zookolo

Logged in as an Administrator seriously increases the risk to potential attacks on your computer. The majority of Trojan’s, Malware, Root kits, and Virus’s need all or some of the following to become successfully infected on your machine.

-Create, download and write files to the system32 directory.
-Edit Delete and create registry values in the HKLM.
-Terminate process’s and services.
-Edit Hosts file.

The above tasks require Administrative privileges. When logged in as a normal user the above would not be possible. The problem is people find it an inconvenience to work without Administrative privileges. This means that while browsing the Internet, reading e-mail and chatting via Instant Messaging a Virus can download, install and propagate with no restrictions and without the victims knowledge.

An easy way around this problem is to use a small utility called DropMyRights created by Michael Howard a software security developer from Microsoft.

DropMyRights will strip the current user’s token, removing various privileges and SIDs from the token, and then using that token to start another process, such as Instant Messaging and Web Browsing applications. To explain in lamen’s terms when a Web Browser is launched using DropMyRights all privileges will be removed and in turn will prevent malicious code being installed onto your computer while logged in with Administrative privileges.

Detailed documentation and installations instructions can be found using the below URL.
http://msdn2.microsoft.com/en-us/library/ms972827.aspx

If you want a quick installation and prefer not to learn about the technicality’s of how the utility works download the DropMyRights.msi file from the top of the msdn article and follow the below instructions to install.

Create the installation folder

Firstly create a folder called “tools” in the root of C:\ After the “tools” folder has been created double click the DropMyRights msi you downloaded from MSDN, press next and agree to the End-User License Agreement. Change the folder installation folder to C:\tools\ as shown in fig.1 then click next.

fig.1

Now confirm the installation by clicking next once more. After the installation is finished click close. Located in C:\tools\ you should similar files to fig.2

fig.2

Creating the Shortcut that you want to run in lower privilege

To create a new Shortcut right click on the desktop and select New > Shortcut. You will be asked for the location of the item. For use with Internet Explorer the location would be C:\tools\DropMyRights.exe “C:\Program Files\Internet Explorer\iexplore.exe” as shown in fig.3 Change the Program location depending on what application you would like to run in lower privilege.

fig.3

Once the location has been entered correctly click next then input the name of the Shortcut i.e Internet Explorer (non-Admin) as shown

fig.4

Then click finish. On your desktop you will have an icon called Internet Explorer (non-Admin) For example see fig.5

fig.5

Simply right click the newly created icon and select properties. Using the drop down menu select minimized as shown

fig.6

Finally you may want to chance the icon. To do this click the change icon button and press OK to fig.7 message

fig.7

Click browse to find the .exe of the required application you want to run in lower privilege in the programs menu folder. Internet Explorer icons can be found by browsing to C:\Program Files\Internet Explorer\iexplore.exe The finished result!!

fig.8

NOTE: Remember when running lower privilege Shortcut icons you create this will obviously prevent you from installing Web Plugins, Activex conrtols, applications and Microsoft Windows Updates. This is a good thing because this also means Trojan’s, Malware, Root kits, Browser hijackers and Virus’s cant install on your machine. So if you need to do any of the above simply launch your normal application Shortcut’s.

Using your lower privilege Shortcut icons will dramatically decrease the possibility of malicious code running on your computer. Kudos to Michael Howard. Peace!

Source                                                                                                                                                          http://msdn2.microsoft.com/en-us/library/ms972827.aspx

Browsing the Web & Reading E-mail Safely as an Administrator, Part2 http://blogs.msdn.com/michael_howard/archive/2005/01/17/354708.aspx

Michael Howard’s blog
http://blogs.msdn.com/michael_howard/

This entry was posted on Monday, January 15th, 2007 at 7:21 am and is filed under Security, Windows XP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.