Run-Safer in Online Armor Free v3.5

Hi.
I've been testing OA free for sometime now. I'm loving it so far. My question is very simple. What exactly does 'Run-Safer' of OA do? I have read the FAQ's and help files but was hoping some of you guys here would be able to help explain it to me better.

Cheers!
Arjun Ned.

 

RunSafer runs a program with reduced rights, which makes most malware ineffective, but allows most legitimate programs to work normally. Though, some programs can feel poor if started with reduced rights, for example the installers need administrative access, also the programs that launch the drivers and the services "on the fly" cannot do it with restricted rights.

Generally RunSafer prevents:

1.) ability to launch services and drivers
2.) ability to write to the important registry keys and important disk areas
3.) ability to use some APIs (like direct disk access, fo example).

BTW, if a dropper for something like "confiker" or "seneka" is started safer it cannot infect a system.

 

All applications (non-OS), with the exception of a couple of specific utilities, run safer on my PC (which also has UAC on). OA is also set to Run Safer all unknown programs.

 

you need to run safer your web browsers and any program you suspect in.

 

I'd add to that most internet facing apps, including things like chat clients should be set to run safer. This way, if you do accidentally click a malware link, open a malicious attachment, get exploited by something or other, the process would start with limited rights - this really reduces the damage that they can do.


Mike

 

Basically it's like running in a limited user account. So as I recall some of the restrictions are:

* Cannot install drivers
* Cannot write to system
* Cannot write to root of drives

Just these things alone limit damage things can do. If you are familiar with DropMyRights this is pretty much the same thing, only automated. Then, we add in the rest of the OA protection and we start to get some really powerful protection.

The EMSI/Ikarus engine in our new OA++ also really is performing for us well. I can't wait until it's released. Combining AV+Run Safer+HIPS is very very nice...

 

The funny thing is RunSafer renders HIPS to go unemployed

 

May be OT...
What is the difference between the Run-Safer in Free and Paid?
Thanks in advance.

 

None. Both are the same thing

 

It seems be a vistual machine.Shall I comprehend it like that?

 

No, think of it like handcuffs/straightjacket on programs, to limit their movement

 

Thanks!
...for your simple and clear answer!

 

Other posts have explained "run safer".

But the way I see it is users don't need it or the potential errors that can be made by the vendor in working this feature.

All users need to do is run as a limited user day to day and then when needed switch to administrative mode to do things like install new SW, drivers etc. How hard is that? IMHO, just leave OA's run safer feature unticked.

 

The same could be said about any feature or program which gets into windows at any level and modifies behaviour in "interesting" ways, which would include most of the programs the members here use.

You could even extend this logic to disabling services, using nlite, or any sort of patching or in depth system tweaking.

Runsafer is not and never was designed as a replacement for a limited user account. It was designed so that people who run as admin for reasons of necessity, convenience (or even laziness) can limit the rights of their internet-facing applications.

For example, I sit there and write code. I need admin access. But I can turn my browser and IM clients and email to runsafer and have protection against exploits this way.

 

In Vista, how do Run Safer and UAC compare and contrast?

 

In Vista when it starts up it defaults to Limited user mode.

They see it as a safer for the masses. To do things like install sw you have to flip over to admin mode. Some user have the view that it is "inconvenient"

But security by it's very nature is sometimes incovenient... c'est la gare!

 

Hello Mike:

Good data, thanks!

Take it easy!

 

I was under the impression that there was a difference between a true LUA (i.e.: not Admin) and an Admin account with UAC turned on?

 

Hi Pete:

Well advice was NOT what I provided it was an opinion. Mike's post was good data for OA users of Run Safer. My view is just different, very sorry you don't agree but that the way things go at times!

Can't answer your various How many questions about average users. Last time we ran a poll in this forum most were using advanced features and tweaking here and their so your fears may be .....

Attached for users who have forgotten how or want to know now is a windows xp screen from the control panel relating to user accounts.

It just requires a little reading and a click or 2 to set up a limited account not that hard really. In my view again, the labour and knowledge to set Run Safer up in OA is actually trickier as it assumes users know what executables need to have it set. But again this is just my view.

 

No not really, don't like guessing much better to know!

At other forums, the membership and knowledge level would be different than this other FW forum at Wilder's for sure!

But anyway Pete we are here not there

 

This might help. http://windowsteamblog.com/blogs/wi...7/01/23/security-features-vs-convenience.aspx

As to the differences between runsafer and UAC, I would like to know also.

 

Hi Mike,

Very nice and technical explanation of what “Run Safe” does.

How different is it from Sandboxie? I mean, they do exactly the same thing or they have different approaches on handling how the browser interacts with malicious web pages?

Kind regards,

Carlos

 

Hi Carlos,

Sandboxie and RunSafer are two different beasts. The way SBIE works is basically that when a program that is sandboxed tries to (for example) write to System32, Sandboxie intercepts this and writes it to a different place. The programs in the Sandbox still see this, because it's redirecting both the reads and the writes.

With runSafer, the operation is denied. It would be fair to say that SBIE tricks a program into thinking it's doing what it wants to (write to system) whereas runsafer limits what the program can do.

Both are valid approaches.


Mike