randiroo76073 Posted November 24, 2005 Share Posted November 24, 2005 Wasn't quite sure where to post this [Admins move as necessary]. This came in my "Spyware Info" newsletter. More Ways To Surf SafelyIn the last newsletter, I suggested creating a limited user account on your computer and using that to surf the internet. As a limited user, it becomes very difficult for malware to attack the browser and install itself. As it turns out, there is an even simpler way to do this.Several people wrote to mention a program written by a Microsoft programmer called DropMyRights. This program allows you to use your computer as an administrator while opening programs with limited rights. It is a much easier way to surf the web than what I described last time.You install the program, then move the .exe file to another folder, "c:lowrights" for example. Then you right-click on your desktop and create a new shortcut. To create a shortcut that loads Internet Explorer with limited rights, this is what you would put as the location: c:lowrightsdropmyrights.exe "c:program filesinternet exploreriexplore.exe".When you launch Internet Explorer with that shortcut, the DropMyRights program will give it the same permissions as a limited user. You cannot install or run ActiveX and most of the methods used to install malware will fail. I tested this out on a couple of very nasty web sites and absolutely nothing happened.You still see the prompts asking permission to install ActiveX controls. However, nothing happens even if you say yes. You can test this out at SpywareInfo. We have a page that will load an ActiveX spyware scanner designed by X-Block and it is perfectly safe. The page is at http://www.spywareinfo.com/xscan.php . If you ever have a legitimate need to install an ActiveX control, you can simply launch Internet Explorer with the normal shortcut.This also works with any other program on the computer. Just create a shortcut to the program, with dropmyrights.exe in front of the program's location and it will launch that program with limited rights. That means you can do this with your email or instant messenger programs.A few people mentioned a similar program, also written by Microsoft programmers. This one does the exact opposite of DropMyRights. MakeMeAdmin lets you log in as a limited user, but launch certain programs with administrator rights. It is similar to the Windows "Run As" function. The difference is that this program gives administrator-level rights to your limited account just before launching a program.Of the two programs, it probably is safer to use MakeMeAdmin while logged in as a limited user. That way you cannot accidently launch Internet Explorer or your email program with full rights. Both of these programs give you a very elegant way to avoid much of the risk associated with the internet. If you (or a family member) are constantly fighting a spyware infection, this may be the solution to the problem.Related Links:http://www.spywareinfo.net/nov11,2005#limitedsurfing :: TIP: Surf More Safely In Any Browserhttp://msdn.microsoft.com/library/en-us/dn...ure11152004.asp :: Browsing the Web and Reading E-mail Safely as an Administratorhttp://blogs.msdn.com/aaron_margosis/archi.../24/193721.aspx :: MakeMeAdmin - temporary admin for your Limited User accounthttp://blogs.msdn.com/aaron_margosis/archi.../11/394244.aspx :: MakeMeAdmin follow-up Link to comment Share on other sites More sharing options...
eidenk Posted November 24, 2005 Share Posted November 24, 2005 MakeMeAdmin is surely a stupid tool to install on a 2000/XP machine as any attacker with limited rights could then use it to easily gain admin privileges and do whatever it wants on a machine if I understand well. Link to comment Share on other sites More sharing options...
randiroo76073 Posted November 25, 2005 Author Share Posted November 25, 2005 MakeMeAdmin is surely a stupid tool to install on a 2000/XP machine as any attacker with limited rights could then use it to easily gain admin privileges and do whatever it wants on a machine if I understand well.Hey, these guys work for MS, supposedly in security, tell them it's stupid! I'm just passing on what I read in Spyware Info Link to comment Share on other sites More sharing options...
eidenk Posted November 25, 2005 Share Posted November 25, 2005 Thanks for the info. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now