The point is not limiting yourself but all the bad ware. Although I know I shouldn't do it, I use Vista with UAC disabled and XP with an administrator account. 1. Because it's easy. 2. Because I didn't have time yet to look into all the tools that make it possible to use a limited user account and still be able to do all things. I wouldn't advise it to other people but on the other hand, I know what I'm doing and I haven't been infected so far. Though, I'm definitely going to explore other possibilities.
I'm on XP & I run limited. When I need to run a quick update on a program I will do a "run as" the administrator. Once a month or so I go into the admin and just to a complete update on everything and all the maintenance stuff. But it is a real pain when I want to do something and I am told I cannot because I am not the administrator. I have to stop everything, log out, and go into the admin account to set things up. Then go back to where I was. Big waste of time. I am so tempted just to run as an admin! I wish XP was set up like 2000 so different identities could have different levels of power.
I was just looking at your posts about it. You have provided a lot of info on it. I have not finished reading it. I am considering it. I am wondering how safe it is. How much testing has it gotten for security? I do not want to open up a new way into my computer. Thanks Moe
The basic architecure (e.g. the use of a Secure Desktop as known in Vista) is explained in the readme.txt I quoted in the first post of the SuRun thread. A vulnerability existed in previous versions (and is explained in detail here if you are familiar with German) which is fixed in the meantime. For further questions I suggest to contact the author in his forum. And if you are a programmer you can check the source code as SuRun is open source.
Then it's finally high time to do it But follow the suggestions in post #34 how to setup the limited account, please.
For internet use: limited, limited ,limited!! Adding LUA to multiple layers of eclectic anti-malware is not overdoing it -- it is common sense.
I got to busy and forgot about your advice. Then I got so fed up I finally remembered and downloaded, installed and started using SuRun. I could just bonk myself on my head for not doing this right away. GEEZ this makes my life so much easier!!!! The safety of being a limited user and the ease of having some administrative powers. This is fantastic. Thank you!!!!!
Admin with XP: I tried running LUA, a lot of applications wouldn't start properly. Admin and UAC with Vista: The best of the two worlds. If you add a sandbox, I really can't see how I could get infected unless someone has physical access to my computer.
Please tell us which ones. I know that there are some badly programmed games and P2P applications that require admin rights because their programmers still live in the age of Win9x - but apart of them? Any application that isn't several years old should support user accounts. BTW: If you really come across an application that doesn't work with limited rights you can add it in SuRun to the list of applications which are always started with admin rights.
I'm not a gamer and I don't do P2P. It was quite a while ago, but I remember I had problems with Ad Muncher, RegDefend, and another I can't remember at the moment. I don't think that the situation could not be dealt with, I tried 3 times to do it and it always felt like reinstalling the OS: Everything had to be reconfigured anew. Your argument supporting LUA is very strong, but like Eagle Creek pointed out, one wonders if it is worth the trouble if you know what you are doing. I found the perfect solution with Vista which embraces this concept by default. My other laptop running XP is used by my wife occasionally to surf the internet, always sandboxed and with AntiExecutables (perhaps a stronger version of LUA). I haven't tried SuRun, but using Vista as I said the problem is solved by default.
I like SuRun but it is a huge pain right now because it's a work in progress (even a box that says "experiemnetal")and still causes a lot of problems when i need to run something as Admin and have to resort to that silly box Run As and type in my password everytime, so i given up on it untill they fix it and going to stick with Admin account, besides it takes an act of God to infilitrate my units as is to the point of elevating a malware rights anyway.
At least for older versions of GSS this can be solved - see here. I don't know about newer versions. Of course. Any application that is aware of multiple user accounts saves its settings in the respective c:\Documents and Settings\<user> folder. It has to be done just once if you create a new user account and that's it. I've been doing LUA for years (my children, too, btw). Believe me: It's less trouble than fiddling with umpteen settings in your HIPS. I'm using SuRun even in Vista where I disabled UAC. SuRun is the more convenient solution, IMHO. BTW: There is really one big disadvantage of the LUA approach compared to using a HIPS: You will no longer be able to participate in all these many "interesting" threads why HIPS A is better than HIPS B, or why HIPS C should be added to cover parts not covered by the first ones, or which settings should be changed to make your HIPS less talkative ... etc. etc. Yes, that's really a big disadvantage.
As already mentioned here I think this judgement is not justified. It's not clear if your problems are caused by SuRun or by your HIPS. And again: That box is explicitly called "experimental" and can be easily disabled.
I have always used admin account, mainly because I believed the myth that everything was so difficult when using restricted account. So I did what I guess the majority of people here does; I used all the security apps there is (not at the same time tho) to feel secure. Then one day I thought I might give Ubuntu a go. Linux opened my eyes. I realized that why hell should I "cross the river to get water", as a saying goes. I asked my self why I should be an admin and give any malware the same rights, I couldnt find a logical reason for it. If I do admin stuff I just elevate to it. It is so simple and I cant believe it took me so many years to realize that. And now that MS finally realized this too (with Vista) and software like Surun it is easier than ever. Well, on the other hand I have had a really good time while learning about computer security using HIPS and stuff but all that knowledge has led me to realize that I dont need them.
No, at least if you combine it with SRP which I strongly recommend. In this case malware has no chance to be executed - unless you start it deliberately with admin rights.
Hello, I agree. I was referring to the never ending game, as OSes change or plug holes new malware that will be written to run on it or circumvent it
Admin with multi layered defence system. I like to use my pc as I want, without limitations, and to test my defences.
My OS doesn't provide for limited, guest, and other accounts. I use SSM and the policy editor to define separate user and administrative modes. The system boots and runs in this defined user mode more than 90% of the time. The administrative mode is strictly for updating, installing, making configuration changes, and other testing.
Hello, on my machine i use a limited user account. vista 64bit. my parents xp machine uses admin account. not sure if some programs would work under lua or not.
