DaniWeb IT Discussion Community
1 2
Show 40 post(s) from this thread on one page

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Web Browsers (http://www.daniweb.com/forums/forum29.html)
-   -   WinXP and IE problems. Please Read. (http://www.daniweb.com/forums/thread2429.html)

)BIG"B"Affleck Jan 5th, 2004 3:14 pm
STICKY: for IE forum
 
Xp IE user woes can or could have been prevented by running/browsing IE on a Limited account.

Definition:
Limited account: Assigning limited user accounts is an effective way to prevent inexperienced or unauthorized users from changing computer settings or deleting important files. Resource:http://www.microsoft.com/windowsxp/h...ng/default.asp

This means Viruses,Trojans,Spyware,Addware,Backware,malicious scripts,malicious Codes ect........

comment made by: JOE SCHMOE
As far as I know there are still several unfixed security holes in IE dating back as far as 2 years. Hopefully these bugs will be fixed for windows users when Microsoft officially releases Windows XP SP2. Unfortunately SP2 might go as badly for some as SP1.

Big "B's Response: Run IE as a less privileged user, all bugs fixed without patching. Gee that was tough.

peterska2 Jan 6th, 2004 9:16 pm
Re: WinXP and IE problems. Please Read.
 
moved to IE forum, renamed and stuck.

peterska2

antioed Jan 8th, 2004 4:34 pm
Re: WinXP and IE problems. Please Read.
 
"Big B's Response: Run IE as a less privileged user, all bugs fixed without patching. Gee that was tough."

Unless I'm missing something the problem is not with the account...it's the fact that IE, which operates with the OS at the system level, can be used to attain system level privileges or root which you may have heard of.

Masta_Cracka Jan 8th, 2004 4:44 pm
Re: WinXP and IE problems. Please Read.
 
Quote:
Originally Posted by antioed
Unless I'm missing something the problem is not with the account...it's the fact that IE, which operates with the OS at the system level, can be used to attain system level privileges or root which you may have heard of.
Unless, I too, am missing something, wouldn't running as a limited user prevent this unauthorized access in the first place?

~Masta

setokaiba Jan 8th, 2004 5:11 pm
Re: WinXP and IE problems. Please Read.
 
i dont understan

Masta_Cracka Jan 8th, 2004 5:12 pm
Re: WinXP and IE problems. Please Read.
 
Quote:
Originally Posted by setokaiba
i dont understan
Huh? lol :-/

~Masta

antioed Jan 8th, 2004 6:02 pm
Re: WinXP and IE problems. Please Read.
 
The user is not the problem if the browser is calling functions at the system level. Just because the browser is opened by the user does not mean that all functions run by the browser are also run as that user...they're run on the system level. Say you hit a website and IE is trying to interpret script, the function to process that code is passed in a system level process. If that process executes code which is able to exploit a vulnerability in the OS the result could be system level privileges to execute the code of choice, the box is owned - root has been owned...because the process operates at the system level, which is independent of who is logged in or what rights they have. If they can run IE the problem still exists. Sure you could limit the users to be unable to run IE but that's not a very good solution. The culprit here is the OS itself...not the user. Patch the box!

Masta_Cracka Jan 8th, 2004 7:53 pm
Re: WinXP and IE problems. Please Read.
 
Quote:
Patch the box!
Agreed. Of course, using an alternative browser couldn't hurt. Although, I will admit, I have read about certain vulnerabilities, where, utilizing IE or not, could still give an attacker root on the machine. However, most would agree that using a less privileged account is going to mitigate many future vulnerabilities.

WEATHER CHANNEL Jan 30th, 2004 8:35 pm
Re: WinXP and IE problems. Please Read.
 
Quote:
Originally Posted by )BIG"B"Affleck

Big "B's Response: Run IE as a less privileged user, all bugs fixed without patching. Gee that was tough.
Yeah really!
People always ask me why I never patch my personal windows systems, well here is a fine example of seven worthless patches that I won't be applying. People it's not that hard to read a book or two.
Why I am not installing any of these.:
  • MS03-041:
    A properly configured system according to Microsoft's TFM should only allowed trsuted sites to execute ActiveX. I have included this and have gone above and beyond by configuring internet client software to run as the user CLIENT_NET which is a member of GUESTS. Even trusted code execution will be limited to this user's powers and not be able to make any non-password prompted changes to the user's environment.
  • MS03-042: Same as above
  • MS03-043: The TFM indicates the Messsenger service should be disabled unless it is remotely filtered (so for LAN use only).
  • MS03-044: The TFM suggests the disabling of the HCP protocol and users are to be directed to the local administration for support.
  • MS03-045: The utility manager should not be used by normal users and should be disabled, this is covered indirectly in the TFM as well.
  • MS03-046: The Exchange TFM discusses the value of filtering SMTP protocol extensions. IAS fills this role very nicely.
  • MS03-047: I use exchange server 2000.
  • You do the math
I really love how Microsoft lists the proper configuration as a work around as to not make people that failed to apply the proper configuration in the first place feel stupid. And people say they are evil. *wink*wink*

Zachery Jan 31st, 2004 7:06 pm
Re: STICKY: for IE forum
 
I dont see how this sloves anything as IE is run on the system level regardless of whos using it :) unstuck


All times are GMT -4. The time now is 6:08 pm.
1 2
Show 40 post(s) from this thread on one page

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC