Page 1 of 4 123 ... LastLast
Results 1 to 10 of 38

Thread: Reducing browser privileges!

  1. #1
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912

    Reducing browser privileges!

    I think this reading is really cool! I thought to share it with you!

    Security companies and researchers have made careers out of identifying the latest bugs in Internet Explorer. While Microsoft has been relatively idle, the developers of Firefox have continued to add functionality and provide what was perceived to be more secure code. The story doesn't end there, though. The past six months have seen major vulnerabilities in Firefox too, and its adoption has slowed. Some people are beginning to question the wisdom in switching to another browser that is possibly just as insecure as IE.

    Meanwhile a simple yet little-known approach exists for users to avoid many of these vulnerabilities in any web browser. It is a novel tool called "Drop My Rights," created by Microsoft's Michael Howard. While it was released last year and is very simple to use, it has not gained popularity despite all the vulnerabilities found in IE, Firefox, and various email applications. Therefore it's important to understand why such a tool is needed before looking at the tool itself. We'll test it in a virtual machine environment against various websites known to install spyware or viruses and look at the results.

    Full-length Article
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  2. #2
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Do we preach what we practice?

    Hmmm, this keeps cropping up. :wink:

    No worries. And my point still stands, relatively unchallenged (and unanswered.) Is it better security practice / principal to:
    [list=1][*]endorse and recommend a product to lower (drop) the rights of an application so that, if the application is compromised, the users Admin/root/priviledged credentials are less likely to be subverted?
    [*]endorse that we all stop using accounts with elevated priviledges for common use of non-administrative or priviledged functions, thus negating a large portion of the risk from this hypothetical compromise?[/list=1]

    Discuss amongst yourselves while I take a brief reprise.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  3. #3
    Banned
    Join Date
    Jun 2005
    Posts
    445
    Well... lemme play devil's advocate here... IE has always had this ability through the use of group policies (on applicable Windows versions.) In fact, the group policy approach is better than just strait privledge modification due to the fact that it is a bit more granular.


    You have always had the privledge lowering option through "Run As" no matter what browser you ran.


    Why are you using the administrator account anyway?

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    118
    To expand upon d0pp's points--

    If Windows had a sane [ read "Unix-like" ] user administration system then most of these problems would be relatively moot.

    There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.

    An ideal system would be where you have a specific account for web browsing only, and all that anyone could possibly exploit would be whatever you've downloaded while on the account. You could put your downloads into a shared folder of some kind, and use another account on the machine to do your actual work.

    However, on an OS that doesn't allow complete multi-user sessions [ as in, more than one user accessing the system at the same time...don't fool yourself; I've not yet seen a practical way of doing this with XP... ] this becomes quite cumbersome.
    Got Root?



    This user powered by Linux.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by KublaiKhan
    There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.
    It's the software's fault NOT window's...
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Banned
    Join Date
    May 2003
    Posts
    1,004
    KublaiKhan... for this point forward I forbid you from discussing computer security issues. To say you have flawed assumptions is like saying the Pacific Ocean is moist.

    Seriously though... no more security answers until you ask and have answered a lot more security questions.

    If Windows had a sane [ read "Unix-like" ] user administration system then most of these problems would be relatively moot.
    I think you'll be hard pressed to find anyone on the planet that thinks the idea of a superuser account is a good one. This is perhaps the most frequently discussed weakness of the traditional UNIX system.
    The Windows method of account structures makes far, far more sense. Accounts have no power that isn't controlled by the security policy. As opposed to normal users who all have the same privilieges and then a superuser account that doesn't even use permissions.

    There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.
    No, they are the same reasons why so many new UNIX/Linux users spend all day as root. Because they are lazy... they don't like the occasional hassle of errors while installing new applications and since this happens frequently while first using a system (codecs, browser extensions, etc) they make a habit of it. I can't think of a time I've ever had an application break when run as a normal user saving for of course applications that do things normal users ought'nt be doing.

    An ideal system would be where you have a specific account for web browsing only, and all that anyone could possibly exploit would be whatever you've downloaded while on the account. You could put your downloads into a shared folder of some kind, and use another account on the machine to do your actual work.
    This is pretty much how all the Windows 2000 systems at companies I've been employed for work (My home systems as well) and this is directly related to one of my "My Problem with Linux Questions" posts.

    However, on an OS that doesn't allow complete multi-user sessions [ as in, more than one user accessing the system at the same time...don't fool yourself; I've not yet seen a practical way of doing this with XP... ] this becomes quite cumbersome.
    The simplest way to do this is to create a shortcut for the application that you want to run as a different user and on the properties of the shortcut click the "Run as" check box. Not complicated... naturally you can do more advanced things like alter the permissions on the original application file to prevent users from ever launching it under their credentials.

    cheers,

    catch

  7. #7
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    Why are you using the administrator account anyway?
    Are you asking us or are you asking those people out there
    in the real world? Here in the (somewhat) rarified atmosphere
    of (ahem) educated users, yeah, anyone surfing as admin should
    be slapped. I admit, when I first installed Linux, I spent some time as
    root before disciplining myself, but most newbies do that for a while.

    The problem is that Microsoft Windows has evolved from being a single
    user OS into what it is today, while users haven't even been informed
    that there is such a thing as a user account. They surf as admin
    because that's what they did on Win98.

    Try telling your G/F B/F husband wife or mom that they should create a user account.
    What's that blank stare? Is she daydreaming? People need to be educated about this.
    A lot of it is laziness. Hell, I'm lazy. I gotta have a reason to change my habits.
    Knowledge doesn't come to me in my sleep. People go out and buy new PCs
    and send Johnny or Suzy off to school where they can hook up to those
    fast college networks. They magically know how to download and
    install a P2P app, but, create a user account? That's an alien concept.

    When is M'soft going to include a nice video intro to this concept? Say, on first boot
    Ballmer appears on screen to walk you through it, instead a lot of fluff about
    what a nice "experience" you're gonna have with Windows.
    I came in to the world with nothing. I still have most of it.

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    When is M'soft going to include a nice video intro to this concept? Say, on first boot
    Ballmer appears on screen to walk you through it, instead a lot of fluff about
    what a nice "experience" you're gonna have with Windows.
    Actually WinXP Home has already stepped in this direction. It asks for a password for the Administrator but then it asks you to set up the users. Upon login it doesn't show the user the Administrator option - you have to go to safe mode for that. XP Pro is assumed that the user is either savvy enough to know about the dangers of Admin or that a tech person is setting the box up for a regular user.

    So it's not all bad news.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Senior Member
    Join Date
    Sep 2001
    Posts
    118
    Originally posted here by SirDice
    It's the software's fault NOT window's...
    It's both, really. Yes, the software manufacturer ought to write it so that the software does not *need* to be run from an admin account.

    However, I hardly think that Microsoft is entirely innocent from blame--there is entirely too much in the way of badly-written software out there. I've a sneaking suspicion it could be on account of a certain closed-mouthedness on Microsoft's account as to how to perform certain essential functions as a regular user, rather than the assumed single-user model that's been 'good enough' since Ye Olde Arcane Dayes of MS-DOS [ may it rest in pieces ].

    KublaiKhan... for this point forward I forbid you from discussing computer security issues. To say you have flawed assumptions is like saying the Pacific Ocean is moist.

    Seriously though... no more security answers until you ask and have answered a lot more security questions.
    I'll excuse you for not knowing who I am. Ask some of the older people. They'll vouch for my credentials.
    quote:
    If Windows had a sane [ read "Unix-like" ] user administration system then most of these problems would be relatively moot.

    I think you'll be hard pressed to find anyone on the planet that thinks the idea of a superuser account is a good one. This is perhaps the most frequently discussed weakness of the traditional UNIX system.
    The Windows method of account structures makes far, far more sense. Accounts have no power that isn't controlled by the security policy. As opposed to normal users who all have the same privilieges and then a superuser account that doesn't even use permissions.
    In my experience, with a properly crafted set of user groups, and judicious application of chgrp, chown, and a proper understanding of how exactly unix file permissions work, the end result is far more secure than Windows ever could be.

    And if a "Superuser" account is such a bad idea, whyfore does Windows have "Administrator"? That's just a misspelling of "root". *wink*

    All jocularity aside, a security policy ought to be something developed for each specific case--not a fiat handed down from your software manufacturer.


    quote:
    There are some reasons why people use the administrator account under Windows for daily use--mostly, in my experience, because Windows' implementation of 'normal' user accounts tends to break some software.

    No, they are the same reasons why so many new UNIX/Linux users spend all day as root. Because they are lazy... they don't like the occasional hassle of errors while installing new applications and since this happens frequently while first using a system (codecs, browser extensions, etc) they make a habit of it. I can't think of a time I've ever had an application break when run as a normal user saving for of course applications that do things normal users ought'nt be doing.
    I myself have spent a grand total of....let's see. Maybe six hours total in the root account, over my various years of using 'nix based systems.

    What I was referring to was admittedly a slightly-out-of-date copy of StarOffice which would throw up an error and die in a normal user account, but would run normally with admin privleges. Puzzled me slightly for a while as to why it didn't work.

    However, if you're pointing the finger at laziness and user-error, might I point out to you the vast majority of end-users who display those symptoms regularly on *all* platforms? I admit, Microsoft does seem to give a sort of half-effort towards setting things up to prevent the effects of user laziness--but it's still no substitute for a properly-administrated box.

    quote:
    An ideal system would be where you have a specific account for web browsing only, and all that anyone could possibly exploit would be whatever you've downloaded while on the account. You could put your downloads into a shared folder of some kind, and use another account on the machine to do your actual work.

    This is pretty much how all the Windows 2000 systems at companies I've been employed for work (My home systems as well) and this is directly related to one of my "My Problem with Linux Questions" posts.
    Great. Good for you. You've got a clue; have a cookie.

    This still does not change the fact that there are a great deal of other companies, and thousands more users out there, that do not take these precautions.

    quote:
    However, on an OS that doesn't allow complete multi-user sessions [ as in, more than one user accessing the system at the same time...don't fool yourself; I've not yet seen a practical way of doing this with XP... ] this becomes quite cumbersome.

    The simplest way to do this is to create a shortcut for the application that you want to run as a different user and on the properties of the shortcut click the "Run as" check box. Not complicated... naturally you can do more advanced things like alter the permissions on the original application file to prevent users from ever launching it under their credentials.

    cheers,

    catch
    That still doesn't address my fundamental point--I want to be able to have multiple accounts running simultaneously. Windows does not allow me to do this.

    And I'll only be cheerful after I've had my coffee.
    Got Root?



    This user powered by Linux.

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'll excuse you for not knowing who I am. Ask some of the older people.
    Dad?????
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •