[Question]"damage limitation" creating a Limited User Accou

[WolfX2]

Hi,

Well thought out and well written guide.

Does anybody have any idea or opinions (or even evidence/proof) as to how much "damage limitation" creating a Limited User Account in WinXP would/does make in the event of virus or other malware infection? Especially for internet use.

Waywyrd

[redxii]

I have two videos showing one exploit, unpatched machine, default security settings + NTFS, a limited user and an admin user. I show you this and that in the video, and go to the site with a drive-by and watch the sparks fly (admin) or nothing happens (non-admin). The "showing of this and that" is inconsistent and made a few embarrasing mistakes (like HJT took over the clipboard and replacing the URL of the site and accidently pasting). I compare admin and non-admin all the time so perhaps soon I will have something more professional and clean to present, if not if you give we webspace for the videos I will upload what I have.

[redxii]

Made the videos. Near the end as running as admin, it was CRAWLING to grinding halt. I could not complete the HJT logs, because it would have taken an hour to do so! It was alot of work to get it to a decent speed so I could get the video file. It was a driveby exploit, so no ifs ands or buts about if the user "decided" to run it.

Basically, as admin, the malware had to ability to:

- Edit my hosts file

- Use group policy to disable task manager, enforce various IE settings system wide, among other things

It is XP Pro sans any service packs OR patches, nor any anti-virus or security "hacks".

The limited account was much, much less severe. No crawling, and completely isolated from the rest of the system.

It is also secure for IE, because driveby ActiveX exploits aren't possible. You can only get exploited by existing ActiveX plugins but even then it can do less damage.

It's a 1.09MB rar file.. this forum won't let me upload it.

Edited February 23, 2006 by redxii

[waywyrd]

Thanks for the help and reply. Now that there is a good basis for running a Limited User Account perhaps more software vendors can create programs that will run on a LUA without having to work out file permissions etc.

I have one program which is supposed to gather data via the Interent which won't run under LUA... unless I alter the file permissions. Another program Paint Shop Pro, will only run under Administrator account.

I've running a "98Lited" dual boot system with XP, because I didn't fully trust XP on the Internet. Yes, I know Win98 can get hacked/attacked, but it's far easier to "clean up" the infections etc.