Are There Still Reasons to Use GSS if running under Limited User Accounts?

Discussion in 'Ghost Security Suite (GSS)' started by Dogbiscuit, Sep 14, 2007.

Thread Status:
Not open for further replies.
  1. Dogbiscuit

    Dogbiscuit Guest

    Is there still value in using Ghost Security Suite if I work in limited user accounts? If so, how can it help protect my system? For example, can GSS protect the system from privilege escalation attacks?

    Thanks for any input.
     
  2. tlu

    tlu Guest

    In a llimited account you don't have write access to the critical parts of Windows. That's why you are safe against nearly all attempts of malware to seriously compromise your system, even without GSS. However, there is also (less dangerous) user-mode malware that try to write to autostart locations, e.g., in HKCU where you have write permission. GSS can prevent that if configured accordingly. (Note that you can also tighten these autostart locations as described here.) In all other cases it serves mainly as an additional warning layer if some application is trying something it shouldn't.

    If malware really succeeds in doing that, it would try to write, e.g., to critical parts of the Registry (esp. HKLM) and/or your Windows folder - and yes, GSS would warn you in this case.

    By the way - GSS works in a limited account if you follow this advice. I'm not familiar with the new version, though.
     
  3. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
  4. tlu

    tlu Guest

    Guillaume, you're right - they are one of the user-mode malware I mentioned. However, if you tighten your autostarts as mentioned in the link in my previous post you can prevent that they will be restarted every time you boot your computer. You need tools like MakeMeAdmin or suDown for that. (Note, that the paths of the first two entries mentioned therein are incorrect - they should have been "...start\programmes\autostart" in both cases. Unfortunately, I can't edit that posting anymore.)
     
  5. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Well the basic premise of tools like AppDefend/RegDefend is to protect you even if you're in an ADMIN account. So the fact that something escalates to admin privileges is irrelevant really. Keyloggers, window monitors, trojans, DDoS bots, and a variety of tools you wouldn't want running on your machine can work fine in limited accounts (without escalating), so you really need some defense even when in the limited account.
     
Thread Status:
Not open for further replies.