Firefox used under Domain User acct to surf; could there be infection?

[Wildest]

I setup a Domain User account on a PC for my four-year-old where the only browser shortcut available is one to Kido'z, a browser specifically for kids that restricts access to only those sites which are suitable for her age.
I returned home at the end of one day to discover that she somehow found out how to access Firefox from the Run... prompt and was accessing youtube to watch Little Mermaid clips and browsing Amazon and EBay looking for Little Mermaid merchandise.
I did an on-demand scan with a-squared and avira online and found nothing, but I am still lacking peace of mind, and am now thinking of doing a rollback.

While there is no anti-malware software on the machine, since it is only a Domain User account without Administrator rights, how concerned should I be about infection?

[Eice]

One, if your daughter used Firefox in a non-admin account, chances are you're being paranoid. Second, she's obviously much smarter than you (especially if she's only 4 years old), so I wouldn't be worried about it.

[Wildest]

Quote:

Originally Posted by Eice

Second, she's obviously much smarter than you (especially if she's only 4 years old), so I wouldn't be worried about it.

Perhaps it is due to my limited intelligence, but if she is much smarter than me and she is only 4 years old, then I think I should be worried.

[spm]

Quote:

Originally Posted by Wildest

Perhaps it is due to my limited intelligence, but if she is much smarter than me and she is only 4 years old, then I think I should be worried.

Hey, you're a parent, so expect to be worried! Yes, kids get to do things on the internet a lot earlier than you'd expect. I found that out with mine. If you're concerned, I'd install some decent parental control software - my favourite's CyberPatrol, but there are many others.

[Windchild]

Quote:

Originally Posted by Wildest

While there is no anti-malware software on the machine, since it is only a Domain User account without Administrator rights, how concerned should I be about infection?

That depends on what rights had been given to the account. If the account was not a member of any group that has admin or power user type rights, but is rather restricted to having just limited user level rights, then there is absolutely no reason to think there has been any system level infection. At worst, the user profile may be infected with something. If you're feeling paranoid, you can delete the account and make a new one, and that would be the end of it. Or, you could do some research from within that account, and then log out and log in as admin and do some more. Find anything suspicious, then wipe the user account. I would be extremely, extremely surprised if there had been a system level infection from an account that does not have admin / power user privileges. That would require either a privilege escalation exploit to be used by a malware (you don't see this stuff done on Windows systems exactly often) or a screwup from the admin (such as going ahead and executing some file that the potentially infected user account has write access to).

Further, if your Firefox is up-to-date with patches, and the Flash, Adobe Reader and other plugins installed are up-to-date as well, there is still less reason to worry even about the user profile.

[Wildest]

Quote:

Originally Posted by spm

Hey, you're a parent, so expect to be worried! Yes, kids get to do things on the internet a lot earlier than you'd expect. I found that out with mine. If you're concerned, I'd install some decent parental control software - my favourite's CyberPatrol, but there are many others.

I am trying to minimize the amount of software I need to install on that box since it has some enterprise software running on it for testing, but thanks, I will check out this cyberpatrol.

[Wildest]

Quote:

Originally Posted by Windchild

That depends on what rights had been given to the account. If the account was not a member of any group that has admin or power user type rights, but is rather restricted to having just limited user level rights, then there is absolutely no reason to think there has been any system level infection. At worst, the user profile may be infected with something. If you're feeling paranoid, you can delete the account and make a new one, and that would be the end of it. Or, you could do some research from within that account, and then log out and log in as admin and do some more. Find anything suspicious, then wipe the user account. I would be extremely, extremely surprised if there had been a system level infection from an account that does not have admin / power user privileges. That would require either a privilege escalation exploit to be used by a malware (you don't see this stuff done on Windows systems exactly often) or a screwup from the admin (such as going ahead and executing some file that the potentially infected user account has write access to).

Further, if your Firefox is up-to-date with patches, and the Flash, Adobe Reader and other plugins installed are up-to-date as well, there is still less reason to worry even about the user profile.

Thank you very much for taking the time to share your thoughts.
I am feeling much more at ease now.

[spm]

Quote:

Originally Posted by Wildest

I am trying to minimize the amount of software I need to install on that box since it has some enterprise software running on it for testing, but thanks, I will check out this cyberpatrol.

Understood, but you will find very few IT pros who would feel it is sensible to have a child's machine domain-connected in the first place.

[Wildest]

Quote:

Originally Posted by spm

Understood, but you will find very few IT pros who would feel it is sensible to have a child's machine domain-connected in the first place.

You will also find very few true IT pros who haven't had to provide support for a senior vice-president who uses their domain-connected machine like a four-year old as well.

[spm]

Quote:

Originally Posted by Wildest

You will also find very few true IT pros who haven't had to provide support for a senior vice-president who uses their domain-connected machine like a four-year old as well.

Very true, too.