Limited vs Administrative

Well I am not really surprised
I havent actually tried it yet (as you can figure out from my post ) I thought I read that SP wouldnt work under a limited account somewhere here. my bad.
Thanks for the info.

 

Acronis 10 works under limited. I had to remove and then reinstall but now it works using run as.

BUT in admin when I try to read a word doc it starts to install office but never finishes.

I started with admin and made a new admin and then changed the original admin to limited. Office was originally installed on the new Admin so why do I have to reinstall ?

 

Hello,

While running as limited is far better than admin, I do not think that removing any security software is such a good idea. I would keep at least an Antivirus and a Firewall. For instance, not all kind of keylogger need admin rights to work, some methods work under a restricted account, like shown by AKLT :
http://www.firewallleaktester.com/aklt.htm

A restricted account stops dead in their track most exploits and attacks, without any security software. It is therefore a powerful, simple, and automatic security layer. However it does not prevent 100% of the possible attacks, and for the remaining ones, antivirus and firewall are not overkill, IMO.

@LongView
I'm not sure but when you install for instance Microsoft Office Outlook (not Outlook Express) on one account, if you run Outlook afterwards on another account where it was never previously ran, then Microsft Office starts something looking like a setup start. In fact it is initializing the application account settings, and just do it once. May be is it what you are witnessing ?

EDIT : just an idea, as a "dumb" workaround, you could install OpenOffice (open source and free) instead of MS Office (I call that a dumb workaround, because switching to another program is not a real "solution" per se).

Regards,
gkweb.

 

@gkweb

can't argue with your re the possibility BUT I can't or rather will not give up the speed that running no on line antivirus or anti spyware gives me. Before I removed all my security programs it was taking one of my programs over 30 seconds to load. now it take 6 seconds the first time and 3 thereafter. Other programs "feel" much faster as well.

Since 96 I have not seen a virus nor malware. Lots of false positives.
I would appeal to the law of diminishing marginal returns. My Netgear covers X%,
Firefox increases my protection a little bit more. My e-mail provider checks and removes spam and other bad things. Returnil of deepfreeze would kill off anything that got ( no speed loss) - in fact to me the main benefit of returnil nil is I can set up a machine the way I want it and it stays that way.

Finally if I run under limited the percentage increases yet again.

So given that no anti-virus, hips or malware program that I have seen is anywhere near perfect and given that they all seem to slow me down and given that my other protections get my percentage fairly high I can not see the trade off as being worthwhile to a safe surfer

 

Hello,

If speed is your top one priority, with the maximum security possible without decreasing your performances, may be a single AV with automatic protection disabled would do the trick ? Ony do an on-demand scan once in a while ?

Just an idea. I perfectly understand your concerns

Regards,
gkweb.

EDIT : as lightweight AV, NOD32 comes to mind.

 

I start it with suDown and it works perfectly.

 

with returnil in protected mode ( previously deepfreeze) every few weeks I run an antispyware and antivirus check. the last one I tried was Nod32 and like all the others it showed nothing.

 

Haven't tried sudown yet. Found I can run Acronis by run as.
still trying to get my head around what is happening. Perfect disk works as limited and admin. Strange the way that crap cleaner shows errors in admin but not in limited - suggests not looking at the same registry ?

No real problems - but I am testing on a very old machine which has really been abused over the last 5 years or so. will no doubt be better with a fresh install.

 

Well, I tried it once on a PC without .NET 2.0 installed and it didn't work properly. And I remember that I read a review of suDown in a magazine where this was confirmed. But you're right that it is not mentioned on its homepage.

Could you elaborate why? Where did you have problems?

 

Guillaume, I absolutely agree with you. On the other hand, protection against user-mode malware can be further improved by some steps I outlined in this posting. Thsi works also with suDown, of course, not only with MakeMeAdmin.

 

sukarof, I wouldn't do this. Noscript is an excellent protection against Javascript exploits and the more and more popular cross-site scripting (XSS) which has nothing to do with admin or limited user account.

Regarding HIPS, please read my opinion about them in post #29.

Regarding firewall: A firewall is necessary since some services in Windows open ports, and these services are running with sytem privileges. Thus, if there is a security hole in one of these services there is a high risk that your system might become infected. That's why it's important to close open ports. Now, that's the inbound protection part - and here the built-in Windows firewall is absolutely good enough. If you also want outbound protection (keywords: applications phoning home, leaktests) you'll need another firewall. A limited account cannot protect against these risks.

Regarding AV: If you catch a virus, e.g. by an mail attachment, and execute it carelessly it's possible that it deletes your data (like DOCs, XLSs, whatever) which you saved in a folder where you have write permission. So while malware will most probably not be able to seriously compromise your system (like installing a trojan or rootkit or making your PC a part of a botnet), data loss is nevertheless possible.

Yes, and here comes suDown into play which makes that part very comfortable.

Yes. Regarding sandboxie, I haven't tried it.

 

Thanks for your replies tlu and gkweb, much appreciated.

I am still exploring this limited user accounts and have much to learn.

Unfortunately sudown didnt work on my machine (kept crashing on me) I might have done something wrong when I installed it. But for now I am playing with the regular LUA and will try it again later because I understand there are less hassle with sudown than windows LUA...

Maybe sandboxie was a bit strange comparison but I get it now.

My goal with this exploring of LUA is to see if I can get that fuzzy feeling of secureness without all the hassle that regular HIPS give (the confirming of all sort of activities) Prevx1 is on the right track but it is still a band aid on windows. It would be great if one can achieve real security directly from windows itself. Maybe it is not possible but it´s nice to learn new stuff

 

Hi tlu, well, no specific problems, I just decided that I should probably run an AV and HIPS after all, so I figured if I'm doing that, then I might as well run Admin again and avoid any future hassles or extra work. I may return to LUA later, I am changing things all the time..

 

Sukarof, I did get that fuzzy feeling of secureness when I ran Linux, that's one great selling point for Linux in my mind. However, after distro hopping for 9 or 10 months, I returned to Xp simply because overall it's easier, everything works better right out of the box, and it's just better IMO. But you can get that secure feeling running Linux, pretty much nothing can touch you.

For now I'm using Nod32 with Firefox, and I added CyberHawk, which doesn't seem to bother me at all. I realize others maybe superior, but I am looking for a HIPS that asks me no questions if possible, and I'm willing to sacrafice a little protection for one that is basically quiet and not a bother..

 

I have been thinking about this subject a bit more, and have decided that for now I will continue to work in admin mode. A couple of reasons why:

About 3, I´ve never tested this, so I can´t know for sure, but I assume that simply by blocking process execution you will stop most, if not all drive by attacks. In addition, I´m running certain vulnerable apps (browser, email, Office/PDF, media players) in "non admin" mode via the "software restriction policy" tool in XP Pro, plus IE is configured in the most safest way possible. Also, I mostly visit my favorite ("trusted") sites, most of them with javascript disabed, and I almost never download any Office files.

About 4, I´m aware of the fact that there are indeed some flaws in HIPS, I´ve tested a couple of tools this week, and they didn´t always work correctly. However, nowadays I hardly install any new tools, at least not on my real machine.

 

Btw, what if you download a malicious app (a text editor for example), it comes up clean on VirusTotal and you don´t get any alerts from your HIPS. It does however ask for admin access. If you´re really paranoid (or smart), you will probably stay away from this app. But since you didn´t get any alert from your HIPS (and it was clean) you might decide to install it anyway, and bamn! It manages to bypass your HIPS, and you´re owned. So the non-admin approach didn´t really help, but it did give a clue. So I guess you shouldn´t you run apps who require admin access for no good reason?

Yes correct, but I was mainly talking about the ease of switching between modes, would be cool if you could globally switch between admin/nonadmin with one or two clicks. And of course a password is required, unless it´s somehow possible to make it so that only the Windows OS is able to switch between modes. Or what if you could choose to only run certain apps as admin, in a non-admin account? But perhaps this simply isn´t possible, or perhaps it would be easy to bypass. I really wonder how this stuff works in Vista, a lot of people complain about LUA, but perhaps it´s not that bad.

 

several times in the past I tried to set up a limited account but made a mess of it.

Having followed this thread I made a new admin and changed my existing admin to limited. Having tweaked for a few hours I now have it pretty much the way I want it. The programs I current run work with limited. everything is "protected" by Returnil. what am I missing ? what is there to complain about ?

Thanks everyone for your thoughts and encouraging me to try limited again but to get it right this time.

 

Hello,

The remaining complains is that for some tasks, you need either to rely on "Run As" which does not always work fine, or to play with tools like SuDoW or other, or to switch to a different admin account to accomplish admin tasks (I prefer the later). While in the end everything works one way or another, the fact is that some people find it too much of a hassle of having to do extra steps to get things to work (I was).

But once you accept few more steps for particular apps (either "Run As" or switching account), everything is fine

Congratulations for going to the safer side.

Regards,
gkweb.

 

This is a very interesting thread. Good reading

It makes me think of making use of a LUA for safety reasons. But I have not decided yet. Will follow this thread and see if more users post their experience. SuDown sounds interesting.

I think this is a good advice. No matter what I decide I will create a limited account for on-line banking. Thanks Dogbisquit

 

Nothing much to complain about except the need to right click and Run As at times, and perhaps some apps not wanting to run or work properly in a LUA. For some people that's too annoying, for others it's not. Just depends on personal preferences I guess....

 

Here is a couple of more questions about limited user.

1. Problem: I installed Norman Antivirus through "run as" but I have to "switch user" to admin if I want to update the signatures. Why is that? Is it because of Norman or is it some limitation (feature?) in the LUA idea? I mean, I can understand that I can not make changes in Norman, but surely it should be able to update?!
But now it strikes me: Does this depend on where I install Norman? Should I install Norman, and other software that requires writing into their folder, on another drive or partition?

2. Does it matter if I install something through "run as" or switching user to a admin account? Is there a difference?

3. Does everything I install in an admin account automatically install in my limited account too? I notice that not everyting I have installed in a LUA (before I changed the account to limited) does show up in the admin account.
If not, is it better to make my limited user account admin temporarily and install all applications that I want and then change back to limited?

 

Thanks sukarof - I'm trying to figure these questions out as well.

 

Just remember that you need at least 3 accounts total in order for this strategy to work.

• Your admin account (for installations, etc.) should never be used for browsing, since anything in the admin account can always access your online banking account (or any other account).
  
• If you browse/email in a second main account (LUA), then no infection here could access your online banking account, since no access from this account is permitted outside this account.
  
• Your third (online banking) account (LUA) is protected from the second browsing account because they are separated and denied access to any account outside themselves.

 

Hello Sukarof,

I advise to do installations of security softwares under your admin account and not the restricted one, even with "Run As". The reason for this is that I've witnessed "Run As" failing to install properly some applications. I think it will install fine let's say your FTP application, but not your antivirus.

I don't know if the reason for this is that the setup is given admin privileges but not sub-executables it may spawns or calls. I think that the Microsoft implementation of "Run As" is flawed somewhere. Just don't know where, how, and why.

If installed with your admin account, the security app will be installed for every account. As an example if I take Kaspersky, it updates fine under a restricted account because the update runs as "System" I reckon. If your antivirus runs with your account privileges instead, usually there is in the options the possibility to force the update using a particular account (you have to enter your admin account credentials in the antivirus options).

Do not change back your LUA into admin, simply switch to your admin account to install your security software. Usually, you have only to do it once.
About the destination folder, you can install them where you want, it works either in C: or any other partition.

Regards,
gkweb.

 

Thanks for the explanation gkweb I will do as you suggest.

Cheers