October 13th, 2005, 03:18 AM
Reducing Browser Privileges
Interesting Security Focus review on a program that allow you to limit the priviledge of individual executables and their spawn.
Drop My Rights
Drop My Rights is an executable that accepts a path to your favorite program as a command-line argument. Consider for a moment that an administrator would want to run IE or Firefox in a more safe security context. The administrator would, in the case of IE, run the following command:
c:\path\to\dropmyrights.exe "C:\Program Files\Internet Explorer\iexplore.exe" C
This tells Internet Explorer to run at a reduced privilege level C, or "constrained user." This makes it so that if there is any sort of hole/vulnerability in IE or Firefox, the damage that can be done by an exploit is severely limited. The levels in this simple application are as follows:
* N for Normal User
* C for constrained user
* U for untrusted user - however, most Internet applications will fail
The important question is "does it work?" This can be answered with a few simple experiments. The idea is to test whether a system using this utility will be more protected than a system without this utility when browsing malicious websites.
It would be better for the Internet as a whole if users did not use their Windows web browsers with administrator privileges. Malicious viruses, spyware and Trojans are frequently installed through vulnerabilities in Internet-facing applications - either by visiting websites or by social engineering such as users clicking on malicious attachments in their email. However, due to the inconvenient and clumsy way of installing applications that require administrator privileges, many users continue to run as administrator. The easy use of DropMyAdmin can reduce the impact of a browser-based vulnerability and machine compromise, but it is still just one aspect of Least Privilege that administrators can use.
SecurityFocus::Mark Squire 2005-10-04
October 13th, 2005, 04:45 AM
We discussed this recently in another thread. While I really like the idea of DropMyRights and believe its probably a valuable app, I do take exception with this statement: "Consider for a moment that an administrator would want to run IE or Firefox in a more safe security context."
OK, so I will grant that an administrator may need to use a web browser on a system they are responsible in the course of their duties. But going to anyplace but a webserver they have complete and guaranteed control over is irresponsible. So while DropMyRights sounds like a good tool, I would question the practice of any serveradmin who logs in and access the web with an administrator account, if not necessary.
I think DropMyRights is probably much better suited to all of those folks who are local admins on their workstations, and refuse to work as a normal user and use 'runas' or switch accounts to an admin when necessary.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore