Safer Technology In Xp/w2k3

[Martin Zugec]

Hi guys!

I had another discussion with *nux fan and finally decided to write something down about SAFER technology.

Probably biggest security "hole" in Windows world is that most of the users dont use User accounts, but administrators. We know that this will change in LongTimeToComeHorn, but can we do something now???

Filling 15-20 characters password every time I need to run something under administrator account isnt most comfortable way, right? And not to mention that the code is running under different user account (HKCU, dont forget )

Yes, U can, and it is quite powerfull and simple! It is called SAFER. Main idea is this: if we cant make people running most applications under user account and few of them under administrative account, cant we make it opposite way, e.g. run everything under administrative context and few (browser, IM, mail) under user account without need to enter password?

And it is working! Michael Howards provide as with two tools (DropMyRights and SetSAFER) - first is for running specific process, second is for system-wide settings. Michael´s Howards Blog

Another great product is RunAsAdmin - it is working little bit different way, every process is running under user and you can selectively use different security settings. Valery´s Blog

Last important thing: you are NOT running processes under different user accounts! It is your account, but with restricted rights!