The magic of TTT!

After some delay, I'm finally getting to grips with Tiny's Trojan Trap.  The program is so powerful that many, including myself, have found it too daunting to implement...but last night I saw the light!

With the Administration Tool, I created a new Application Group called "IE Straitjacket".  I made this RESTRICTED.  I promptly moved Internet Explorer from its predefined group into the straitjacket.

I clicked File Security, and promptly set ALL drives to "No Access".  I did the same to System Security and Registry Security.

Then the sneaky part...I went back into File Security and clicked "ask user" and double-clicked ALL.  I did the same for System Security (for all its headings) and Registry Security (again, for all headings).  Then I started IE.

Through trial and error, I learned which prompts to set to "permanently allow" and which to set to "permanently deny".

Result:  when it set IE's address bar to my C drive, all I see is a read-only version of AUTOEXEC.BAT!  No other files, no other folders!  Nada!  Zilch!  Nothing!

I also set scripts to run in their own sandboxes.  Now I've got the happy situation where if any malware scripts try to run on my browser, they've got nothing to find, nothing to change, nothing to do!

Plus, I've got BOClean running, and AVG, and Script Sentry, and all the other usual suspects.  Boy, am I feeling smugly secure this morning!

I'm in the process of doing the same thing to Outlook Express.  Then I'm going to investigate CHX-I (packet filter and firewall, separately) and then - who knows!

I love TTT!  Don't be scared of it!  It's easier than it looks!

 

This app must be the ultimate fix for those who love to play with windoze access rights!

Great to see you have got to grips with it - I've found the default app groups for IE and OE perfectly adequate for my needs, and therefore have not set up any custom app groups.  

I've tested TTT against firehole and the like, and found that the only way that anything spawned by IE or OE can get anywhere near my registry is if I am dumb enough to save it to my 'sandbox downloads directory', then give it permission to climb out of the box.

I agree entirely that there is no feeling quite as smug as the knowledge that if a bad guy gets in, all they can do is spin their wheels and go nowhere.

Something you could try (Soul Flame's idea) is to set up a group called 'threats' which switches on every restriction you can find.  Run any 'suspect' executable in that group.  You can then see from the activity window exactly what it was trying to do.

If you've got a dual boot, its great watching as an executable tries to write to your C drive (don't forget to put it in the 'confidential' category) when there's precious little there anyway.

If you update IE or need to 'install on demand', probably best to disable the Trap first - the update feels the need to write to the weirdest of places whilst executing.  The first time I came across this I thought I'd been attacked by something.

 

Checkout,

When you are going to play with CHX-I, please let us know about your experiences (I'm too curious about it; have visited there site a few times); best to start a new thread for that.

 

Will do.  It may take a while, though.

 

Checkout, will you now lose your firewall and enable java and active x?   Sounds very tight to me.  

 

I'd feel very unsure without my firewall - I get a lot of scans.  But, yes, I'll allow scripting and see what happens!