January 17th, 2004, 09:50 PM
Can a limited user account help sequrity?
Most viruses/trojans install in the background and make changes to system files and the registry.
So if I log on my pc at home as a user with a limited account is a way that I can avoid being hit by a virus/trojan that instals silent with changes in the system files and the registry, because I dont have the privilege to make all those changes?
And I'm talking for viruse/trojan that can come not only from a file inside a cd or from my pc but also from internet, you know irc, p2p, etc......
And if this is true, thats a good way to protect from beeing hacked or infected, isn't it?...
January 17th, 2004, 10:11 PM
Yes, using a less privileged account will definately help you avoid that. As long as you use a limited account for everyday tasks and scan everything you want to install with your antivirus you should be good to go. Took me a little while to get used to a limited account but now I wouldn't have it any other way.
January 17th, 2004, 10:16 PM
It will take you a while to get used to the limited features of a limited account but you'll come to realize that it's a smart idea.
I would recommend only using the administrator account when having to make system-wide changes or when you have to install a program that requires that the user have administrator rights.
Although the precaution may seem st00pid, it'll pay off in the future if, *by any chance*, you get some sort of malicious code stuck in your computer.
Happy BHH (Black Hat Hunting) and Happy WHH (White Hat Hacking)
January 17th, 2004, 11:05 PM
Also, using a limited user account, helps to increase system performance, because it loads fewer services than administrator's account, so you release system resources.
But my question is this.
The system changes are not allowed to be done from the user (you can't delet, change or modify registry or system files if your not the administrator)but a virus/trojan that runs and copies by itself, (you know not by the user's action) will still be stoped and not allowed to make system/registry changes by the system, because of the limited account rights?
January 17th, 2004, 11:51 PM
this will stop some but not all. some get in and operate with "system" privilages. you can not do one thing and consider your self safe. you need AV and Firewall software along with all the security tweaks you can find.
i really recomend downloading the cleaner. not to check for trojans so much but because it comes with a registry checker that does not allow unauthorized changes to the registry. even if you get the trial version the reg checker stays working even after the trojan cleaner expires
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
January 17th, 2004, 11:56 PM
Just to reinforce Tedob1 (not that he needs it, his suggestions are worth following), protecting the registry from changes is IMO very important. One other application I have had good luck with is regprot: http://www.diamondcs.com.au/index.php?page=regprot
It also prevents unauthorized changes to the registry. I have not tried the cleaner myself, but it is mentioned many times here, so I have to assume it does the job also.
January 18th, 2004, 06:42 AM
If you're using XP home, you also have a few accounts that need to be dealt with. Bring up a command line and type "net users". This will list all the accounts on the machine. You won't be able to delete "Administrator" or "Guest", but you can delete "HelpAssistant" and "Support"
Just type "net account %accountname% /delete"
Nest, Type "control userpasswords2" and change the name of "Administrator" to something that looks more like a basic user account name and change the password to a strong one (8 characters, alphanumeric and special characters). Do the same with "Guest". (yes, I know they are disabled, but that doesn't make them crackproof)
That will help lock it down a little more.
January 18th, 2004, 01:56 PM
Try hardening it up a bit?
http://www.analogx.com/ "Script defender" or: http://Keir.net/software.html "Scrip Trap"
These intercept attempt to run popular scripts (malware?) from where they should not
This is an AV providers site but they do specific protections for popular P2P software as well as free AV for Windows/Linux/DOS
This stuff is all free to private users at least.
Failing that, you could always try Viagra eye drops..............at least they would make your system "look hard"