SuRun: Easily running Windows XP as a limited user

I'm not familiar with EQS but I guess that you get these alerts as SuRun is using hooks. Can't you define SuRun in EQS as trusted application?

Yes, I like that, too.

 

Thanks, Cosmo, for these additional explanations!

Neither have I, and I'm using SuRun in XP Pro and both XP Home and Vista Ultimate running in Virtualbox VMs although with a faster CPU and a little bit more RAM

 

I set every setting to Ignore in all 3 Protection Modes but i narrowed it down to the Application Protection section where i selected ignore and no logs there too, but i am still right now still going over this with a fine tooth comb.

If no joy, then it's EQS itself because like i said Styler does the same exact thing only i can close Styler but i don't dare close SuRun.

Also tlu, a few time i selected to do something in my SuRunners account but it said i needed to add a valid password. To be honest i installed over my Admin account but didn't get a prompt to enter a password for my SuRunners Account. Can this be changed at all without having to start over again? Maybe a command line or something, anything where i can change or add a new password to my SuRunners account.

Or must this or can it be done via the Admin account.

You're a great help in this, thanks.

 

I don't know EQS either, but I think, that is the trouble with all HIPS and HIPS-alike programs: The user has to answer a question or make decision, which he cannot answer or we he does not have the needed information for a trustworthy decision. Either the software is closed software, than the user does not get the source code, and even if it is open source (as surun) it would be a pain (if doable at all) to check the source code before continuing the work.

Regarding the password. The new version of Surun has added the functionality to check, if there is an account on the machine with admin privileges, that has no password set. (The pre-definded account called "Administrator" is typical for that.) This is a security hole and Surun gives a warning; this warning can be adjusted on the general page of the surun settings. Further more you cannot use an Admin-account without password to add an user to the surunner-group. Probably you mean the demand for the password of the surunner. This password is not really necessary; you can continue by leaving the password open. But I think, it is not a good idea, to have an account without a password; especially, if this account is an unlimited surunner-account (i. e. may configure surun), because with this anybody(!) can use this account and get unlimited control over the machine.

 

have just installed SuRun for the first time. looking in all programs I found an old reference to an old program. Previously I would simply have deleted the link. Now it seems I have to log on as admin to delete ? is this correct ?

everything else seems find so far - but I do run very simple machines without security software that might conflict. Interesting program

 

Long View,
From your post, I have the impresion that you view SuRun as a security software. It isn't that.
Feel free to correct me.

Does SuRun now have a heuristic analysis akin to the one in UAC? That would be fantastic to say the least.

 

None of you need worry about EQS, thats my baby to spank and it really doesn't apply anyway in any form to SuRun because all EQS is confirming anyway is that SuRun is doing it's job. LoL

And besides if you want to educate yourself on what's going on with your system that's another plus running a HIPS, and making correct decisions are not so difficult if you value your machine's interactions, which most users couldn't care less anyway. Today's world expects a do-it-for-me auto approach and i'm equally in support of automated protection myself, but it as of yet just doesn't exist and won't untill someone gets their paws on microsoft's Windows full chart & blueprint

Back OT: SuRun is doing beautifully so far and is surpassed both previous versions without the issues that cropped up before.

 

lucas1985,

While you're technically correct, I do tend to view SuRun as security related in that LUA becomes sufficiently painless with SuRun in use that LUA is actually a useable and viable general approach to aid in securing a system.

I realize that many have profitably used LUA over the years, but I personally experienced too many conflicts in a general pool of applications for it to be an unqualified recommended approach.

Blue

 

I'm not really sure what SuRun is. Shadow Protect has now restored my pre SuRun image. I did notice that 700+ registry entries were seen as no longer required by Reg cleaning programs and that the program stopped me making various changes to the system. I tend to view security as an attitude of mind and a way of behaving with actual programs being of less importance. So yes - I would see SuRun as a security program in much the same way as I see Shadow Protect and Returnil as Security programs. Certainly I see them as potentially being of more practical use than many of the more traditional solutions.

 

See Blue's post above yours
LUA provides the security (as experimented by you when you tried to do system changes). SuRun was developed to overcome LUA's annoyances, most of which are the result of bad programming practices (you need admin privileges to install hardware, make system changes and update applications but you shouldn't need admin rights to write a document or print a paper) while leveraging LUA security.
Microsoft provides a solution to this (the "Run As" command) but it's insecure (malware can snoop the password when you enter it to elevate rights) and it doesn't work well.
You can see SuRun as an UAC clone, enabling you to work safely under LUA while prompting for admin credentials when needed (example: installing a service, modifying system files/settings, etc) and running problematic/badly coded apps always with admin rights.
Without SuRun, each time you need admin rights you have to switch to an admin account (and the objects created will belong to the admin, not you) or resort to the half-working "Run As" command.

 

Security in the form of dividing between an account for managing the system and others for daily work is a concept, not invented by Microsoft, but used for the NT-branch; IMO it is the best security concept that is known today.

The problem is, that this concept brings some problems (I speak about Windows here). At first there are OS-functions, which must be used with elevated rights, otherwise the concept would break. But it is in many cases not necessary and not advisable to use them with a user's context, where all rights are elevated. At second there are (mostly badly coded or old programs, that cannot be replaced out of one or another reason) applications, that do not work correctly with limited rights.

To solve this situation the user needs a tool to get around this problem. Microsoft has the RunAs-tool, but it has limitations. One limitation is the design, it is really not conveniently to use and it does not solve all problems with restricted rights. Especially running programs, that need elevated rights, produce new problems if they get started via Runas, because they do now work in the wrong user's context. E.g. a document that you create on the usual place (My Files folder) is unreachable for the user, who actually has created it.

Now comes Surun. It is a tool, which helps out of this situation, as it elevates the rights but leaves the user in his own context. In addition to that it has some more features, to make working with it more comfortable. IMO it is not a security software, as the security aspect is the concept of separated accounts. But it supports security, as it gives the possibility to use the security concept without the restrictions it implies. (To be more precise, Surun reduces security if wrongly configured. For example: Leaving a unlimited Surunner without a password for the account makes the system open for anybody with no restriction at all, who is able to get in physical contact with the machine. But this reduction is not a problem, if the configuration is made appropriate.)

Saying that I would conclude, that using the security concept of LUA in conjunction with Surun beats every security software whatsoever. Every software (also security software) can have flaws, can get compromised by other software, may not start correctly and so on. The concept of limited users on a NTFS-formated disk does not have the problem. Following this it is superior, and in addition to that it does not cost valuable resources (which the user has payed with a faster CPU, more RAM a.s.o.).

 

My Bad

When you make changes in SuRun like add files etc; make sure immediately LOG OFF and then back ON for results.

I think that's what happen because all is working now so far after LOG OFF. It even suggests as much (Duh Me)

This is for anybody who suffers from involuntary reflexes to see immediate results after changing a setting

 

For those of you running EQSecure HIPS with this newest SuRun i have a tidbit for you to save you from racking up a ton as in many MB's of logs.

Just go to Applications Settings, Application Rules, then Default Group and find SuRun. Highlight it and where or if PERMIT is showing as Modifying Memory of Other Processes and click on Log to change it to No Log and it will stop logging SuRun's activity every microburst of every second

EQS looping log issue solved!

 

On To Next Issue

I use the Control Panel Applet OR the tray icon to enter settings, and select a program to run as Admin all the time, works OK, i guess.

But for the life of me contrary to previous versions, i can't use the start as Admin at all and have to resort to Run As Admin to launch some programs because it denies access, and with the SuRunners (Users) Group showing, the password box is blank and i don't have any because it never asked for one in the first place?

Any technical help would go a long way in solving this mystery so please offer some advice.

If i get that context menu Start As Admin working then it's pretty much done as far as i can tell.

Thanks In Advance and forgive us newbies of this app for mistakes or oversights that might have escaped us. I like to know it's no bug but a user miscue.

EASTER

 

Is there a password set for the account?
If not, surun asks you only the first time after calling "start as admin", there you leave the password field entry.

Now to solve your problem (hope, I understood it correctly): Open the general page of the surun and uncheck the option to store the passwords. After that you should get asked for the user's password the next time you start anything as admin - but only in case, there does a password exist for that account. Later - when your problem is solved - you can check this option again, because now you will be asked for this password every time you start anything as admin.

If this does not help go the surun options again and remove this account from the surunner-group. Log off and log again. Now start anything as admin, you will be asked for an admin account and it's password before you get added to the surunner-group again and after that you will be asked for the password for the surunner; if the account does not have a password, leave it empty.

HTH

 

Thanks Cosmo 203

I know it has to be me and not SuRun, because this version is exciting in that it makes up for any of the limitations of the previous 2 and personally i really admire the effort that went into this, a very useful and additional safety mechanism indeed, and i normally don't even bother with LUA accounts, but this is just too good to resist.

I'll try out your suggestions for certain today.

EASTER

 

New version of SuRun working A-OK for me here this time so far. I didn't set things up with a SRP this time. I found it too restrictive. I have Defensewall installed to that will isolate anything and also I can use it to prevent access to my Documents and Backup drive.

 

SRP ?

 

Software Restriction Policy, see Software Restriction Policy vs Antiexecutable, particularly here.

Blue

 

Thanks Blue - Atrophy for computers ? I think I'll give this one a miss.

 

Long View,
How many executables do you have outside of Program Files and Windows directories?
A simple SRP

 

This version of SuRun has an easter egg, at least for me. Whenever i try to save an internet image to system, it saves it alright to folder but conceals it from viewing with a WARNING if you try to open that folder. However, enter the Admin account and whatta ya know, there they are.

 

Perhaps I have misunderstood then ? The bit I didn't like was "my limited account can only save new files in this folder"

If SRP does not restrict ? I suppose I should take a look - but never having been bitten means I lack a certain motivation.

 

A standard/limited user doesn't have write permissions to certain folders (mainly Program Files and Windows) and registry hives. Each limited account has its own registry hive and folder to save documents and settings.

That example of SRP (together with LUA) restricts execution rights to some folders where your programs reside (Program Files and the Windows folder). It works this way:
- Program Files and Windows have read and execution permissions. Your apps will run fine, but malware can't modify them (no write permissions thanks to LUA)
- User folder has read and write permissions. You can open, read and save documents, app settings, downloads, etc, but malware (and downloaded installers) can't execute (no execution permissions thanks to SRP)
Free, built-in into Windows, no resource consumption, strong security
When you need admin privileges (write permissions to Prog. Files and Windows, access to kernel, etc) to install updates, to install hardware, to modify system settings, etc, you need to elevate rights. Here SuRun comes to the rescue, providing an easy-to-use, safe approach like sudo in Linux.

I understand

 

OK

Let me get this straight since we are working totally blind here with SuRun without a HELP file and screenshots for a guide.

I tried the above method and the results are still the same.

The old versions allowed the USER=LUA to Start As Admin any application with elevated rights, this version absolutely rejects that policy cold. Furthermore, when installed in an existing Admin account like i do you absolutely MUST add files to the so-called elevated permissions lists or you get a denied.

It never once asked me for a USER=LUA password and so i am to assume thats by design because it goes on to mention you must start this application with Admin rights, hence the RUN AS and scroll to your Admin account, then all is well to start up any app.

I do have a BAD bug in this version: Every single time i either click the tray icon (green) or go to Control Panel to make changes i click APPLY then SAVE while still shaded, and therein the machine locks up tight refusing to allow the user to LOG OFF and back ON as suggested.

I MUST HAVE RESET/REBOOTED DOZENS OF TIMES OR MORE JUST TO REFRESH THE SAVINGS/CHANGES AFTER MADE IN THE SURUNS SETTINGS, (annoying) dEFINITE bug!!! fREEZES SCREEN ENTIRELY.

This is what i found so far. I'm not in the least bit put off by these issues becuase as-is at least the SuRunners USER group maintains depreciated permissions throughout unless you choose RUN AS, also it;s clear that this is still a work in progress yet and theres some more that needs done to fix these problems.

BTW, it is IMPOSSIBLE for me to ADD another SuRunner to the group because it refuses to accept anymore.

The upside is that at least i can Log over to Admin account to see what what was copied because in LUU via SuRunners nothing whatsoever like a simple photo file even shows up untill i transfer over to the Admin Group, and again, perhaps thats also by design.

Just some experiences i feel necessary to bring out from what found so far.

EASTER