Re: IP Packet Filter
- From: "Arkady Frenkel" <arkadyf@xxxxxxxxxxxxxxxx>
- Date: Fri, 14 Apr 2006 10:57:09 +0200
Even more : with User Account Controls (UACs) in Windows Vista, everybody
runs as a
standard user, including members of the Administrator group.
Arkady
"Skywing" <skywing_NO_SPAM_@xxxxxxxxxxxxxxxxxxx> wrote in message
news:ObY9djxXGHA.4212@xxxxxxxxxxxxxxxxxxxxxxx
Certainly, and the best way to do that is to have users not run with full
admin permissions all the time. This is *much* more effective than a
battle of catch-up between security software and malware, if you can
prevent the malware from subverting security policies entirely then you
can begin to provide real system security.
Perhaps you might think of this as an idealized case - but you can't
really fully protect the user if they are running as admin and so is the
malware. The real solution starts with making users not run with full
privileges - things like Vista UAC will really begin to help here with
making that a more viable option for non-technical-oriented users,
especially since it's going to be the default scenario where end users
('home users") won't be running as admin. It's certainly possible to run
without administrator privileges on Windows right now (I do so on a daily
basis), but it still takes a bit of knowledge to set that up properly, and
sadly most "home users" are going to be using the default (run as admin)
settings (for current Windows versions).
So, I would rather spend time educating users on how to not run with admin
in the first place rather than trying to plug what becomes a very leaky
ship if malware gets admin privileges. Things like UAC in Vista will help
with this in the future, but for now, we're stuck with trying to educate
users on better security practice.
"Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxxxxx> wrote in message
news:uYFHabxXGHA.1196@xxxxxxxxxxxxxxxxxxxxxxx
Hello, Skywing.
"Skywing" <skywing_NO_SPAM_@xxxxxxxxxxxxxxxxxxx> wrote in message
news:eMzTQHdXGHA.5024@xxxxxxxxxxxxxxxxxxxxxxx
You seem to be missing the point. You're fighting a battle that you
cannot possibly win, all you can hope to do is achieve a (false) sense
of security through obscurity through adding additional layers and
hoping someone isn't clever enough to bypass what you have - which they
will.
Trying to protect a system against an administrator is an exercise in
time wasted.
Not exactly. The fact that the administrator gives you the power of god
does not mean that this power is going to make good things (rather
philosophical sentence, I know). From my expirience - take a look at
http://www.mcafee.com/us/threat_center/default.asp - Adware-Virtumundo -
an adware that I was researching on (when was working in AV company).
This adware makes suffer a half of USA users, I guess. And it's relaying
the fact that the administrator gives it the power of good. VirtuMonde
simply injects into system processes using debug privileges that can be
easialy obtained if you're administrator.
*There are* situatons when there is a need to protect from administrator.
--
Vladimir
manage content: http://www.infostoria.com/
blog: http://spaces.msn.com/vladimir-scherbina/
.
- References:
- Re: IP Packet Filter
- From: Skywing
- Re: IP Packet Filter
- From: anton bassov
- Re: IP Packet Filter
- From: Skywing
- Re: IP Packet Filter
- From: Scherbina Vladimir
- Re: IP Packet Filter
- From: Skywing
- Re: IP Packet Filter
- Prev by Date: Re: Reading a WEP key
- Next by Date: Re: IP Packet Filter
- Previous by thread: Re: IP Packet Filter
- Next by thread: Re: IP Packet Filter
- Index(es):
Relevant Pages
|
Loading
