Re: How to best protect against Spyware and Rookits
- From: "Waleri Todorov" <invalid@xxxxxxxxx>
- Date: Fri, 18 Apr 2008 12:12:49 +0300
A major drawbacks for this approach are:
a) By deafault, first created account is an admin account.
b) Default permissions for "Documents and settings" allows execution.
Users should manually change these settings and 99% of them can't do it :(
"na" <na@xxxxxx> wrote in message news:OzE0R6OoIHA.4904@xxxxxxxxxxxxxxxxxxxxxxx
"Waleri Todorov" <invalid@xxxxxxxxx> wrote in message news:eViX%23dFoIHA.6096@xxxxxxxxxxxxxxxxxxxxxxx
Well, the protection is quiet simple, really - DO NOT LOGIN AS AN ADMINISTRATOR.
Furthermore, disable execution permissions from folder with write permissions and vice versa.
Of course, a bunch of lame program will fail to work under these conditions, so that's why UAC was invented, but
that's Vista...
I was just going to suggest this. I am so glad I am not alone. To anyone reading this get ready for
the most basic info you could ever hope to hear.
1. Create and use only a limited user account.
2. Use Software Restriction Polices.
I do the above and have no problems! I have no virus scanning software installed because they
are just vulnerable services running as root anyway!
1. Virus copies itself to desktop because of Internet Exploit. SO WHAT? It can't execute!
2. Linux only recently came up with SELinux...
- Follow-Ups:
- References:
- Prev by Date: Re: Atomic Port I/O
- Next by Date: Re: WaitForMultipleObjects
- Previous by thread: Re: How to best protect against Spyware and Rookits
- Next by thread: Re: How to best protect against Spyware and Rookits
- Index(es):
Relevant Pages
|
