Please support our Web Browsers advertiser: 64-bit Windows Community
 |
•
•
Join Date: Jan 2004
Location: Low earth Orbit...right? Soon to be cali to finish up ten year.
Posts: 150
Reputation: 
Rep Power: 0
Solved Threads: 1
Banned
Looking through alot of the troubles in most IE forums, a vast majority are using adminastrative accounts abviously. Less computer savey people (97% of the members)will not understand the benefits of a limited account and thats ashame IMHO.
I will post a sticky here on the correct usage of IE later.
I will post a sticky here on the correct usage of IE later.
•
•
Join Date: Feb 2002
Location: Lawn Guylen, NY
Posts: 11,115
Reputation:
Rep Power: 33
Solved Threads: 117
Personally, I feel a Windows limited account is only a good solution for younger children on a family computer. Windows limited/admin accounts just aren't the same nor as powerful IMHO as *nix based accounts are. For example, in *nix, I am never a root user but in Windows I am always Administrator. I feel there are much stronger 3rd party forms of Windows security (i.e. Windows 2003 Server solutions, Novell Netware client for Windows, etc.)
Dani the Computer Science Gal
•
•
Join Date: Jan 2004
Location: Low earth Orbit...right? Soon to be cali to finish up ten year.
Posts: 150
Reputation:
Rep Power: 0
Solved Threads: 1
Banned
•
•
•
•
Originally Posted by antioed
Unless I'm missing something the problem is not with the account...it's the fact that IE, which operates with the OS at the system level, can be used to attain system level privileges or root which you may have heard of.
•
•
•
•
Originally Posted by antioed
The user is not the problem if the browser is calling functions at the system level. Just because the browser is opened by the user does not mean that all functions run by the browser are also run as that user...they're run on the system level. Say you hit a website and IE is trying to interpret script, the function to process that code is passed in a system level process. If that process executes code which is able to exploit a vulnerability in the OS the result could be system level privileges to execute the code of choice, the box is owned - root has been owned...because the process operates at the system level, which is independent of who is logged in or what rights they have. If they can run IE the problem still exists. Sure you could limit the users to be unable to run IE but that's not a very good solution. The culprit here is the OS itself...not the user. Patch the box!
Although there have been many exploits in IE which give user level privileges, as far as I'm aware it has never been implicated in a local privilege elevation vulnerability (Of course many Windows users run everything as admin hence making the distinction rather academic).Think about it!
It's lies.. (your whole response)
You make no sense at all. Remeber IE is a program, not a service! Take a closer look at it's core capabilities and you'll quickly realize that there are many easier (and logical) places to attempt these types of attacks.
•
•
•
•
Originally Posted by FARANTH
I dont see how this sloves anything as IE is run on the system level regardless of whos using it
•
•
•
•
Originally Posted by Masta Cracka
wouldn't running as a limited user prevent this unauthorized access in the first place.
So I would say that affleck's sticky is correct he just did not go in to detail.
I know this is a Tech Support Site but we should not be ignorant to the fact that security is paramount & can be applied, all the while maintaining complete functionality.*wink*wink*
Let me just say this, people, if you do your taxes on your home PC and you are running on an admin account your identity amongst other things are at stake. (Your SS#, your life, and pretty much anything on the HDD).
Last edited by WEATHER CHANNEL : Feb 1st, 2004 at 3:28 pm.
•
•
Join Date: May 2003
Location: Royal Oak, Michigan
Posts: 864
Reputation:
Rep Power: 9
Solved Threads: 42
Practically a Posting Shark
•
•
•
•
Originally Posted by WEATHER CHANNEL
[snip]
You make no sense at all. Remeber IE is a program, not a service! Take a closer look at it's core capabilities and you'll quickly realize that there are many easier (and logical) places to attempt these types of attacks.
[/snip]
-- Michael RudasHow To Ask Questions The Smart Way (article by Eric Raymond).
Dealing with Malware
My Articles page.
My Best-of-Breed Free Software for Windows list
Other Windows- & Microsoft-related links
The Audio Tech's Page
My blog
The Oak Park Computer Club
PenguiCon 4.0 Open Source & Science Fiction convention, April 21-23, 2006.
Knoppix Linux (CD-bootable) download. information, & support.
•
•
Join Date: Jan 2004
Location: Low earth Orbit...right? Soon to be cali to finish up ten year.
Posts: 150
Reputation:
Rep Power: 0
Solved Threads: 1
Banned
It's still not a service.
•
•
Join Date: Jan 2004
Location: Low earth Orbit...right? Soon to be cali to finish up ten year.
Posts: 150
Reputation:
Rep Power: 0
Solved Threads: 1
Banned
•
•
•
•
Originally Posted by TallCool1
[snip]Uhhh... not exactly. IE's functionality is fully integrated into Windows at the lowest levels in all versions from Win98 on. For example, it's what allows the Quick Launch bar to work and provides the ability to view the desktop (Active Desktop) and folders as web pages. There are all kinds of vunerabilities that this causes: see http://www.secunia.com for several exploits that can be directly traced to IE's integration at this level. It was a bad idea 5 years ago and it's an even worse idea now![/snip]
Ok,I did not have much time at my work to reply to this fully.
Your points have some truth to them Tallcool1, however, the specific reference I made is to privilege escalation, not buffer overflows and other vulnerabilities which are listed on the site that you pointed me to (but that's another topic). Sure, you will see a variety of issues with an app that is integrated with an OS but you will find a pattern of vulnerabilities which really do not include privilege escalation. Anyway, arguing with people who post uneducated guesses on a subject & people who do not understand security well enough to discuss it objectively is a really a dead-end.
I just had to correct the misleading drivel.I Couldn't believe the replies that I read in this thread. Tallcool1 I'm suprised you didn't correct Antioed a month ago, you being a moderator and all. I'm suprised all the moderators didn't see this and correct it either. Do you not have a legitimate IE forum mod or something?
I will post the correct usage of IE, how to configure the security zones, restricted sites, and how you allow it to handle cookies, Active X, etc....later tonight. Security is one of my forte's.
Anyone else want to throw in an opinion? Like I said I can provide reading material.
We will keep it simple for the ones who have lack of knowledge on the matter or who just failed to read the TFM in the first place.
*Close IE, *Open the Task Manager, *Re-open IE. Now look at the task manager. Under the User Name column, what does it say?
I thought so.....User Level Process! A user level process . That was a tough one.
•
•
•
•
Originally Posted by cscgal
Personally, I feel a Windows limited account is only a good solution for younger children on a family computer. Windows limited/admin accounts just aren't the same nor as powerful IMHO as *nix based accounts are. For example, in *nix, I am never a root user but in Windows I am always Administrator. I feel there are much stronger 3rd party forms of Windows security (i.e. Windows 2003 Server solutions, Novell Netware client for Windows, etc.)
net users
|
Similar Threads
Other Threads in the Web Browsers Forum
- Many problems... (Viruses, Spyware and other Nasties)
- Im new to mac and having problems please somebody help (OS 7 / 8 / 9)
- Many pages will not display anything, no error message (Web Browsers)
- Missing screen (Monitors, Displays and Video Cards)
- Registry (Windows NT / 2000 / XP / 2003)
- Problems with "Bridge.dll" (Viruses, Spyware and other Nasties)
- Another "about:blank" victim, attached hijack log. Please help. (Viruses, Spyware and other Nasties)
- svchost error!! (Windows NT / 2000 / XP / 2003)
- Client comp. can't browse other site using PPPoE Broad Band Connection (Web Browsers)
- winxp (Windows NT / 2000 / XP / 2003)
Other Threads in the Web Browsers Forum
- Previous Thread: i scanned my sys with spyware remove
- Next Thread: ie6 wont let me into certain sites....
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
