|
|
Welcome to the Invelos forums. Please read the forum
rules before posting.
Read access to our public forums is open to everyone. To post messages, a free
registration is required.
If you have an Invelos account, sign in to post.
|
|
|
|
Invelos Forums->General: General Discussion |
Page:
1 Previous Next
|
Inspired by page 99 PcWorld January 2008 |
|
|
|
Author |
Message |
Registered: April 8, 2007 | Posts: 1,057 |
| Posted: | | | | Hi Guys, The article talks about a program for reducing rights. Most XP users run there computers in "Administrator" mode when not required. Running as administrator, can allow malware free reign to create havoc on your machine. Michael Howard a M$ employee wrote "DropMyRights" quite some time ago, I encourage XP users, to drop the rights of programs not requiring admin rights. It's very easy: download Free "DropMyRights" HereInstall "DropMyRights' <can be found at 'program files> Copy "DropMyRights.exe" to the root directory C:\ Now go to Control Panel > add/remove programs > remove "DropMyRights" Note the only required file is "DropMyRights.exe" which was copied to C:\ and Add/Remove will only delete the program from c:\program files. Candidates for reduced rights, anything that connects to the internet. On my machine the following run 'just fine' with restricted rights. FireFox IE7 <used rarely> Thunderbird iTunes Quicken 1-Click Answers You reduce the rights by slightly modifying the programs shortcut. Make a copy of the shortcut (I made a folder for all the "full rights" shortcuts) my desktop has only reduced rights shortcuts <that can connect to the internet> Right click the shortcut, where it says "Target" place your cursor in that field, left click one time, use the left ARROW key to place the cursor to the extreme left. Type "C:\DropMyRights.exe It should look like this for FireFox: C:\DropMyRights.exe "C:\Program Files\Mozilla Firefox\firefox.exe" /prefetch:1 Note the space between the e and " Hit 'Apply' or 'Ok' - Next time FireFox it will have reduced rights, which will help keep you safe from malware. And your systme will still have full Admin rights. Note 'Apple Computer' has long used this concept, to keep malware there machines. Vista's protected mode works similar. Also any program that was started via "DropMyRights" it's child <program> will have reduced rights also. Example: Starting IE using DMR any program IE starts will have reduced rights as well. Take Care Rico | | | If I felt any better I'd be sick! Envy is mental theft. If you covet another mans possessions, then you should be willing to take on his responsibilities, heartaches, and troubles, along with his money. D. Koontz |
| Registered: March 13, 2007 | Reputation: | Posts: 3,436 |
| Posted: | | | | For quite some time now I run all my computers as Users and only use "Run As..." [Administrator] to install programs and a few other tasks. Only annoyance I ever found was not being able to adjust the system time, otherwise "using" a computer as User is no problem at all (and it shouldn't be). | | | Achim [諾亞信; Ya-Shin//Nuo], a German in Taiwan. Registered: May 29, 2000 (at InterVocative) |
| Registered: March 13, 2007 | Posts: 550 |
| Posted: | | | | Quoting ya_shin: Quote: For quite some time now I run all my computers as Users and only use "Run As..." [Administrator] to install programs and a few other tasks. Only annoyance I ever found was not being able to adjust the system time, otherwise "using" a computer as User is no problem at all (and it shouldn't be). That is what I would do as well. It is how I run and install programs at work (I do desktop support). For those that may not know, one way to get to the run as is to hold shift and right click on the shortcut. You can do the same thing with Vista (which has run as administrator). As if you do it on an excel or word file and not a shortcut, it has the option to open as read only (not sure what other file types have this option). | | | Schultzy - http://www.michaelschultz.net grenactics - The art of skillfully fraggin one’s opponent with the use of grenades or other compact explosive devices that are thrown by hand or projected. |
| Registered: March 13, 2007 | Posts: 103 |
| Posted: | | | | Quoting ya_shin: Quote: For quite some time now I run all my computers as Users and only use "Run As..." [Administrator] to install programs and a few other tasks. Only annoyance I ever found was not being able to adjust the system time, otherwise "using" a computer as User is no problem at all (and it shouldn't be). You can edit your pc's local security policy and add a user or group the rights to change the system time among other things. It is always best practice to lock down a user and only grant the rights needed through policy. to edit your local security policy just enter the command "secpol.msc" from the run line. If you care to edit GPO run gpedit.msc It kills me when software publishers say they require admin rights to run their software, when the proper way would be to figure out what rights are needed and list them rather than saying you need all rights. Groups are just a template with a given set of rights. You can give a user any right they need via policy and not have them be part of any group (Administrator, Power User, etc). | | | Last edited: by graymadder |
| Registered: March 13, 2007 | Reputation: | Posts: 3,436 |
| Posted: | | | | Quoting graymadder: Quote: You can edit your pc's local security policy and add a user or group the rights to change the system time among other things. It is always best practice to lock down a user and only grant the rights needed through policy. Good thing to point that out! Obviously I entirely agree. As it was getting ridiculous at some point, I did just that, granted myself the right to change the time. I no longer need to do that, as I no longer run a Windows PC (I still run windows, but within a virtual environment), so I have no more need for that now | | | Achim [諾亞信; Ya-Shin//Nuo], a German in Taiwan. Registered: May 29, 2000 (at InterVocative) |
| Registered: March 14, 2007 | Reputation: | Posts: 17,804 |
| Posted: | | | | Quote: Quoting ya_shin: As it was getting ridiculous at some point, I did just that, granted myself the right to change the time. I no longer need to do that, as I no longer run a Windows PC (I still run windows, but within a virtual environment), so I have no more need for that now Maybe it has been asked before, but I'm just curious if the profiler works proper in a virtual environment? If so, the profiler could be used with Mac OS, Linux, Ubuntu etc? | | | Thorsten | | | Last edited: by kahless |
| Registered: March 23, 2007 | Posts: 317 |
| Posted: | | | | Quoting kahless: Quote:
Quote: Quoting ya_shin: As it was getting ridiculous at some point, I did just that, granted myself the right to change the time. I no longer need to do that, as I no longer run a Windows PC (I still run windows, but within a virtual environment), so I have no more need for that now
Maybe it has been asked before, but I'm just curious if the profiler works proper in a virtual environment? If so, the profiler could be used with Mac OS, Linux, Ubuntu etc? In theory, everything should work in a virtual environment. The idea is that a virtual machine is indistinguishable from a real machine (as far as the OS is concerned), even to the extent that the virtual machine and the host machine can both exist on a network (that's how they would usually talk to each other). As to the Mac/Linux question, I run DVD Profiler 'natively' in OpenSuse Linux. You have to use Wine (Wine Is Not an Emulator), and it's not flawless, but for the vast majority of use it runs fine. See this thread in the technical forum. Stuart | | | This is a sig... ... ... yay...
Don't understand? Maybe DVDProfilerWiki.org does! |
| Registered: March 13, 2007 | Reputation: | Posts: 3,436 |
| Posted: | | | | I had tried running DVD Profiler in Wine (encouraged by and with great help from Darius), but it proved to be a little weird to me on my Mac, especially if I accidentally touched the scroll wheel, the profile list would take forever to stop the scrolling That is why I decided to use a virtual machine (VMWare Fusion) to run Win XP, basically for DVD Profiler only! It's not a cheap solution though... Problem right now is, the needed programs for layer and region recognition (DVDInfo or NeroInfoTool) don't work in that virtual environment and I haven't found anything for the Mac yet. But in short, as Darius already said, yes, DD Profiler can be used in Mac OS X or Linux without paying for the virtual environment, using Wine. Installation is not very difficult either. | | | Achim [諾亞信; Ya-Shin//Nuo], a German in Taiwan. Registered: May 29, 2000 (at InterVocative) |
| Registered: April 8, 2007 | Posts: 1,057 |
| Posted: | | | | Hi All,
Herr Kahless - I use virtual mode with no problems, for DVDp. I'm using 'Shadow Defender' very very good program. Also virtual 'Returnil' which is free version 2.0 will be out soon, public beta for 2.0. Previous Returnil is very good.
DropMyRights "DMR" is a way the average user can improve safety, & still maintain 'admin rights.' Note 'admin rights' is the default in XP so many users, are not-aware of the vulnerabilities running in this manner. Apple & Vista have corrected this problem.
Take Care Rico | | | If I felt any better I'd be sick! Envy is mental theft. If you covet another mans possessions, then you should be willing to take on his responsibilities, heartaches, and troubles, along with his money. D. Koontz |
| Registered: March 13, 2007 | Posts: 2,694 |
| Posted: | | | | Well, maybe I'm just obstinate. I use Admin mode on all three of my PCs, and have for as long as I can remember. I've never been hacked, never had a virus, never had any malware or trojan get in. I like being able to do anything I want whenever I want without having to stop and think about turning rights back on, etc. Of course, I also know exactly what is going on at any time on any of my machines, and I don't do things or go places on the net where I can be compromised either.
To each his own. | | | John
"Extremism in the defense of Liberty is no vice!" Senator Barry Goldwater, 1964 Make America Great Again! |
| Registered: March 13, 2007 | Posts: 2,694 |
| Posted: | | | | Quoting Rico: Quote: Hi All,
Herr Kahless - I use virtual mode with no problems, for DVDp. I'm using 'Shadow Defender' very very good program. Also virtual 'Returnil' which is free version 2.0 will be out soon, public beta for 2.0. Previous Returnil is very good.
DropMyRights "DMR" is a way the average user can improve safety, & still maintain 'admin rights.' Note 'admin rights' is the default in XP so many users, are not-aware of the vulnerabilities running in this manner. Apple & Vista have corrected this problem.
Take Care Rico Don't know what Apple did, but I sure wouldn't call what Vista does any improvement. Virtually everyone I know who went to Vista turned off that stupid "feature" first thing. | | | John
"Extremism in the defense of Liberty is no vice!" Senator Barry Goldwater, 1964 Make America Great Again! |
| Registered: May 19, 2007 | Reputation: | Posts: 5,918 |
| Posted: | | | | That "Vista Security" was ANNOYING! Once it prompted me to confirm my action when I tried moving a file from one directory to another, I knew it had to go. They went from one end of the spectrum to the other.
"You are coming to a sad realization, allow or deny." |
| Registered: March 13, 2007 | Posts: 550 |
| Posted: | | | | Annoying as it is, Vista did what it set out to do | | | Schultzy - http://www.michaelschultz.net grenactics - The art of skillfully fraggin one’s opponent with the use of grenades or other compact explosive devices that are thrown by hand or projected. |
| Registered: March 13, 2007 | Posts: 2,692 |
| Posted: | | | | Quoting schultzy: Quote: Annoying as it is, Vista did what it set out to do make us switch it off? | | | Paul |
| Registered: April 8, 2007 | Posts: 1,057 |
| Posted: | | | | Hi Guys,
Rifter - Good for you, not experiencing malware firsthand! Starting a program using DMR , is the same as starting the program without DMR. Just dbl click the shortcut. Nothing to think about. Think of DMR as free insurance for your three machines.
As for not understanding a key approach to what helps keep Apple machines malware free is understandable, but the concept is important to thwart malware & has been used for quite sometime. Vista may have inconvenient or troublesome approach to security, but reduced rights has nothing to do with the problem.
DMR is a one time modification to a shortcut (after installed) uses no memory, tiny in size, causes no problems, & for some reason you don't want it delete one file. Plus your machine will still have "admin rights" ONLY THE PROGRAMS <YOU CHOOSE> TO MODIFY IT'S SHORTCUT, WILL HAVE LIMITED RIGHTS.
The two programs that are most likely to get you infected are your Browser & Email - running just these with DMR greatly limits damage malware can cause.
The reference to Apple & Vista is/was meant to show a relationship. Like Apple inspired/invented the concept of limited rights, followed by Mr. Howards writing of DMR circa de 2004, & the concept of limited rights was carried forward to the next OS Vista.
Take Care Rico | | | If I felt any better I'd be sick! Envy is mental theft. If you covet another mans possessions, then you should be willing to take on his responsibilities, heartaches, and troubles, along with his money. D. Koontz |
|
|
Invelos Forums->General: General Discussion |
Page:
1 Previous Next
|
|
|
|
|
|
|
|
|