-
August 20th, 2011, 07:18 AM
#11
^^ Seems our pet is starting to loose it's touch.
forgot to inlude the url to the referenced article.
-
August 20th, 2011, 07:56 AM
#12
-
August 20th, 2011, 08:34 AM
#13
Originally Posted by nihil
This looks like nVidia making things convenient for themselves, but potentially compromising your security in the process.........please see the interesting link posted by bludgeon.
This may be a blessing in disguise for security. If you were to have (on a business/pro Windows) multiple "admin" level accounts for specific applications such as GFI LANGuard, application updaters, etc... you can add them all into specific security groups to facilitate locking down the machine.
This will allow you to grant them the needed admin rights, while subjecting them to GPO and file/registry permissions that you would not be able to reasonably apply to Local System, Local Service, or Network Service. If one of them is compromised for any reason, they would not have that critical access that the compromise would need to take over the system. It will never be perfect, but it will allow that extra mitigation capability.
The way I see it, limiting possible compromise scope is just as important as limiting attack surface and direct compromise. Proper file permissions on temporary folders is the best defense against browser 0days, and the same can be said for any high risk application.
Real security doesn't come with an installer.
Similar Threads
-
By steve.milner in forum IDS & Scanner Discussions
Replies: 5
Last Post: August 12th, 2004, 12:23 PM
-
By Nokia in forum Tips and Tricks
Replies: 4
Last Post: June 18th, 2004, 04:24 PM
-
By mrleachy in forum *nix Security Discussions
Replies: 4
Last Post: October 18th, 2002, 01:27 PM
-
By Joey_Batch_File in forum The Security Tutorials Forum
Replies: 10
Last Post: September 20th, 2002, 09:03 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|