Block that trick!

June 27, 2:39 PMSF Computer Virus ExaminerLenny Bailes

Previous Next

Comment Print Email RSS Subscribe

Subscribe

Get alerts when there is a new article from the SF Computer Virus Examiner. Read Examiner.com's terms of use.

Email Address   Include other special offers from Examiner.com Terms of Use

I

Internet security on a Windows computer is only as good as the antivirus/antispyware protection that you have installed. But you can do better than "only as good!" Most antivirus/antispyware packages are programmed to "phone home" at least two or three times a week to download pattern detection updates. Sometimes, when a serious new Internet threat is detected and announced by CERT or ICSA, leading antivirus manufacturers will release pattern updates for their products within 8 to 24 hours.

This response time may or may not be fast enough to save you from the chore of manually removing a spyware nuisance. (In Windows, removing spyware yourself usually means searching for and deleting rogue system files one-by-one, and/or deleting hostile system registry entries with the Regedit program.  This is a tedious, time-consuming process -- assuming you have enough geekly know-how to do it in the first place.)

It's an open secret among computer security experts that your web browser is probably the biggest security flaw on the machine. A large number of malware applications can only penetrate your computer and do their dirty work because the user who is browsing the web is logged onto Windows as a Computer Administrator. This is the default setting in Windows XP. Microsoft has addressed the problem in Windows Vista by restricting the privileges of the default user account. But in Windows XP, the default login transfers full computer administrator privileges to any program or Internet browsing process that the user initiates.

You don’t actually need the administrative privileges Windows XP gives you just to visit websites, manage email, play movies, or download files. Below, you'll find some procedures and links that will let you beef up web browser security in Windows XP (and even in Windows Vista) without seriously limiting your internet access.

Drop My Rights  and PSExec are free Windows utilities from Microsoft that allow you to launch any Windows program (including Internet Explorer, Firefox, Outlook, and other web browsers or email clients) with limited system privileges. You can websurf or collect and send email as usual, but if you do something that attracts a malware or spyware attack, Windows will block the attack even if your antivirus application is not yet updated to detect it.

PSExec allows you to run applications with Windows Power User privileges instead of Computer Administrator privileges. This means that a web browser or email client you start through PSExec will be stopped from running any software process that installs programs or modifies basic Windows system settings. If a hostile program or spyware script manages to slip past your antivirus program, Windows may launch, but will not install the destructive files and system changes.

Drop My Rights is slightly stronger medicine. It has the ability to run any Windows application with the rights of a Normal or Constrained user. This link will show you the difference in Windows privileges for applications running with Administrator, Power User, and ordinary User account rights.

To use PSExec or Drop My Rights, download the program from the links above. (PSExec is part of larger collection of utilities called PSTools and you will need to extract it from the suite.) Once you've downloaded and installed either application, right-click on your Windows Desktop and choose New->Shortcut to create a shortcut for the Windows program whose security privileges you wish to control.

For instance, to run Internet Explorer without Administrator or Power User rights, enter the following on the Target line in the shortcut menu:

[d:]\DropMyRights\DropMyRights.exe "[d:]\Program Files\Internet Explorer\iexplore.exe" N

where [d:\] is the drive letter where the program is installed.

If you want to limit Firefox or Microsoft Outlook, just substitute the path to one of those applications on the Target line of the shortcut:

[d:]\DropMyRights\DropMyRights.exe "[d:]\Program Files\Mozilla Firefox/firefox.exe" N
[d:]\DropMyRights\DropMyRights.exe "[d:]\Program Files\Microsoft Office\Office12\outlook.exe" N

For a PSExec shortcut that grants Internet Explorer Power User rights, enter this on the target line:

[d]:\WINDOWS\system32\cmd.exe /c [d]:\SysInternals\psexec.exe -l -d "[d:]\Program Files\Internet Explorer\iexplore.exe"

The beauty of using these free utilities to control the privileges of Internet applications is that they give you protection against computer viruses and malware that's independent of an antivirus program's ability to shield the computer.

For Internet Explorer and Windows Explorer, another freeware utility called PrivBar provides a convenient status display that shows the privileges assigned to the application. (See the screenshot that accompanies this entry.) Instructions for installing PrivBar are over here.

Remember that use of these freeware utilities to limit the rights of Internet applications is not a substitute for having a good antivirus/antispyware application installed on a Windows computer. It's an added, sensible security precaution. My next entry will begin a series of reviews of current Windows and Macintosh antivirus packages to offer a birds-eye view of what works well and what doesn't.