[snip]Uhhh... not exactly. IE's functionality is fully integrated into Windows at the lowest levels in all versions from Win98 on. For example, it's what allows the Quick Launch bar to work and provides the ability to view the desktop (Active Desktop) and folders as web pages. There are all kinds of vunerabilities that this causes: see http://www.secunia.com for several exploits that can be directly traced to IE's integration at this level. It was a bad idea 5 years ago and it's an even worse idea now![/snip]
Ok,I did not have much time at my work to reply to this fully.
Your points have some truth to them Tallcool1, however, the specific reference I made is to privilege escalation, not buffer overflows and other vulnerabilities which are listed on the site that you pointed me to (but that's another topic). Sure, you will see a variety of issues with an app that is integrated with an OS but you will find a pattern of vulnerabilities which really do not include privilege escalation. Anyway, arguing with people who post uneducated guesses on a subject & people who do not understand security well enough to discuss it objectively is a really a dead-end.
I just had to correct the misleading drivel.I Couldn't believe the replies that I read in this thread. Tallcool1 I'm suprised you didn't correct Antioed a month ago, you being a moderator and all. I'm suprised all the moderators didn't see this and correct it either. Do you not have a legitimate IE forum mod or something?
I will post the
correct usage of IE, how to configure the security zones, restricted sites, and how you allow it to handle cookies, Active X, etc....later tonight. Security is one of my forte's.
Anyone else want to throw in an opinion? Like I said I can provide reading material.
We will keep it simple for the ones who have lack of knowledge on the matter or who just failed to read the TFM in the first place.
*Close IE, *Open the Task Manager, *Re-open IE. Now look at the task manager.
Under the User Name column, what does it say?
I thought so.....User Level Process! A user level process . That was a tough one.
Personally, I feel a Windows limited account is only a good solution for younger children on a family computer. Windows limited/admin accounts just aren't the same nor as powerful IMHO as *nix based accounts are. For example, in *nix, I am never a root user but in Windows I am always Administrator. I feel there are much stronger 3rd party forms of Windows security (i.e. Windows 2003 Server solutions, Novell Netware client for Windows, etc.)
Run a command promp as admin or in your case just open it up and type:
Wow, what do we have here a attackers best friend times two. I don't even have to guess the login name. *wink*wink*
Unsolved 
Online 
