SuRun: Easily running Windows XP as a limited user

Cosmo:
Below are my settings for SuRun. I will reference only those items I have checked.

Common Settings;
(X) Store password for a period of 0
(X) ALL items in Show in Context Menu
(X) ALL items in Show in System Menu
(X) Set Administrators as default owners....

SuRunners Group;
(X) The User can change SuRunner settings.

Advanced;
(X) User Official Windows Hook Interface

That's it. Nothing else is checked. I did not check the Modify DLL Import Address Tables because it indicated that was 'experimental'. So I thought best to leave that one alone for the time being.

I'd welcome any suggestions or recommendations with respect to changing my current settings.

Thanks Cosmo. -SA Jack

 

SA Jack,

normally this

should be enough for automagically starting those programs with elevated rights, that you have set so (on the SuRunner Group page), as you did according post #249. But it seems, that sometimes also the "experimental" option has to be checked for making Automagic working. It seems to me, as if the behavior of Surun would sometimes change regarding this setting, but until now I do not have found a way to reproduce this, so I do not say, that this is the last word.

Nevertheless, the "experimental" for the said option is the point, that it might not always do what is expected; to my knowledge and my own experiences it does nothing bad and if you disable it at a later time nothing remains. That means, you can activate this option without the fear to harm the computer. And I would do this to find out, if Automagic works as expected.

But do not forget, that I told you already, that there might be the problem, that some services needed for Surun to work probably might not yet be ready to use in the situation, where you log in into your local account. And in this case, there is nothing you can do about with Surun-settings. Therefor I suggested to try Startup Delayer for this problem.

 

Hi Cosmo:
I've tried every combination of choices on the advanced tab, but my original problems remain.

I know that Kay has addressed SuRun application during start-up, but I just don't understand (Google translation) the full meaning. There is a reference about 2/3 down on Kay's SuRun web page a reference to checking off "don't ask" on elevating user to admin then clicking "Cancel". I'm lead to believe that this can be helpful for startup apps. I tried it, but nothing changed.

I really believe that SuRun is, without question, the best program I've ever tried that controlled user access rights. I really like the automatically elevate feature because it makes running as a limited user (then elevated with pre-determined applications) seamless.

I would appreciate it if you could share my problems with Kay. My issues reside within 3-different situations.

1. Startup - That's my problem with ERUNT
2. Task Scheduler - That's my problem with JkDefrag
3. Service Execution - That's my most recent discovery involving Cobian Backup.

In all three situation, I've noted the referenced applications as "don't ask", and run "automagically".

I'll continue to follow this discussion on this forum, and check-in on Kay's web sight looking for updates. I want to eventually create the SRP that is talked about in conjunction with SuRun.

Again, thank you for taking the time to help me. I really appreciate your efforts. -SA Jack

 

Hi Jack,

Mh, what do you think about describing your problem yourself in Kay's Forum? There is an English section. In my experience there is a great risk, that some misunderstandings get even greater, if someone tries to describe a problem, that he does not see himself. BTW, I do also read in the English section there and will be ready to assist if possible.

BTW: It seams to me, as if you did not yet have tried to solve your problem with Startup Delayer.

It is a pleasure.

 

Tlu, this is such a GREAT POST!

I've always been fascinated by the LUA way of securing your PC. and I found this post. This has to be one of the best post on LUA's.

However, I am concerned about the program SuRun:

I downloaded
SuRun 1.1.0.6 Current version at the website
http://kay-bruns.de/wp/software/surun/


Then I ran the file at http://virusscan.jotti.org/
(To check for malware JIC )
I, ALWAYS, need insurance.


then Ikarus Found Virus.IM.Worm.Win32.VB.hi
which concerns me

What do you guys think. Is this in fact, 99.99%, a false positive?

Should I download an older version that anyone can recommend?


As in, is that website // company credible and reliable, as microsoft would be?

 

Hy there are you very mistaking UAC IS THE MAIN SECURITY IN VISTA
IT MANAGE ALLSO CALED IE PROTECTED MODE (SANDBOX EFECT)
YOU MISANDERSTOD UAC IT MANAGE THE INTEGRITY LEVELS IN VISTA

INTEGRITY LEVELS ARE A EXTRE ACL NTFS FILE PERMISION BESIDES
UAC CAN NOT BE CIRCUMVENTED UAC MANAGE THE SETTINGS WITHIN ITS OWN REPORTSTORY BTW Do you think a cheap emitation will give you the same benefit or better,i think not think about its a software it uses regkeys
it dot,t have kernel suport like uac .. every software its software it aint os feature.i think you don't kow my condoleance

 

mate a sort of hips are by default on vista it caled INTEGRITY LEVELS
the control is, gues what UAC .UAC manage many security related parts of the os including vitualisation

 

i SWEAR, I get annoyed when my posts aren't answered... especially when they are DELIBERATELY ignored.

adyextreme,

Did you even read my post?

Is this program even safe to use?

 

Yes, although your percentage is on the low side..., need a few more 9's.

Blue

 

I have ran SuRun since version 1.0.2.8 and am currently running the newest version 1.1.0.6 and so far, no trojans or virus has come out of it. So I would say you are fairly safe in assuming no "nasties"

Colin

 

Thanks for the replies guys!

That was the reassurance I was looking for. I now feel much safer using this program

 

Hi Cosmo:
I did download and install Startup Delayer. It look very interesting, and appears to be simple to configure. However, since 2 of my 3 issues are not startup related, I decided to pull back and wait a little for an update.

I would be very glad to post the problem I've been having on Kay's web site. Thanks for the suggestion.

 

Ok, I've installed this program and the strangest thing happened...

After installing SuRun, I can't modify and save any of my old .rtf files through WordPad.
The following error message pops up:

"Access to c:\whateverfile.rtf was denied"



Here is the strange part:
If I create a NEW .rtf file, I can modify and save the file as usual.

This error seems to affect ONLY my previous .rtf files



Does anyone have any ideas why it doesn't work?

 

OK. I've found out EXACTLY why this happens, however I don't have the solution:


The obvious answer is to always run WordPad.exe with Admin rights, HOWEVER, It seems that WordPad ONLY runs with full admin rights when I load wordpad from the start menu.

When I open a Link or a .Rtf file that USES wordpad to open, it seems to continue to start with NO Admin rights


Is there a way to so that WordPad will ALWAYS start with admin rights. Whether I load up the program through the start menu. Or through "D:\Connect4's Blog.rtf" or "C:\..Desktop\Shortcut to Connect4's Blog"




So, how can I ALWAYS make WordPad have admin rights? (NOT limited to only running wordpad through the start menu)



Note:

But this DOESN'T answer why OLD .rtf and .txt and .doc files can't be modified. And NEW .rtf files can be modified (Regardless if wordpad or Microsoft Word has full admin rights or not)

I'm soooo confused...

 

That is correct. SuRun checks, if the command line for starting a program with elevated rights matches with the one stored in the settings (if using Automagic); in case you start Wordpad via double-clicking a rtf-file the command line does not match.

Besides the question, why there should be the need to run Wordpad with Admin-rights (I guess, that this is only an example or a test, not a real need) you should clarify your problem a little bit. What are "old" files? How (= with which account, with or without Surun, where exactly are they stored) are they created? Furthermore, I doubt about your last sentence, that new files can be modified, regardless if Wordpad has been executed with limited or admin rights. If I am wrong, please describe exactly (!) how you found this out. Also: Is the ownership-option (it is the last one on the general page of the Surun-settings) in your case activated or not?

Not to forget: If you get the "access denied" error, I think that this happens in the moment of saving the modification, not when opening the file, correct? Until we have found out, what goes wrong on your system, you can in this case (as a momentary workaround) save the file with another filename, possibly on another place. (Still wondering, why someone needs to elevate the rights of Wordpad?)

 

Thomas,

Ok, you’re right, normally you wouldn’t need to elevate the rights of wordpad to save .rtf files. Let’s ignore Elevated WordPad status for now because that’s not the issue.



First I'm going to run down my exact situation so maybe we can pin-point anything I have done wrong.


Here's a Step by Step of my situation:


1: Before installing SuRun, I have only (1) windows account. Its a Full Administrative Account called "Main User" for example.

2. Now I would want to run windows under a Limited Account. So here is where SuRun comes in.

3. I then installed SuRun, and left the default settings

4. After installing SuRun, I added my "Main User" Account into the Surunners group.

5. What this did was it changed my "Main User" account to a Limited Account (VS It being an Full Administrative Account as it used to be)

6. By adding "Main User" into the Surunners group, SuRun also create a new Administrator account called "Administrator"

7. SuRun will not allow me to add this New "Administrator" account into the Surunners group: And I think this is correct.

8. So basically I have (2) accounts now:

a. My limited account: "Main User", Which I presume is the account I'm going to use
that would help protect me from malware by stripping away administrative rights for
all my programs

b. My Administrative account that SuRun created. I also assume that this account
is there just for SuRun and that I *SHOULDN'T normally run windows XP using this
account *since it has full administrative properties.




NOW: Here is where my post comes in: And Here lies the Issue:




A: Before I used SuRun, I will create .rtf files and edit them with WordPad. Just as users frequently use Microsoft Word to create .Doc files to write a paper or report etc.

I will use WordPad to create many .rtf files. Normally, I can just open any .rtf file, edit them, and save them just fine.

*So now I have many .rtf files on my computer.
*These .rtf files are what I consider my “old files”
basically, “old files” are my .rtf files that are *created on an Admin Account

A: After installing SuRun, I’m running a limited account

The problem is this:

Under this new limited account, if I use WordPad to open an “old .rtf file”, I can view the contents of the file just fine. The thing is, when I try to edit the file and save it, it doesn’t let me.

*However, under this limited account, if I create a new .rtf file, I can edit and save them like I did normally before using SuRun.

How did I find out? Simply by creating new .rtf files and editing them and saving them like usual without the error message.

So there are (2) classifications of .rtf files (for my situation)

1. “Old .rtf files” = .rtf files created on Admin account =
these files *cannot be modified under the SuRun Limited account
2. “New .rtf files” = .rtf files created on the limited SuRun account
these files *can be modified and saved under the SuRun Limited account


Note: I can log off my Limited account, and log into my Full Admin Account and create more “old .rtf files”.

These newly created “old .rtf files” will ALSO not be able to be modified and saved under my Limited SuRun Account.

I hope that makes my situation more clear.

As for the the ownership-option? Yes, the last option which reads:
"Set administrators instead of objective creator as default owner for objects created by administrators" is set Active

 

YESSSS


I think I've figured it out. It was because FOR some reason...

All my old files's security settings Did *Not allow Full Control, Modifying of files (For my Limited account user) (Only Admin account has Full Control over those files created by Admin user)


*Only *new files I created while running the limited account are allowed full control.


If I just run as admin, and change my settings so the limited user has full access to modify the files, I can now access my files and save them like usual.


This also opens a "new pandora's box." Because I have NO IDEA, what settings are safe to set, and what isn't etc etc.





Should I be able to allow *Full Access to my limited user account in my D:, E: and F: Drive?

(As long as its not like c:\windows\ or something that isn't included in post #25?)




Another strange thing I noticed is that the Owner of all my folders and files in drives D: E: and F: is *NOT Admin, its some strange S-1-5... user. (I use sandboxIE so I don't know if this is sandboxIE at work....)



Should I change all my Folder owners to Admin?

 

connect4,

I will answer you in 2 posts to prevent that some things get mixed together. Your original problem will be handled in the following post, this one is about the first part of your post #266 and needs urgent resolution to prevent later (probably big) problems.

In #6 of your steps to install SuRun is a misunderstanding. SuRun did not create the account "Administrator", which you found and it is not even able to do so.

For your understanding: When XP gets installed, an Administrator-account named "Administrator" gets created automatically. This account is most commonly called a predefined account and it is hidden. You can see it only after starting Windows in safe mode. So this account has not been created by SuRun, it has been made visible during your configuration - but again not by SuRun, but by Windows.

To understand the latter part and to see, why this happened, here follows some more information: In Windows should always exist exactly 2 Admin-accounts, not more, not less, namely the predefined one and another one, which has been created by the user (most commonly at the end of the install-process or after turning on a pre-installed machine for the very first time). In your case the latter one is / was the one named "Main User". (A bad name BTW, as an admin account should not be "used" for daily work.) This account is for doing things, that need administrative rights (Windows Updates, installation of programs and some more). The predefined one (which is in general not different to the custom made "Main User") has only one purpose: In case, that the custom made admin account should break you can create a new one. That's it, point. There must never arise a situation, where the last admin account can break also, because in such a situation you will end up with no other choice than to install Windows new! Because of the fact, that the predefined admin account is a crucial backup account this account is normally hidden. But in the situation, where the custom admin account gets lost, Windows reveals this account to give you the chance, to correct this situation.

This exactly has happened. You have downgraded "Main User" to a SuRunner (Windows does not know anything about SuRunners) and Windows must believe, that your Admin account got broken. So consequently Windows uncovered the predefined Administrator account.

Now, what does this mean for you and what must be done?
At first: SuRun gives the option (but it also shows a warning) to change an admin account to a SuRunner account. This is for convenience, as it allows a user, who has used his admin account for daily work (especially surfing and emailing) to continue without losing all the settings in Windows and the installed programs. In a new account you would in most cases start with standard settings. As said, this is for convenience, but it has some problems according security. tlu has written about this in this thread. My philosophy about the problem is something different and I never advise to switch an admin account - for me security comes before convenience.

Now you have 2 choices - but you must do one of both as soon as possible!
First option (my preference): Switch "Main User" back to an admin account. If you remove "Main User" inside the SuRun-settings from the Surunner-list, SuRun will ask you, if you want to add this account to the group of Administrators. Answer yes in this case. Then create a new limited account and add this to the SuRunners.
Second Option: Create by using the Administrator account a new admin account (for reference let us name it here "connect4"). Use "connect4" in the future for administrative duties e.g. Windows update (this cannot be done with a Surunner account). But if you now continue to use "Main User" as Surunner you have to do some more work to get the security level what you expect from the LUA approach. (As said, already described here by tlu)

 

Beforehand:

No, never. Doing so would break the security of your system and you could stay with your old configuration.

After your last post I see, where your problem is originated:

Again, some information at the beginning for your better understanding:
Every object on a NTFS-partition and in the registry (file, folder, reg-key) has an owner. In most cases the owner is the user (account), who has created the object. There are other cases too, but we do not discuss this here; it is sufficient for you to know, that "Administrators" (this is a user group, see the s at the end in difference to the "Administrator" I wrote about in the previous post) will also appear in some cases. So you should read in your case "Main User" as the owner. In cases, where a user created an object, who is no longer known by the system, you will find this long number, that you reported. This situation can arise out of several reasons; examples: 2 systems have access to the partition, an account has been deleted, the system has been newly installed (but without deleting the old files / file system); I do not know, if Sandboxie can bring up such a problem (I don't use it).

Normally as well all admins (remember: there are 2 on a healthy system) and the owner have full access to the object; that means, they can modify and delete them (and can do some things more). As long, as "Main User" was an Administrator, he has had this rights and most probably you never looked into the properties to find out, who is the owner.

I can not tell you, why this S-xxx and not "Main User" is the owner of the said files (except, that he obviously was the one, who had created the files in the past, or he took the ownership later); the reason lies in the history of your machine. But as your "Main User" is now a limited account, he has no longer the write access, as long as you do not start Wordpad as Administrator. If the files would belong to "Main User" (as expected and normally the case), your problem would not exist. To solve this problem start Windows Explorer (or another file manager) as Administrator (in this case I mean: from inside the "Main User" account via context menu "as Administrator") and take the ownership of those files.

All the files, that you have created in the mean time either inside the "Administrator" account or inside the "Main User" account with "start as Administrator" in the context menu will have "Administrators" (group as explained above) as owner (at least, this should be the case). You have to take the ownership for those files also.

Regarding "pandora's box": Yes, the security settings are not easy to understand and doing the wrong settings can do all kind of harm: You can demolish the security of the system or you can demolish your system (and I mean: probably not even bootable). But in case of RTF-files, that you have created yourself you cannot do much wrong (although: if doing very stupid things you could end up, that noone will ever be able to read, write or delete those files).

 

Thanks Thomas

Your post gave me a much clearer scope and picture of my situation and SuRun.
I've actually been working with the information you gave me on this program, and reading other SuRun threads and trying to figure this out all day. I've also implemented SRP (Software Restriction Policy) as Tlu describes in another thread.

I did what you said and Removed my "Main User" out of SuRunners and now is Admin again. Then I created a new Limited User and added to SuRunners and am now currently running this account.

So now I have (3) accounts:
1. "Hidden Admin Account"
2. "Main User Admin Account"
3. "Limited User Account"

And You were correct also regarding the Strange User. I upgraded my computer recently and kept all my old files, which probably created this "strange user account."

I've also change all my personal "Non-Administrative" Files and Folders in drives D:, E: and F: Security Properties. I've changed the ownership of my personal files from "Admin" To "My new Limited User Account", so now I can modify and edit my files freely.


Okay. I've also been trying to study exactly how using a Limited User account creates an environment where mal-ware is "rendered useless" in a way.

Here is what I have came up with:

"The Fundamentals of LUA Security"


By using a Limited User Account, you generally should not be able to modify or change anything in the main "Administrative Folders" such as C:\Windows\* and C:\Program Files\* and Registry

Limited User Accounts can only modify C:\documents & Settings\LimitedUser\* and \All Users\
Limited User Accounts can ALSO modify any folders/files they own:
(Such as my own personal files & folders in drives D:, E: and F:, for example F:\Mp3's\*, or D:\School Documents\*)

There are some also "Autostart Locations" that *CAN be modified by a LimitedUser account that you must manually change the permission and ownership. ( as Tlu mentions earlier in this thread)

*It is these key factors that allow an "Anti-Malware Environment" to exist to help protect the user from mal-ware.

This is my understanding of how using LUA // SuRun will help protect me. I hope it is accurate. Please correct me if I am wrong somewhere.



But what about outside of the LUA environment?


Ok, here's where I am a little confused. Using SuRun & SRP, I can download mal-ware and it generally shouldn't be able to compromise my computer (Unless I do something stupid like open it with full admin rights etc).

Now, this is true in the LUA account environment.
*What about *OUTSIDE of the LUA environment?

For example, what if I log into the "Main Admin Account"?
Could I get infected just by logging into my admin account?
(I know that if I open or execute any malware I'm in trouble, but what about just logging in?
What if one of my Startup programs automatically opens mal-ware? (that was useless in LUA account but is "dangerous" in my Main Admin account?

What about Restarting my computer and booting it in Dos?
(Another "environment" that doesn't have the LUA safeguards)

 

Welcome to the club.

One tip at this: (Sorry, if this comes a little bit late, but it may be helpful in the future): If you copy a file with the limited user account (= LUA) to a new place (e.g.inside your profile), you get the owner of the copied file and by this you have full access. (In difference to moving, where the ownership stays as before.) So it may be more convenient, to copy the respective files with the limited account and delete the original ones later on with Explorer started via SuRun (or Runas, see further down).

You are correct in what you found out about the Fundamentals of LUA Security. Just an addition:
As I already wrote in one of my last posts, the creator of an object gets (in the default setting of Win XP) the owner (and by this he gets the rights to do anything with the object, regardless of the status of his account). The problem with this is the point, where you create anything with a program, that has been started via SuRun als Administrator. Normally your LUA would be the owner of all objects (let us concentrate to files here), that had been created with a surunned program. So by installing a program as a Surunner this would mean, any software (malware), that runs later in the LUA can alter those program files to what it wants, without the need to use a surunned program. In the end the whole concept about splitting the rights to read and to write gets worthless.

To solve this problem SuRun has an option (and this option is activated by default), to change the default setting about ownership of Windows. Now in all cases, where an object gets created with administrative rights (that includes programs, which get started surunned), the ownership does not go to the respective creator account, but to the group of Administrators (you remember?). So those files are sure again in the limited account. SuRun warns you, if you disable this ownership option (the last one on the general page). (Note, that files, that are created without admin privileges are not affected by this; they always get the ownership of the creator.)

And here comes the point, where my philosophy is different to the philosophy of Kay (the Surun-developer) or tlu. With this ownership-option set you can get into trouble if you create files with an surunned program outside your profile. (Inside your profile the LUA has always full access, regardless the ownership; EDIT: see footnote.) This may happen, if you do some video editing with an program, which does not work correctly without elevated rights (because of this you would surun it). As video files may get very big, you want to place them on another harddrive and so outside the profile tree. Now you will get the result, that those video files (which are undoubtedly the property of the LUA) have the ownership of the group of Administrators. The LUA cannot do anything with them except reading; e.g., if he makes backups with a backup program, that alters the Archive-Attribute (that is normal and expected for backup tools), the attributes of those file cannot be changed. If you want to edit those files with another program, which runs fine in a limited account, you again miss the write access. Also, there might be a situation, where you want to search for all files, which have been created with a certain account (and therefore are expected to be in the ownership of this account): Quite obviously this will not work in such a case.

This is not a general problem with SuRun, it is a consequence that Kay tries to make working inside a LUA as easy as possible, inclusive the possibility to install programs from that account. But because of the drawbacks I do strictly divide between system tasks and user tasks. I never do system tasks (inclusive installing programs) as a Surunner (but I run them with "Run as or another tool, which replaces "Run as" or I switch to the Admin account). Therefor I can (and have) the ownership option of SuRun disabled. With SuRun I only run programs, which need higher privileges and must be run in the context of the user's account. In the consequence all commands, which SuRun adds optionally in the context menu of the shell (to be set on the general page of the SuRun settings) are disabled. (There is nothing, what must with the context of the user's account be run with admin rights.) My way needs some more usage of the brain (shall I surun or runas?) and may probably be not the way for everybody, but IMHO it is the best and most secure way.

Now we come to your questions in the lower part of your post.
If your system is clean, you can open your admin account without fear. You ask, what about malware, which may get started by startup programs. The answer is: It cannot happen. The AllUser's startup folder is from an LUA only readable, not writable, the same is true for the respective key of the registry. As long as you log in as a LUA, malware could (in the worst case) add itself to the autostart of this account. If you log in into the admin account, the startup entries of the LUA account are out of usage. You see the point?

Even more: Switching physically to the admin account for installing programs (as already said, for Windows updates you have no other choice) is IMO more secure than Surun or Runas from within the LUA. The reason for my opinion: If the installer gets started (surunned or runased) from the LUA, there is a chance, that malware (if it should exist) could use the installer program (which necessarily runs with admin rights) to alter things in the system, which cannot be modified without those privileges. If I switch to the admin account (where I do never surf and do not have an e-mail account) the malware in the LUA cannot do anything. (Where I have to add, that with the LUA approach the infection with malware is only some percent of the risk of machines, which run daily with admin privileges).

In addition: Security is not simply the usage of some software or some settings, but a concept. One important point of my concept is, that in my Internet options for the Internet zone all active content (ActiveX, scripting, zone switching ...) are disabled; since 10 years this works for me in 90% of all Web pages; if this does not work I at first think about the need, to see this site and after that maybe I add this site to the trusted zone.

At the end: Your question regarding a DOS-disk: DOS does not know anything about NTFS, it can not even see the partition, let alone to read or write there.


FOOTNOTE:
But also, if the files, created with a surunned program and with the ownership option of SuRun activated, are at first stored inside the profile, there can later arise trouble. Let's say, you move (out of what reason ever) those files at a later date to another place outside the profile. Most likely you do not remember, that those files have been created with a surunned program. At the moment, when you try to modify anything in this files (inclusive attributes), you will (at least at first) not understand, why this does not work. I want to say: trouble is preprogrammed, and following Murphy's Law this trouble will arise in the moment, when it is least expected and wanted.

 

Thanks, Cosmo for your informative post. I've been following these threads to see if LUA might be an option for some people. For many that I know, it seems a bit complicated and requires constant monitoring and decision making, as you illustrate.

But more worrisome:

I assumed that with LUA malware cannot get onto the system -- while browsing, for example.

So, how could this situation arise where malware gets initiated by a startup program?


----
rich

 

Hi rich,

IMO LUA approach is the option for all people.

Reading here thousands of post (if I would spent the time), which security program might be the best and why and in which combination and why it does not work with the machine of A, B and C, shows, that many people make decisions over and over and need assistance (which is nevertheless not successful in all cases), who are used to work with an admin account. It does not seem to me, that this makes life really easier. On the first glimpse some things appear to be more convenient, but than reality reaches all those admins. And if the machine got infected (despite all the security apps), things will get really complicated. Posts (in different forums all over the world) with thousands and thousands of HijackThis-logs speak their own language; and the chance for getting something bad on the machine is hundreds and thousands times greater in a machine, which is daily driven in an admin account. - Long text, short meaning: I disagree in this point strongly!

Supposed, malware should find a way on your machine, it can place itself into the startup - but only in the startup for the account, if this case should happen inside a LUA. So the system is not affected, only the account. You surely have read, why I consider installing programs by physically entering the admin account as the safer way. That is the point: When the LUA is not used, all, what is imprisoned there, cannot do anything outside this account.

Your other question is, how can this malware reach the machine? One possibility: Somebody with physical access has placed it there. (Let SRP out, it is another story, and therefor I did not mention it.) Another point is, that I wrote in the previous post, that security is more than the addition of some apps and settings, it is a concept. And I wrote, that one part (an important part, to make it more precisely) are the Internet options: Without any allowance for active content in the Internet Zone I do not say, that it is 100% impossible to get infected, but the risk is very near to zero. But many people do not enhance the security settings in Internet options (or use FF and believe that this is the magic unassailable browser) and so the chance to collect something troublesome is there - but again, inside LUA it can harm the account, not the system.

Side note: People who believe, that 100% security is at all doable, should think about this. People, who believe, that this is possible at all and use a solution, which hopefully does reach this high goal, will mostly sooner or later have to find out, that there are some (more or less) percent of security missing. I do not believe in this and do never tell anybody, that this is possible. (I am not a company, which sells "security suites".) But I know and speak about ways, where it is rather likely (statistics do affirm this) to get infected and ways, where it is very unlikely. (I have not "lost" a single machine in more than 15 years Internet browsing. But I do not draw the "conclusion" out of this, that all malware is only an invention of some companies, which want to sell their products. (This conclusion would be thinable, but not all, what is thinkable is reality.) I draw the conclusion, that I must have decided for a not really wrong way.)

 

Hello,Thomas,

Thanks for your clarifications.

I'll concede that point.

However, for the home users I work with, that is a rather remote possibility. And for those with an execution prevention program, it is an impossibility.

The two principal means by which malware an install are

1) Remote code execution

2) User downloads a file, program, thinking it's trusted, but turns out to be infected.

It's the first method I'm concerned with, and after seeing what is involved with LUA, I think there are easier Set-and-Forget solutions which prevent the downloading/installing of malware by remote code execution for those families with little or no technical expertise, and who don't want to fiddle with stuff.

Your point about Internet Options is well-taken. However,

Other solutions prevent collecting any malware via a browser exploit, and so neither the account nor the system is harmed.

I would modify that to say that it is one option to be considered by all people, as I have been considering home environments in which it can be used.


----
rich

 

But moving the file isn't possible if it was created wuth admin rights before.

Indeed Sorry, that I didn't answer your post in Kay's forum - I've been too busy lately.

On the external HD? No - if you copy them the user gets the ownership. And moving them isn't possible if created with admin rights - see above.

True, but usually you access these files with the application that needs admin rights anyhow. And if you really want to edit these files with another application - well, I think a user who is familiar with SuRun can handle this situation.

Yes, here I agree. This is relevant IMHO if you want to make a differential backup of these files with a backup program started with limited rights. On the other hand I think that most users of such programs (usually image programs like Acronis TI) perform a (differential) backup of their complete harddisk with admin rights in order to have access to, e.g., c:\Documents and Settings\<Admin> .

Cosmo, there is another advantage of installing with SuRun. There are still applications that save their configuration in the autostart folders or HKCU of the admin account (provided that you installed it under this account). Now, if you start it the first time with limited rights you will notice that it doesn't work as expected, so you might run into trouble. Installing with SuRun avoids this problem. - Another (political ) aspect: I think we agree that
unfortunately 95% of all Windows users are permanently logged on as admin and that's one reason why this OS is so affected by malware. SuRun has thepotential to alter this attitude - but it's counter-productive if we make it too complicated. And I still think that your arguments only affect a minority of users from a practical standpoint. I nevertheless highly appreciate your comments and thoughts - you know what you're talking about.