Printable View
It is possible to spawn a process that will run at a higher privelaged user....a good example running Symantec's Live Update as a restricted user giving that user access to a command line that runs with System privelages. The only real way to defend against this type of thing is to keep all software patched and updated and log certain types of events.
EDIT: Cool....275! I'm addicted! :p
Even though IE essentially isn't highly configurable, it is enough. You can stop scripts from running, ActiveX etc. However, i know when Win95 and Win98 were new, Micro$oft had IE running as the system's shell, basicly a GUI for the system. However, i dont know if this is the case for Win2000 and XP. If anyone knows, get back to me, plz?
Windows 2000 and XP are based upon the Windows NT system architecture. As such, the only processes that run under the context of System are core operating processes and applications that run as a service that are set to run under the Local System account. Not even the GUI shell (explorer.exe) runs under the context of System.
Now, this is something I tried.
I have used runas command to start IE as some different user. And I couldn't even save a picture from a webpage... Great way to stop some kinds of spyware and malicius javascripts...
but I still visit windows update at least weekly
For windows95,98, me, the person you were originally talking to is correct... But he is only correct as there is no way to login with a less restrictive account. In those particular operating systems you are always logged in with full privileges. This is not a bug or a flaw, the OS is not designed to allow different users or segmentation of privileges, the functionality just doesn't exist.
Now with any OS based on the NT kernel, Catch is 100% correct that running IE as something other than admin resolves almost all flaws that resolve around IE automatically running scripts/virii etc...
Ikalo- You were probably trying to save the files into a directory that you did not have permissions to save them in. I use run as all the time and never have issues saving files.