Guest Jesper Ravn Posted March 22, 2009 Posted March 22, 2009 Hello What happend to basic security advices. You nearly don't hear about them anymore. Im talking about Limited User Account (LUA) and Software Restriction Policy (SRP). Today its all about IE features + big security suites, comodo firewall and fancy removal tools. With LUA and SRP all your family desktop/laptops, will newer get infected. Why has Microsoft and most of the Security MVP's given up on these security principles. They are not even listed here: http://www.microsoft.com/protect/computer/default.mspx Please also remember that UAC in Vista was not ment to be a security boundary, from what I have read. Any comments?. /Jesper Quote
Guest FromTheRafters Posted March 22, 2009 Posted March 22, 2009 "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message news:3780BC19-7E32-4B42-B852-892797A4AF8A@microsoft.com...<span style="color:blue"> > Hello > > What happend to basic security advices. You nearly don't hear about > them anymore.</span> I try to inject basic and/or general security measures into conversations from time to time. This, of course, runs the risk of annoying the people coming here for specific help. It is especially so for those that proclaim proudly that they have UAC disabled and can't figure out why something doesn't work as expected. <span style="color:blue"> > Im talking about Limited User Account (LUA) and Software Restriction > Policy > (SRP). > Today its all about IE features + big security suites, comodo > firewall and > fancy removal tools. > With LUA and SRP all your family desktop/laptops, will newer get > infected.</span> Wrong, these measures are effective against trojans and other malware that presents itself as a trojan. You can be "infected" by a "virus" even with those measures in place. Worms also can circumvent any barriers these measures provide. When it comes to a person making a decision to run a trojan, LUA limits its scope and SRP has already failed. <span style="color:blue"> > Why has Microsoft and most of the Security MVP's given up on these > security > principles.</span> I can't speak for them, but it seems to me that they haven't. <span style="color:blue"> > They are not even listed here: > http://www.microsoft.com/protect/computer/default.mspx</span> Probably there implicity, haven't read it yet myself. They are mentioned elsewhere - Google results are numerous. <span style="color:blue"> > Please also remember that UAC in Vista was not ment to be a security > boundary, from what I have read.</span> This is why the user should not run day to day as 'protected admin' but as a limited user instead. <span style="color:blue"> > Any comments?.</span> Sure. The fact that the default (protected) admin account actually has the user running limited, makes people think it is okay to run in this account for their day to day activities. It should be pointed out that even in Vista you should create a standard user account for yourself and everyone else that uses the computer. For the occasional administrative task you can supply credentials at the consent prompt. If you are going to do alot of admin stuff - use whatever admin account suits you. Quote
Guest Jesper Ravn Posted March 23, 2009 Posted March 23, 2009 "FromTheRafters" <erratic@nomail.afraid.org> skrev i meddelelsen news:Op9GGZyqJHA.3432@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > > "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message > news:3780BC19-7E32-4B42-B852-892797A4AF8A@microsoft.com...<span style="color:green"> >> Hello >> >> What happend to basic security advices. You nearly don't hear about them >> anymore.</span> > > I try to inject basic and/or general security measures into conversations > from time to time. This, of course, runs the risk of annoying the people > coming here for specific help. It is especially so for those that proclaim > proudly that they have UAC disabled and can't figure out why something > doesn't work as expected. ><span style="color:green"> >> Im talking about Limited User Account (LUA) and Software Restriction >> Policy >> (SRP). >> Today its all about IE features + big security suites, comodo firewall >> and >> fancy removal tools. >> With LUA and SRP all your family desktop/laptops, will newer get >> infected.</span> > > Wrong, these measures are effective against trojans and other malware that > presents itself as a trojan. You can be "infected" by a "virus" even with > those measures in place. Worms also can circumvent any barriers these > measures provide. When it comes to a person making a decision to run a > trojan, LUA limits its scope and SRP has already failed.</span> Thanks for you feedback. Can you provide me with any link/information where malware can bypass LUA + SRP. /Jesper Quote
Guest Jesper Ravn Posted March 23, 2009 Posted March 23, 2009 "FromTheRafters" <erratic@nomail.afraid.org> skrev i meddelelsen news:Op9GGZyqJHA.3432@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > > "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message > news:3780BC19-7E32-4B42-B852-892797A4AF8A@microsoft.com...<span style="color:green"> >> Hello >> >> What happend to basic security advices. You nearly don't hear about them >> anymore.</span> > > I try to inject basic and/or general security measures into conversations > from time to time. This, of course, runs the risk of annoying the people > coming here for specific help. It is especially so for those that proclaim > proudly that they have UAC disabled and can't figure out why something > doesn't work as expected.</span> Ok, but please remember that UAC is not a security feature. The real security (defense layer) is in LUA combined with SRP. /Jesper Quote
Guest FromTheRafters Posted March 24, 2009 Posted March 24, 2009 "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message news:2B874183-D8A4-493A-B977-831C157E63AF@microsoft.com...<span style="color:blue"> > "FromTheRafters" <erratic@nomail.afraid.org> skrev i meddelelsen > news:Op9GGZyqJHA.3432@TK2MSFTNGP04.phx.gbl...<span style="color:green"> >> >> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message >> news:3780BC19-7E32-4B42-B852-892797A4AF8A@microsoft.com...<span style="color:darkred"> >>> Hello >>> >>> What happend to basic security advices. You nearly don't hear about >>> them anymore.</span> >> >> I try to inject basic and/or general security measures into >> conversations from time to time. This, of course, runs the risk of >> annoying the people coming here for specific help. It is especially >> so for those that proclaim proudly that they have UAC disabled and >> can't figure out why something doesn't work as expected. >><span style="color:darkred"> >>> Im talking about Limited User Account (LUA) and Software Restriction >>> Policy >>> (SRP). >>> Today its all about IE features + big security suites, comodo >>> firewall and >>> fancy removal tools. >>> With LUA and SRP all your family desktop/laptops, will newer get >>> infected.</span> >> >> Wrong, these measures are effective against trojans and other malware >> that presents itself as a trojan. You can be "infected" by a "virus" >> even with those measures in place. Worms also can circumvent any >> barriers these measures provide. When it comes to a person making a >> decision to run a trojan, LUA limits its scope and SRP has already >> failed.</span> > > Thanks for you feedback. > Can you provide me with any link/information where malware can bypass > LUA + SRP.</span> No, I can't. But I'm sure an exploit based worm arriving as data wouldn't be addressed by policy, and with only limited rights can still propagate and/or activate a payload. Add to that any ability it may have to escalate through that or another exploit. If one of the payload's features is to virally infect - then you will have a virus too. If all we had to deal with was simple trojans, things would be different. Quote
Guest FromTheRafters Posted March 24, 2009 Posted March 24, 2009 "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message news:56E34E5A-831E-4455-9DE7-E322E9A2446D@microsoft.com...<span style="color:blue"> > > > "FromTheRafters" <erratic@nomail.afraid.org> skrev i meddelelsen > news:Op9GGZyqJHA.3432@TK2MSFTNGP04.phx.gbl...<span style="color:green"> >> >> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message >> news:3780BC19-7E32-4B42-B852-892797A4AF8A@microsoft.com...<span style="color:darkred"> >>> Hello >>> >>> What happend to basic security advices. You nearly don't hear about >>> them anymore.</span> >> >> I try to inject basic and/or general security measures into >> conversations from time to time. This, of course, runs the risk of >> annoying the people coming here for specific help. It is especially >> so for those that proclaim proudly that they have UAC disabled and >> can't figure out why something doesn't work as expected.</span> > > Ok, but please remember that UAC is not a security feature.</span> Right, it is an 'ease of use' feature to encourage users to take advantage of the real security feature of the use of LUAs and the principle of "least privilege". <span style="color:blue"> > The real security (defense layer) is in LUA combined with SRP.</span> Absolutely! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.