-
December 1st, 2005, 06:26 PM
#1
Reducing browser privileges!
I think this reading is really cool! I thought to share it with you!
Security companies and researchers have made careers out of identifying the latest bugs in Internet Explorer. While Microsoft has been relatively idle, the developers of Firefox have continued to add functionality and provide what was perceived to be more secure code. The story doesn't end there, though. The past six months have seen major vulnerabilities in Firefox too, and its adoption has slowed. Some people are beginning to question the wisdom in switching to another browser that is possibly just as insecure as IE.
Meanwhile a simple yet little-known approach exists for users to avoid many of these vulnerabilities in any web browser. It is a novel tool called "Drop My Rights," created by Microsoft's Michael Howard. While it was released last year and is very simple to use, it has not gained popularity despite all the vulnerabilities found in IE, Firefox, and various email applications. Therefore it's important to understand why such a tool is needed before looking at the tool itself. We'll test it in a virtual machine environment against various websites known to install spyware or viruses and look at the results.
Full-length Article
\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster
-
December 1st, 2005, 08:44 PM
#2
Do we preach what we practice?
Hmmm, this keeps cropping up. :wink:
No worries. And my point still stands, relatively unchallenged (and unanswered.) Is it better security practice / principal to:
[list=1][*]endorse and recommend a product to lower (drop) the rights of an application so that, if the application is compromised, the users Admin/root/priviledged credentials are less likely to be subverted?
[*]endorse that we all stop using accounts with elevated priviledges for common use of non-administrative or priviledged functions, thus negating a large portion of the risk from this hypothetical compromise?[/list=1]
Discuss amongst yourselves while I take a brief reprise.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
December 2nd, 2005, 02:01 AM
#3
Well... lemme play devil's advocate here... IE has always had this ability through the use of group policies (on applicable Windows versions.) In fact, the group policy approach is better than just strait privledge modification due to the fact that it is a bit more granular.
You have always had the privledge lowering option through "Run As" no matter what browser you ran.
Why are you using the administrator account anyway?
-
December 2nd, 2005, 07:40 AM
#4
To expand upon d0pp's points--
If Windows had a sane [ read "Unix-like" ] user administration system then most of these problems would be relatively moot.
There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.
An ideal system would be where you have a specific account for web browsing only, and all that anyone could possibly exploit would be whatever you've downloaded while on the account. You could put your downloads into a shared folder of some kind, and use another account on the machine to do your actual work.
However, on an OS that doesn't allow complete multi-user sessions [ as in, more than one user accessing the system at the same time...don't fool yourself; I've not yet seen a practical way of doing this with XP... ] this becomes quite cumbersome.
Got Root?
This user powered by Linux.
-
December 2nd, 2005, 10:54 AM
#5
Originally posted here by KublaiKhan
There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.
It's the software's fault NOT window's...
Oliver's Law:
Experience is something you don't get until just after you need it.
-
December 2nd, 2005, 11:01 AM
#6
KublaiKhan... for this point forward I forbid you from discussing computer security issues. To say you have flawed assumptions is like saying the Pacific Ocean is moist.
Seriously though... no more security answers until you ask and have answered a lot more security questions.
If Windows had a sane [ read "Unix-like" ] user administration system then most of these problems would be relatively moot.
I think you'll be hard pressed to find anyone on the planet that thinks the idea of a superuser account is a good one. This is perhaps the most frequently discussed weakness of the traditional UNIX system.
The Windows method of account structures makes far, far more sense. Accounts have no power that isn't controlled by the security policy. As opposed to normal users who all have the same privilieges and then a superuser account that doesn't even use permissions.
There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.
No, they are the same reasons why so many new UNIX/Linux users spend all day as root. Because they are lazy... they don't like the occasional hassle of errors while installing new applications and since this happens frequently while first using a system (codecs, browser extensions, etc) they make a habit of it. I can't think of a time I've ever had an application break when run as a normal user saving for of course applications that do things normal users ought'nt be doing.
An ideal system would be where you have a specific account for web browsing only, and all that anyone could possibly exploit would be whatever you've downloaded while on the account. You could put your downloads into a shared folder of some kind, and use another account on the machine to do your actual work.
This is pretty much how all the Windows 2000 systems at companies I've been employed for work (My home systems as well) and this is directly related to one of my "My Problem with Linux Questions" posts.
However, on an OS that doesn't allow complete multi-user sessions [ as in, more than one user accessing the system at the same time...don't fool yourself; I've not yet seen a practical way of doing this with XP... ] this becomes quite cumbersome.
The simplest way to do this is to create a shortcut for the application that you want to run as a different user and on the properties of the shortcut click the "Run as" check box. Not complicated... naturally you can do more advanced things like alter the permissions on the original application file to prevent users from ever launching it under their credentials.
cheers,
catch
-
December 2nd, 2005, 05:11 PM
#7
Why are you using the administrator account anyway?
Are you asking us or are you asking those people out there
in the real world? Here in the (somewhat) rarified atmosphere
of (ahem) educated users, yeah, anyone surfing as admin should
be slapped. I admit, when I first installed Linux, I spent some time as
root before disciplining myself, but most newbies do that for a while.
The problem is that Microsoft Windows has evolved from being a single
user OS into what it is today, while users haven't even been informed
that there is such a thing as a user account. They surf as admin
because that's what they did on Win98.
Try telling your G/F B/F husband wife or mom that they should create a user account.
What's that blank stare? Is she daydreaming? People need to be educated about this.
A lot of it is laziness. Hell, I'm lazy. I gotta have a reason to change my habits.
Knowledge doesn't come to me in my sleep. People go out and buy new PCs
and send Johnny or Suzy off to school where they can hook up to those
fast college networks. They magically know how to download and
install a P2P app, but, create a user account? That's an alien concept.
When is M'soft going to include a nice video intro to this concept? Say, on first boot
Ballmer appears on screen to walk you through it, instead a lot of fluff about
what a nice "experience" you're gonna have with Windows.
I came in to the world with nothing. I still have most of it.
-
December 2nd, 2005, 05:44 PM
#8
When is M'soft going to include a nice video intro to this concept? Say, on first boot
Ballmer appears on screen to walk you through it, instead a lot of fluff about
what a nice "experience" you're gonna have with Windows.
Actually WinXP Home has already stepped in this direction. It asks for a password for the Administrator but then it asks you to set up the users. Upon login it doesn't show the user the Administrator option - you have to go to safe mode for that. XP Pro is assumed that the user is either savvy enough to know about the dangers of Admin or that a tech person is setting the box up for a regular user.
So it's not all bad news.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
December 2nd, 2005, 08:34 PM
#9
Originally posted here by SirDice
It's the software's fault NOT window's...
It's both, really. Yes, the software manufacturer ought to write it so that the software does not *need* to be run from an admin account.
However, I hardly think that Microsoft is entirely innocent from blame--there is entirely too much in the way of badly-written software out there. I've a sneaking suspicion it could be on account of a certain closed-mouthedness on Microsoft's account as to how to perform certain essential functions as a regular user, rather than the assumed single-user model that's been 'good enough' since Ye Olde Arcane Dayes of MS-DOS [ may it rest in pieces ].
KublaiKhan... for this point forward I forbid you from discussing computer security issues. To say you have flawed assumptions is like saying the Pacific Ocean is moist.
Seriously though... no more security answers until you ask and have answered a lot more security questions.
I'll excuse you for not knowing who I am. Ask some of the older people. They'll vouch for my credentials.
quote:
If Windows had a sane [ read "Unix-like" ] user administration system then most of these problems would be relatively moot.
I think you'll be hard pressed to find anyone on the planet that thinks the idea of a superuser account is a good one. This is perhaps the most frequently discussed weakness of the traditional UNIX system.
The Windows method of account structures makes far, far more sense. Accounts have no power that isn't controlled by the security policy. As opposed to normal users who all have the same privilieges and then a superuser account that doesn't even use permissions.
In my experience, with a properly crafted set of user groups, and judicious application of chgrp, chown, and a proper understanding of how exactly unix file permissions work, the end result is far more secure than Windows ever could be.
And if a "Superuser" account is such a bad idea, whyfore does Windows have "Administrator"? That's just a misspelling of "root". *wink*
All jocularity aside, a security policy ought to be something developed for each specific case--not a fiat handed down from your software manufacturer.
quote:
There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.
No, they are the same reasons why so many new UNIX/Linux users spend all day as root. Because they are lazy... they don't like the occasional hassle of errors while installing new applications and since this happens frequently while first using a system (codecs, browser extensions, etc) they make a habit of it. I can't think of a time I've ever had an application break when run as a normal user saving for of course applications that do things normal users ought'nt be doing.
I myself have spent a grand total of....let's see. Maybe six hours total in the root account, over my various years of using 'nix based systems.
What I was referring to was admittedly a slightly-out-of-date copy of StarOffice which would throw up an error and die in a normal user account, but would run normally with admin privleges. Puzzled me slightly for a while as to why it didn't work.
However, if you're pointing the finger at laziness and user-error, might I point out to you the vast majority of end-users who display those symptoms regularly on *all* platforms? I admit, Microsoft does seem to give a sort of half-effort towards setting things up to prevent the effects of user laziness--but it's still no substitute for a properly-administrated box.
quote:
An ideal system would be where you have a specific account for web browsing only, and all that anyone could possibly exploit would be whatever you've downloaded while on the account. You could put your downloads into a shared folder of some kind, and use another account on the machine to do your actual work.
This is pretty much how all the Windows 2000 systems at companies I've been employed for work (My home systems as well) and this is directly related to one of my "My Problem with Linux Questions" posts.
Great. Good for you. You've got a clue; have a cookie.
This still does not change the fact that there are a great deal of other companies, and thousands more users out there, that do not take these precautions.
quote:
However, on an OS that doesn't allow complete multi-user sessions [ as in, more than one user accessing the system at the same time...don't fool yourself; I've not yet seen a practical way of doing this with XP... ] this becomes quite cumbersome.
The simplest way to do this is to create a shortcut for the application that you want to run as a different user and on the properties of the shortcut click the "Run as" check box. Not complicated... naturally you can do more advanced things like alter the permissions on the original application file to prevent users from ever launching it under their credentials.
cheers,
catch
That still doesn't address my fundamental point--I want to be able to have multiple accounts running simultaneously. Windows does not allow me to do this.
And I'll only be cheerful after I've had my coffee.
Got Root?
This user powered by Linux.
-
December 2nd, 2005, 08:45 PM
#10
I'll excuse you for not knowing who I am. Ask some of the older people.
Dad?????
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|