No security solution is 100% proof from anything. A normal user is still able to do whatever a normal user could do, including opening HTTP sessions with odd requests (aka spyware). You could load up spyware but it could not be embedded as deeply as a normal user. At least under Unix it would also make it impossible to randomly create 'raw' sockets as Gibson insists is so deadly.
But, running as this user should make clean up far easier. When you can do nasty embedded object tricks and other nasty super persistent spyware, the time to clean gets a bit higher and annoying. Installing those nasty kernel layer directory hiding spywares/viruses is just a lot harder as a normal user if not impossible. Those are the ones that eat up mega time for me. If you still got deeply infected, you would have to see how they got infected. Perhaps the spyware has placed itself into the TEMP directory as a normal user, so when you installed any software as an administrator, the spyware was installed instead. Or perhaps the file permissions allowed normal users to have write access everywhere making the "limited user" nearly equal to the administrator anyway. There are ways around every security barrier, ultimately it's up to the user with eternal vigilence to stop potential security issues. Furthermore, there have been some cases of IE where you could elevate privileges from normal user to administrator user. It's also why I promote hardening IE (all built into the browser right now, way before firefox, and more secure than firefox when setup properly), but I realize it's not practical for most people. Then the conditions for becoming infecting are so ridiculously hard that as long as you are somewhat careful, you are immune. Basically, I am still able to do everything I want to do, I do not run antivirus software, I have never gotten spyware or a virus (yes I can hear the chants of people insisting I must have one). I hope one day Microsoft can streamline this method for others. So, my suggestion isn't the panacreas of windows security. Only an intelligent user can really deter that significantly. However, I strongly believe it's the right path to take in comparison to calling up Holy War to stop the RAW sockets or insisting Microsoft is backdooring the world with an incredibly difficult attack vector compared to half a dozen other ways. Of course, my suggestion would not generate lots of hits on a website though. It's not nearly as exciting as nay saying a new OS or insisting there is a huge conspiracy theory. - Carroll Kong > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Thane Sherrington (S) > Sent: Tuesday, January 24, 2006 11:13 AM > To: The Hardware List > Subject: RE: [H] Nutty Steve Gibson claims WMF bug was > planted by Microsoft > > At 11:30 AM 24/01/2006, Carroll Kong wrote: > >As many have agreed, the real Microsoft security problem is the fact > >that it runs as "administrator" by default. Harden that up > a bit more > >and you will nearly all of these security issues mysteriously > >disappear. Hopefully Microsoft will get to a stage where > this will be > >easier to do for most users. > > I'm not sure on that. I had a machine in a few weeks ago > where all the users were limited users (I had to boot into > Safe Mode to get in as Administrator.) So in theory there > should have been no or very little spyware on the system, but > it was loaded up with it. If running as a non-Admin user is > supposed to protect users, shouldn't this machine have been > largely immune to infection? > > T
