SRP method

Yes, it now makes sense. Also your two underlined points,

Virtualization does not apply to applications that are elevated and run with a full administrative access token.

Virtualization supports only 32-bit applications.


help out as well. The way Sadeghi described it you would have an empty %Program Files% directory.

 

x2

 

Executable files are not virtualized.

 

I went on a field trip to MSDN for a couple days. I did not see that noted anywhere. I didn't find if there is a list of approved filetypes to virtualize. I found lots of infos on what it is, and why it was made, but not much uber technical. Even the docs on how to implement and program for UAC didn't give this type of info.

Do you have any references? Seems I am about to enable UAC and dive into the dark waters of "prompt for elevation", "prompt for elevation", "prompt for elevation". LOL, as much as I am about to tweak and hack in testing, this is sure to be a slow experiment.

Sul.

BTW, ever mess with the virtualize flags on individual keys in HKLM\Software? Just wondering if there is any use to go down that path

 

From Inside Windows Vista User Account Control:

P.S. I haven't dabbled in the stuff in your last sentence.

 

I took the plunge. I installed Surun (on fresh set of windows) and used the SRP link that is in the first post of this thread.

I didn't expect not to be able to make a folder for Program files or not to be able to kill something in task manager. Will see, time wil tell.

 

The LUA isn't supposed to be able to make a folder in Program Files, that's an important part of the security plan. If you want to create files or folders in these areas, right-click in a blank space in the folder and from the context menu select "SuRun Explorer here". Then you'll get a new instance of Windows Explorer with elevated privileges (you'll see that the smiley in the tray is then red instead of green).

In the task manager you can only kill processes that you started as a limited user. You can get around this by opening the task manager and right clicking the title bar of the window and selecting "Restart as Administrator". Note that sometimes you have to try different places on the title bar before it shows in the context menu. Not sure if this is a bug or a feature

 

I was hoping to here from you, thanks for the tips.

If this is the way it supposed to be by design then I guess it's for good reason... not really a deal breaker.

Are you able to execute or install programs from the desktop, my documents?

I can and it puzzles me because with SRP your not supposed to be able to do that. Well, either way I know I'm much safer and that feels good. Actually, it's only been one day since this change and I'm already used to it so that means it stays. I don't mind change if the pay-off is good.

I can't believe how quick and easy it was to set up and no overhead from the changes.

I'm using Windows Vista Advanced Firewall, Emsisoft AntiMalware, Sandboxie for security. My system runs much better.

 

Right, the idea is that where you are allowed to execute something you aren't allowed to write, and this no-write privileges also applies to malware.

No, not unless I right-click it and select "Start as Administrator". I take it you set up SRP from the instructions in the link, from MechBgon. You might want to double check that you actually did the "Apply" part of his instructions. I can't think of any other reason why it isn't working right. Also be 100% sure that the SRP rules don't apply to administrators, otherwise you'll have headaches.

Another thing, just to be sure, open the settings for SuRun and on the last tab (probably called Advanced in English) make sure the box down at the bottom is checked that Administrators are the owners of files and directories created by admin-rights users (or something to that effect).

 

No, it's working the way it's supposed to. SuRun makes it so easy I forgot I was right clicking and "Start as Admin" and it didn't dawn on me.

I noticed if I need to install something and it has a windows installer with the silver wheel looking thing; it refuses to install even if I click "Start as Admin". Then the SRP kicks in and says I can't, so I have to then go to Admin account and install it from there.

If it's not a windows installer I'm able to install it through standard account.

Yes, I have that checked. Are we protected from keyloggers by SRP? I worry more about them than anything. I was thinking of buying a program if needed.

 

Yes - unless you installed them willfully with admin rights

 

That's nice to hear. SuRun really does make life easier with a limited account. Sounds like you've adjusted really quick.

Do you mean a .msi installation file? If so, when I right click these I have three choices, install, repair or uninstall as administrator.

tlu answered this question. Glad to see him participate in your thread, he knows much more about this.

 

Thanks However, I moved to Linux in the meantime and start Windows in Virtualbox only when I need it. Thus, SuRun has become a rather remote matter for me

@Rilla927: I suggest that you read the very good SuRun tutorial of our friend Mrk. And I've noticed that you already participate in the SuRun forum Kay Bruns, the SuRun author, is very helpful in solving any problems.

 

I've started using it and for the most part I like it but i'm back here to get help with it. So far it works great I don't notice any difference except that when I try to update SuperAntiSpyware or MalwareBytes the updates go through the documents and settings first and that's a place the software restriction policy wont let things run from, according to mechbgon things can only run from C:\program files & C:\Windows so both programs say the updates were successful but event viewer says otherwise. Also Yupdater from Yahoo Messenger won't start but the Yahoo Messenger still works good except I can't see the smileys they're all blacked out when running it from a limited account, the audibles work fine though go figure lol. Any help appreciated thanks.

 

I'm not familiar with these applications. It might be necessary to define new path rules as mentioned by mechbgon if they need executables to be started in Documents and Settings. It's also possible that they try to save/modify files in their c:\program files subdirectories (a bad behavior if this is the case) where you don't have write permission as a limited user - if possible only for specific files to be updated. Or you can start these apps with SuRun.

 

Yes I have and loving it.

 

Hi tlu,

I have gone over that with a fine tooth comb in order to install SuRun. I wanted to make sure I understood everything. I'm glad SuRun has a forum.
This little program is a god send

 

@SAustn2

It shouldn't bother the updates. My AV updates with out elevated priviliges. Now Malwarebytes is a different story cuz I use the free version. I right click and "Start as Admin" and hit update.

 

Now, I'm taking a closer look at all this, there maybe a bug. Why can I d/l a file to my desktop or my doc's. My AV program is running with full priviliges and it is not setup that way through SuRun. It's not even listed in SuRun. I can make any change I wish. I can lauch notepad with out a peep.

Take a look at this link
http://www.vistax64.com/vista-security/51354-software-restriction-policy-srs-problems.html

 

Hello tlu and Rilla,

I guess I assumed virus and spyware scanners downloaded their definition update files to the documents and settings area under application data and with a software restriction policy i was thinking the programs couldn't use them since they weren't located in program files or the windows directory.
And i think i made this more complicated than i should have . Your answers made it so clear and simple all I needed to do was either use SuRun which I don't know too much about or either just right click the program and run as administrator. Im still trying to get used to a limited xp account with that and admin. account, it feels like im trying to take care of 2 computers it was kind of confusing at first lol.
Thank you so much tlu and Rilla! Have a good one, SA

 

@SAustn

Do you have outbound rules made (in your FW) so your programs update okay? It gets easier, no worry; if you need help there are plenty of people around to help you. I'm just learning about this stuff too.

 

You can download to the desktop or My Documents because they're both in your user profile. You are allowed to write there, which is logical otherwise you would never be able to save any files. You can't execute them, however (assuming they are executable files) unless you right-click > Start as Administrator. You can launch Notepad because it's somewhere in %SystemRoot% where you are allowed to execute files. If you made a copy of Notepad and put it on your desktop or My Documents and it will execute, then yes, something is weird.

Which AV do you have? The important parts of AVs run as System. For example, when I update Avira or run a scan with it, the SuRun smiley turns into a stop sign with an exclamation point. That means it's running with System privileges. That's OK, it wouldn't be able to work properly in an LUA if it didn't.

 

I guess he didn't copy it to the desktop but created a link. This would work.

 

I would imagine this is the case since it appears that Rilla has everything else working properly.

BTW, I also use kafu.exe from heise online. Do you think this is redundant when using LUA & SRP?

 

Are there any file types we should add to the default Designated File Types list for SRP?