 |  |  |  |  |  |  |  |
WinXP and IE problems. Please Read.
 |
Looking through alot of the troubles in most IE forums, a vast majority are using adminastrative accounts abviously. Less computer savey people (97% of the members)will not understand the benefits of a limited account and thats ashame IMHO.
I will post a sticky here on the correct usage of IE later.
I will post a sticky here on the correct usage of IE later.
•
•
Join Date: Feb 2002
Posts: 12,036
Reputation: 
Solved Threads: 128
Personally, I feel a Windows limited account is only a good solution for younger children on a family computer. Windows limited/admin accounts just aren't the same nor as powerful IMHO as *nix based accounts are. For example, in *nix, I am never a root user but in Windows I am always Administrator. I feel there are much stronger 3rd party forms of Windows security (i.e. Windows 2003 Server solutions, Novell Netware client for Windows, etc.)
•
•
•
•
Originally Posted by antioed
Unless I'm missing something the problem is not with the account...it's the fact that IE, which operates with the OS at the system level, can be used to attain system level privileges or root which you may have heard of.
•
•
•
•
Originally Posted by antioed
The user is not the problem if the browser is calling functions at the system level. Just because the browser is opened by the user does not mean that all functions run by the browser are also run as that user...they're run on the system level. Say you hit a website and IE is trying to interpret script, the function to process that code is passed in a system level process. If that process executes code which is able to exploit a vulnerability in the OS the result could be system level privileges to execute the code of choice, the box is owned - root has been owned...because the process operates at the system level, which is independent of who is logged in or what rights they have. If they can run IE the problem still exists. Sure you could limit the users to be unable to run IE but that's not a very good solution. The culprit here is the OS itself...not the user. Patch the box!
Although there have been many exploits in IE which give user level privileges, as far as I'm aware it has never been implicated in a local privilege elevation vulnerability (Of course many Windows users run everything as admin hence making the distinction rather academic).Think about it!
It's lies.. (your whole response)
You make no sense at all. Remeber IE is a program, not a service! Take a closer look at it's core capabilities and you'll quickly realize that there are many easier (and logical) places to attempt these types of attacks.
•
•
•
•
Originally Posted by FARANTH
I dont see how this sloves anything as IE is run on the system level regardless of whos using it
•
•
•
•
Originally Posted by Masta Cracka
wouldn't running as a limited user prevent this unauthorized access in the first place.
So I would say that affleck's sticky is correct he just did not go in to detail.
I know this is a Tech Support Site but we should not be ignorant to the fact that security is paramount & can be applied, all the while maintaining complete functionality.*wink*wink*
Let me just say this, people, if you do your taxes on your home PC and you are running on an admin account your identity amongst other things are at stake. (Your SS#, your life, and pretty much anything on the HDD).
Last edited by WEATHER CHANNEL; Feb 1st, 2004 at 3:28 pm.
•
•
Join Date: May 2003
Posts: 865
Reputation:
Solved Threads: 43
Practically a Posting Shark
•
•
•
•
Originally Posted by WEATHER CHANNEL
[snip]
You make no sense at all. Remeber IE is a program, not a service! Take a closer look at it's core capabilities and you'll quickly realize that there are many easier (and logical) places to attempt these types of attacks.
[/snip]
-- Michael RudasHow To Ask Questions The Smart Way (article by Eric Raymond).
Dealing with Malware
My Articles page.
My Best-of-Breed Free Software for Windows list
Other Windows- & Microsoft-related links
The Audio Tech's Page
My blog
The Oak Park Computer Club
PenguiCon 4.0 Open Source & Science Fiction convention, April 21-23, 2006.
Knoppix Linux (CD-bootable) download. information, & support.
•
•
•
•
Originally Posted by TallCool1
[snip]Uhhh... not exactly. IE's functionality is fully integrated into Windows at the lowest levels in all versions from Win98 on. For example, it's what allows the Quick Launch bar to work and provides the ability to view the desktop (Active Desktop) and folders as web pages. There are all kinds of vunerabilities that this causes: see http://www.secunia.com for several exploits that can be directly traced to IE's integration at this level. It was a bad idea 5 years ago and it's an even worse idea now![/snip]
Your points have some truth to them Tallcool1, however, the specific reference I made is to privilege escalation, not buffer overflows and other vulnerabilities which are listed on the site that you pointed me to (but that's another topic). Sure, you will see a variety of issues with an app that is integrated with an OS but you will find a pattern of vulnerabilities which really do not include privilege escalation. Anyway, arguing with people who post uneducated guesses on a subject & people who do not understand security well enough to discuss it objectively is a really a dead-end.
I just had to correct the misleading drivel.I Couldn't believe the replies that I read in this thread. Tallcool1 I'm suprised you didn't correct Antioed a month ago, you being a moderator and all. I'm suprised all the moderators didn't see this and correct it either. Do you not have a legitimate IE forum mod or something?
I will post the correct usage of IE, how to configure the security zones, restricted sites, and how you allow it to handle cookies, Active X, etc....later tonight. Security is one of my forte's.
Anyone else want to throw in an opinion? Like I said I can provide reading material.
We will keep it simple for the ones who have lack of knowledge on the matter or who just failed to read the TFM in the first place.
*Close IE, *Open the Task Manager, *Re-open IE. Now look at the task manager. Under the User Name column, what does it say?
I thought so.....User Level Process! A user level process . That was a tough one.
•
•
•
•
Originally Posted by cscgal
Personally, I feel a Windows limited account is only a good solution for younger children on a family computer. Windows limited/admin accounts just aren't the same nor as powerful IMHO as *nix based accounts are. For example, in *nix, I am never a root user but in Windows I am always Administrator. I feel there are much stronger 3rd party forms of Windows security (i.e. Windows 2003 Server solutions, Novell Netware client for Windows, etc.)
net users
|
Other Threads in the Web Browsers Forum
- Previous Thread: i scanned my sys with spyware remove
- Next Thread: ie6 wont let me into certain sites....
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Web Browsers Posts
- Today's Posts
- Unanswered Threads
aiim2009 android apple britain browser browserproblems browsers browsing budget bug bughunt censorship china chrome client code compuserve contest crash defect development email error europe exploit explorer facebook fennec fileeditmissing firefox gecko google government history ie7 ie8 internet internet.broadband internetexplorer internetexplorer8 internetusage iphone leak linux malware marshallmcluhan media memory microsoft mitmedialab mobile mobilebrowsers mosaic mozilla music networking news newspapers newyork offline olympics onlinecommunities opensource opera opera.software patch plugins porn privacy problem safari save seamonkey security server sex silverlight social software survey surveys teenagers television testing thunderbird twitter u.s. uk update users utest video web webbrowser webdevelopment webusage wikipedia windowslivemail worldrecord worldwideweb
