-
February 2nd, 2004, 11:37 PM
#11
It is possible to spawn a process that will run at a higher privelaged user....a good example running Symantec's Live Update as a restricted user giving that user access to a command line that runs with System privelages. The only real way to defend against this type of thing is to keep all software patched and updated and log certain types of events.
EDIT: Cool....275! I'm addicted!
Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.
-
February 3rd, 2004, 01:46 AM
#12
Member
Even though IE essentially isn't highly configurable, it is enough. You can stop scripts from running, ActiveX etc. However, i know when Win95 and Win98 were new, Micro$oft had IE running as the system's shell, basicly a GUI for the system. However, i dont know if this is the case for Win2000 and XP. If anyone knows, get back to me, plz?
-
February 3rd, 2004, 02:58 AM
#13
Windows 2000 and XP are based upon the Windows NT system architecture. As such, the only processes that run under the context of System are core operating processes and applications that run as a service that are set to run under the Local System account. Not even the GUI shell (explorer.exe) runs under the context of System.
Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.
-
February 3rd, 2004, 04:52 PM
#14
Senior Member
Now, this is something I tried.
I have used runas command to start IE as some different user. And I couldn't even save a picture from a webpage... Great way to stop some kinds of spyware and malicius javascripts...
but I still visit windows update at least weekly
Ikalo
------
Make your knowledge your deadliest weapon.
-
February 3rd, 2004, 06:51 PM
#15
For windows95,98, me, the person you were originally talking to is correct... But he is only correct as there is no way to login with a less restrictive account. In those particular operating systems you are always logged in with full privileges. This is not a bug or a flaw, the OS is not designed to allow different users or segmentation of privileges, the functionality just doesn't exist.
Now with any OS based on the NT kernel, Catch is 100% correct that running IE as something other than admin resolves almost all flaws that resolve around IE automatically running scripts/virii etc...
Ikalo- You were probably trying to save the files into a directory that you did not have permissions to save them in. I use run as all the time and never have issues saving files.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|