Are There Still Reasons to Use GSS if running under Limited User Accounts?

Is there still value in using Ghost Security Suite if I work in limited user accounts? If so, how can it help protect my system? For example, can GSS protect the system from privilege escalation attacks?

Thanks for any input.

 

In a llimited account you don't have write access to the critical parts of Windows. That's why you are safe against nearly all attempts of malware to seriously compromise your system, even without GSS. However, there is also (less dangerous) user-mode malware that try to write to autostart locations, e.g., in HKCU where you have write permission. GSS can prevent that if configured accordingly. (Note that you can also tighten these autostart locations as described here.) In all other cases it serves mainly as an additional warning layer if some application is trying something it shouldn't.

If malware really succeeds in doing that, it would try to write, e.g., to critical parts of the Registry (esp. HKLM) and/or your Windows folder - and yes, GSS would warn you in this case.

By the way - GSS works in a limited account if you follow this advice. I'm not familiar with the new version, though.

 

Hello,

Even under a restricted user account, keyloggers are still working. You can test it youself with a friendly anti-keylogger tester :
http://www.firewallleaktester.com/aklt.htm

Regards,
gkweb.

 

Guillaume, you're right - they are one of the user-mode malware I mentioned. However, if you tighten your autostarts as mentioned in the link in my previous post you can prevent that they will be restarted every time you boot your computer. You need tools like MakeMeAdmin or suDown for that. (Note, that the paths of the first two entries mentioned therein are incorrect - they should have been "...start\programmes\autostart" in both cases. Unfortunately, I can't edit that posting anymore.)

 

Well the basic premise of tools like AppDefend/RegDefend is to protect you even if you're in an ADMIN account. So the fact that something escalates to admin privileges is irrelevant really. Keyloggers, window monitors, trojans, DDoS bots, and a variety of tools you wouldn't want running on your machine can work fine in limited accounts (without escalating), so you really need some defense even when in the limited account.