Running LUA conveniantly on XP with no extra software

Discussion in 'other anti-malware software' started by Kees1958, Oct 25, 2009.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    On Vista MS provided UAc on Win7 this even has improved with a sensitivity slider. So this is for XP Home users.

    To start with an open door statement (nothing new, just a fact), the less extra code you add to your setup, the less software error intrusion breaches and incompatibilities you will experience.

    Examples
    a) see the change log of Surun, http://translate.google.com/transla...active&ie=UTF-8&oe=UTF-8&prev=/language_tools
    b) see post on conflict Sandboxie and Comodo, https://www.wilderssecurity.com/showthread.php?t=256546

    Surun is really the easiest way to do it, , see for Surun setup http://www.dedoimedo.com/computers/surun.html.

    Making XP convienantly /upgrading it secuirty wise to XP Pro with registry hacks

    But for purists who dislike adding extra code/hooks etc you can sort of achieve simular things with software providing registry hacks like

    - Pretty Good Security: adds XP Pro Softeware restriction Policy to XP Home
    http://mrwoojoo.com/PGS/PGS_index.htm
    - Fajo XP File Security Extension, adds XP Pro security tab to XP Home
    http://www.fajo.de/portal/index.php?option=content&task=view&id=6
    - Registry hack to allow to use Run as .. . for window installer packages
    see picture and added text file. Save txt file as .reg file and double click to change.


    By the way this last registry hack, shows where MS comes from, providing a run as, only exclude MSI packages by default. See also the official MS
    workaround (see http://support.microsoft.com/kb/259459), so count your blessings with an 'user friendly' UAC all Win7 users
     

    Attached Files:

    Last edited: Oct 25, 2009
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Before creating your LUA user, make sure you scheduke a task for your AV update (I use A2 free on demand), see A2CMD example below.

    After you have created the LUA user, remove the rights to read extra info of this scheduled task (some paranoids are afraid, malware can read the admin password stored in a task).
     

    Attached Files:

    Last edited: Oct 25, 2009
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Also make sure the porgrams you use most are stored in some convienant access; most control applets can be executed directly, same with most windows utils. Just crate a short cut:

    Some examples, I use

    %SystemRoot%\system32\wupdmgr.exe (windows update)
    %SystemRoot%\system32\cleanmgr.exe (disk cleaner)
    %SystemRoot%\system32\Restore\rstrui.exe (set restore point/recover)

    When I double click those short cuts, I start run as with this process.

    Regards Kees
     

    Attached Files:

    Last edited: Oct 25, 2009
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  5. reinwald

    reinwald Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    54
    Location:
    Philippines
    I think there are a few here at Wilders that use XP Home like me so thanks for posting this Kees..

    So in short your suggesting us (XP home users) to add

    1. PGS
    2. Fajo
    3. the last one i don't somewhat understand.. what is the registry entry for "run as"?
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    On XP you have the run as command (right click on an executable).

    Stupid thing MicroSoft did was, that run as was not possible on MicroSoft installers *installation programs with .MSI at the end, e.g. example.msi)

    With this registry hack, you are allowed to do that, run an MSI installer with different rights using Run As.

    The text file provided has 'Run as ...' in English, just change this text to your native lamguage when you have a native language version of XP (e.g. in Dutch it would show (in red the Dutch text for "Run as ...")

    Open th etext file, change Run as to native text when applicable, save the file as .reg (e.g. runas.reg). When you double click the file, you first get a pop-up (choose ok), after this hack (and re-boot) you can run MSI installers with different rights (credentials).

    Cheers Kees
     
  7. reinwald

    reinwald Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    54
    Location:
    Philippines
    weird that not much people replied here.. i've been reading about LUA and SRP etc but usually its more directed to XP Pro..

    who else has tried these PGS and Fajo?
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well at least Sully, Tlu, Lucy, Zopzop besides myself :)
     
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,129
    Location:
    USA
    .
    This is great work, but it is also a serious descent into geek space :D Now, if you can create a GUI front-end where the user can just check a few boxes to do all this you would have a marketable utility IMHO.
     
  10. _kronos_

    _kronos_ Registered Member

    Joined:
    Dec 8, 2008
    Posts:
    126
    This is obviously a good solution, but RunAs command is not the best way to execute as administrator.

    If you run some programs as administrator, and they write something in the local user folders (that executed them, so administrator), your user account can not read that files.

    For this reason SuRun is actually one of the best solutions, cause it gives you the option to elevate your account to an user-group that has administrator rights (not to make admin execute files for you).

    Regards
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yep, do not choose to protect your own data. Most software behaves nicely, nowadays, so you do not have to take ownership much.


    Agree as said in the first post Surun is the easiest, but Surun adds code to your OS (as mentioned in Surun it had a security breach also. e.g, Windchild is opposied to adding extra code with its own software errors in it. This is a 'purist' solution for less risk surface and less potentially code to be intruded,

    Regards Kees
     
Loading...
Thread Status:
Not open for further replies.