installed MD over it ;D

-{ Quote: "
Yeah, i actually set SRP and it DID work for quite some time (1 month) without any flaws, then everything started to get boring and i started playing with apps, and every single time i played with new apps i had to create rules" }- No offense meant - but if this was really necessary it seems that you simply don't understand the basics behind SRP, or something is misconfigured. You should really carefully read http://www.mechbgon.com/srp/

Any application that complies to Windows standards should install itself into a subfolder of c:\Program Files. New Path rules are only necessary for applications that want to be installed (and executed) outside of the c:\Program Files folder to a new folder under c:\ (but you usually have the chance to correct this during the installation process) and for a few applications that save an executable in the Documents and Settings/Users folder. But these are exceptions - it should definitely not apply to "every single time" you played with new apps.

And if you happen to install an app that wants to save/modify settings or data in its installation folder (rather than to Documents and Seetings/Users as it should), this has nothing to do with SRP - it's simply due to the fact that its programmer is incompetent or still living in the age of Win 9X (since a limited user or a user working under UAC has no write permission for c:\Program Files).

Ok thanks guys I'm fixing to go check out the tutorial that tlu posted earlier: SuRun tutorial and also the link from Rilla: http://www.dedoimedo.com/computers/surun.html. Hey no problem Noob I appreciate everyones advice. Just like the other day I tried to configure tighter security zones in IE8 but had all kinds of problems trying to get to my Hotmail and then when i finally got it to load by adding *.live.com to trusted I was not able to click on any of my email folders, it felt like javascript wasn't working. So I had to put IE8 back to its defaults and re-enable Spywareblaster.

@SAustn2

How many users do have on your computer?

Just some info in regards to SuRun: Right before your ready to install it you need to create another Admin account (this will be your Limited account you will use all the time). I named mine SuRunner so I didn't forget. And then install SuRun from your original Admin account (the one before SuRun) and log off and log into your new account and configure SuRun. The very first thing you must do is add the SuRun account (what ever name it is) to SuRunners group. This will take away admin rights to that account and that's what you want it to do so you end up with a limited user account.

If you want me to go further I can post some screen shots for you, just let me know.

Hi Rilla sorry it took me awhile to post on here we've been painting the outside of the house and in my free time I been reading a lot of the articles at dedoimedo its very interesting reading(that would be neat if a user could get away with not having to use antivirus programs but im not sure what all it takes to do that) thank yall for the link.
I have 4 user accounts:the hidden built-in administrator,my administrator,my regular user and the guest account which is disabled.Would i need to get rid of my old accounts or will SuRun run inside those also? And since i have disabled some windows services I'm not sure which ones are needed for SuRun to work properly, I didn't notice service requirements at either dedoimedo or at kays site but i may have overlooked it somewhere. I guess I could always download the registry file from BlackViper's Site to set all my services back to default or else i could run back through them with the tweakguide i used since he has both the default and tweaked settings listed. Also I don't know if it's a good idea to disable the SRP before installing SuRun then enable it again afterward.Thanks:)
I guess the main reason I started trying to secure my computer is sorta like yours,KIDS lol, except in my case its my young nephews and neice when they come to visit, they always seem to get a computer infected with mywebsearch from playing some game called Zwinky. So now I try to ask what site theyre gonna go to then use Norton Safe Web to check to see what they say about the site.

-{ Quote: "I guess the main reason I started trying to secure my computer is sorta like yours,KIDS lol, except in my case its my young nephews and neice when they come to visit, they always seem to get a computer infected with mywebsearch from playing some game called Zwinky. " }-
Install Shadow Defender, then go into shadow mode when others use your computer. Reboot, bye bye problems. Very easy fix for such a problem. Learning SRP is good too. Sometimes there are more than one right tool for the job.

Sul.

-{ Quote: "Hi Rilla sorry it took me awhile to post on here we've been painting the outside of the house and in my free time I been reading a lot of the articles at dedoimedo its very interesting reading(that would be neat if a user could get away with not having to use antivirus programs but im not sure what all it takes to do that) thank yall for the link." }-

No problem, we all have a life outside of here;D

In regards to AV; with more than one user (you) I wouldn't advise it but that's up to you. Av is always good to catch what you don't know is there.

-{ Quote: "I have 4 user accounts:the hidden built-in administrator,my administrator,my regular user and the guest account which is disabled.
" }-
-{ Quote: "Would i need to get rid of my old accounts or will SuRun run inside those also?" }-

You may have a problem with some registry settings but I can't be positive. The only way to find out is install SuRun through Admin (I would turn off SRP just so you can install SuRun and configure it in all accounts then turn back on) and then see if you can access SuRun in all your other accounts and see how it goes. Make sure your not connected to the net when installing and configuring SuRun. If you start to have a lot of problems then I would delete the other accounts and start fresh.

I started with a fresh slate of windows added some rules to the firewall that were needed (most were already in place from previous installation and I imported the rules in very easily with windows firewall) these were outbound rules cuz I have inbound blocked. Configured all my browsers and sandboxie. This was all done off line before I connected to the net. The last thing was to install the AV and then shut internet back off and make my other Admin account that will be used by SuRun and install SuRun and configure and then turn on SRP.

I'm sure evryone has different thoughts on this but it worked well for me.

-{ Quote: " And since i have disabled some windows services I'm not sure which ones are needed for SuRun to work properly, I didn't notice service requirements at either dedoimedo or at kays site but i may have overlooked it somewhere. I guess I could always download the registry file from BlackViper's Site to set all my services back to default or else i could run back through them with the tweakguide i used since he has both the default and tweaked settings listed. Also I don't know if it's a good idea to disable the SRP before installing SuRun then enable it again afterward.Thanks:)" }-


That's a good question. I never looked at mine until now. I have secondary logon set to automatic but I don't know if it's needed for SuRun. Maybe Johnny or someone else can chime in to make sure.-{ Quote: "I guess the main reason I started trying to secure my computer is sorta like yours,KIDS lol, except in my case its my young nephews and neice when they come to visit, they always seem to get a computer infected with mywebsearch from playing some game called Zwinky. So now I try to ask what site theyre gonna go to then use Norton Safe Web to check to see what they say about the site." }-

Did Norton say the site was okay and then you got "mywebsearch"?

As Sully mentioned Shadow Defender is used to keep any junk off your computer and keep a clean state. Sandboxie and Return IL are two others folks use also.

-{ Quote: " I have 4 user accounts:the hidden built-in administrator,my administrator,my regular user and the guest account which is disabled.Would i need to get rid of my old accounts or will SuRun run inside those also?" }-Don't get rid of any accounts, you need your administrator account! Also don't add any admin accounts to the SuRunners group. Your limited account should be in the SuRunners group and none of the others.
-{ Quote: "And since i have disabled some windows services I'm not sure which ones are needed for SuRun to work properly, I didn't notice service requirements at either dedoimedo or at kays site but i may have overlooked it somewhere. " }- If SuRun is working then you haven't disabled anything it requires. I'm not aware of any services it requires, however. As Rilla mentioned above, it used to require Secondary Logon, but that was several versions ago.
-{ Quote: "I guess the main reason I started trying to secure my computer is sorta like yours,KIDS lol, except in my case its my young nephews and neice when they come to visit, they always seem to get a computer infected with mywebsearch from playing some game called Zwinky. So now I try to ask what site theyre gonna go to then use Norton Safe Web to check to see what they say about the site." }-Maybe you should activate the Guest account and let them use that.

Hi Johnny,

I don't know if you noticed in the link for SuRunner tutorial it says to start with a second Admin account then add that to SuRunner group. Then once it's added to SuRunner it will then automatically be a limited account. I don't want to confuse him/her;) I followed these directions and it worked like a charm.

-{ Quote: "Hi Johnny,

I don't know if you noticed in the link for SuRunner tutorial it says to start with a second Admin account then add that to SuRunner group. Then once it's added to SuRunner it will then automatically be a limited account. I don't want to confuse him/her;) I followed these directions and it worked like a charm." }-Oh, I thought that he/she already had SuRun installed, my mistake. At any rate, you can do it either way. The way you did it works fine or you can just make a limited account and then add that to the SuRunners group (the way I do it). All roads lead to Rome ;)

The admin accounts, however, shouldn't be added to SuRunners, for obvious reasons. I think that's probably why it's in the configuration "never ask admininstrators to join SuRunners".

Hi Johnny,

No problem. As they say there are more than one way to skin a cat. You keep your original Admin account. Right before installing SuRun it tells you to make another Admin account and once SuRun is installed it then becomes a limited account once you add it to SuRunner group.

-{ Quote: " Right before installing SuRun it tells you to make another Admin account and once SuRun is installed it then becomes a limited account once you add it to SuRunner group." }-

Rilla927, it's been a long time ago since I installed SuRun, but I'm pretty sure that this is wrong. SuRun won't change an admin account into a limited account. You have to create a new limited account OR you manually turn an existing admin account into a limited account but that has serious drawbacks which are addressed in this (http://www.wilderssecurity.com/showpost.php?p=1201866&postcount=146) post.

-{ Quote: "Rilla927, it's been a long time ago since I installed SuRun, but I'm pretty sure that this is wrong. SuRun won't change an admin account into a limited account." }-I wasn't aware of that either until Rilla mentioned it. I took a look at Mrkvonic's tutorial and sure enough, that's exactly how he did it. There's even a screenshot of SuRun warning that the account will lose its admin status if added to the SuRunners group. On the other hand, I don't see any advantage to this method vs. creating a limited account and adding it to the SuRunners group.

-{ Quote: "On the other hand, I don't see any advantage to this method vs. creating a limited account and adding it to the SuRunners group." }-

Yes, I agree.

BTW, just noticed beta15 :thumb: Scroll to bottom.

http://forum.kay-bruns.de/thread/271,8

SuRun 1.2.0.9 Beta15 - 2010-11-08
---------------------------------
* CHG: SuRun uses CryptProtectData() for storing user passwords.
This encryption uses a master key derived from the user's Windows password.
* NEW: SuRun can be forced to store and use a user's password.
This hopefully solves problems with domain networks.
* NEW: SuRun's ShellExecute Hook let's non-SuRunners use SuRun's "Run as..."
* FIX: When using the black high contrast theme, in some of SuRun's windows no
text was visible.
* CHG: ScreenSnap uses CreateDIBSection instead of Get-/SetDIBits

@Johnny, Tlu

I saved this file for offline so I could use it as I installed SuRun. I didn't want to confuse myself with other things that may work so I stuck to that article.

Especially installing it for the first time.

-{ Quote: "@Johnny, Tlu

I saved this file for offline so I could use it as I installed SuRun. I didn't want to confuse myself with other things that may work so I stuck to that article.

Especially installing it for the first time." }-Well, that was a very wise decision. You got everything working properly right off the bat, which is what you want. If you look through the really long thread on SuRun that tlu started you'll see that a few jumped in blindly without reading about it first and didn't seem to really understand the purpose of the whole thing.

So far so good. I had a few questions but you answred those so it looks as if it's working the way it should.

I wished I had done it sooner. SuRun makes it so much easier to deal with. To me, I'm not restricted at all. It doesn't get in your way at all like I thought it would.

There is this teenie weenie percent in me that thinks "what are you goona do if something circumvents this"? Then I have to remember that I have to install it for it to run. Humans are computers worst enemie.

I'm grateful you helped me out after I installed it and tlu for posting the link for SRP. I feel much, much safer than I ever did.

Oh get this, I fired up my computer yesterday and adobe flash player was trying to install (I already have it installed) something and it had to abort cuz it wasn't able thanks to SRP. I then spotted Sandboxie was full, it didn't dump the contents like it was supposed too. That's the only thing I can relate this too.

-{ Quote: "
I'm grateful you helped me out after I installed it and tlu for posting the link for SRP. I feel much, much safer than I ever did." }-Glad I was able to help out. Not only do you feel much safer, but you really are safer. As you mentioned, the only real hole in the armor is the human factor. If you only download and install software from trusted sources you won't have any problems.

-{ Quote: "Oh get this, I fired up my computer yesterday and adobe flash player was trying to install (I already have it installed) something and it had to abort cuz it wasn't able thanks to SRP. I then spotted Sandboxie was full, it didn't dump the contents like it was supposed too. That's the only thing I can relate this too." }-I've never used Sandboxie, so I can't comment on that. However, do you really need it? You may decide at some point that it's superfluous, but you may want to keep it for a period of time for peace of mind. It took me a while to realize that I don't need an AV running in realtime, although I have one that I run on-demand "just to make sure".

Concerning Flash updates, if you install them on Adobe's site, you have to start the browser with admin privileges. Rather than do that, you can download the installation files directly and then install them locally, which is easier (and safer IMO). If you want, I can give you the download links.

I already have it installed. I use the offline installer. I think something that wasn't kosher was in the sandbox yet and tried to install but it couldn't.

-{ Quote: "I already have it installed. I use the offline installer. I think something that wasn't kosher was in the sandbox yet and tried to install but it couldn't." }-I see, said the blind man 8)

Now I understand what you meant. Since I have never used Sandboxie I'm not familiar with it. Sounds like one of those fake Flash update thingies. I come across those once in a while too. I just close them, they wouldn't be able to install with your setup now anyway.