How effective is a Limited User Account?

[Shark]

This is probably the most basic recommendation to secure your system.
Setup a limited user account for everyday activities and use an
Administrator account only for installing new trusted software. Linux
has always done this and Windows is slowly going that direction with
it's default configuration.

But how effective is a limited user account in preventing viruses
taking control of your system? Knowing a little about how permissions
work with NTFS, I can't figure how a virus could bypass this. Of
course there is a way because enterprises get viruses just as anybody
else (albeit not as often) and in a corporate environment limited user
accounts are exactly the norm. So how do viruses do it? If they don't
have write access to the registry, how do they make themselves
executable on system restarts?

I will only understand how protected I am if I understand what it
takes for a virus to circumvent this scheme. The worst security is
having the IMPRESSION you're secured...

 

[Allan]

This is probably the most basic recommendation to secure your system.
Setup a limited user account for everyday activities and use an
Administrator account only for installing new trusted software. Linux
has always done this and Windows is slowly going that direction with
it's default configuration.

But how effective is a limited user account in preventing viruses
taking control of your system? Knowing a little about how permissions
work with NTFS, I can't figure how a virus could bypass this. Of
course there is a way because enterprises get viruses just as anybody
else (albeit not as often) and in a corporate environment limited user
accounts are exactly the norm. So how do viruses do it? If they don't
have write access to the registry, how do they make themselves
executable on system restarts?

I will only understand how protected I am if I understand what it
takes for a virus to circumvent this scheme. The worst security is
having the IMPRESSION you're secured...

The Limited User accounts have greatly restricted privileges but enough for
most users all the time. For example, installation of new software is
prevented usually. It is the equivalent to making every user a "superuser"
in Unix. MS was just not thinking seriously about security when they made
Administrator privileges the default on Windows systems.

 

[Niniel]

But that was not the question.

There are bugs in software (IE, Office, mail and web servers etc.) or errors
in the configuration/software of firewalls that can be exploited and allow an
attacker to run any code they want.
But it could also be simple carelessness. I myself recently caught malware
myself even though I have separate user and admin accounts. Most likey, I
installed something - I did a "run-as" or "sudo" (yes, there are several sudo
for windows implementations) - and in the process infected my machine.
Everything I download on that machine is checked for viruses, but sometimes I
download something at another machine and I guess I didn't think of checking
that.

The way I understand it, in theory Windows is quite safe - if set up
correctly and barring stupid actions by the user (see above). Use a limed
account and Firefox with NoScript active. I'm not so sure about the value of
AV and Anti-spyware anymore after my recent episode (they didn't notice a
thing), but I guess it's probably still a good idea to have that.

But once you install something as administrator, like a "cool tool" you
found somewhere... One of the nice things about Ubuntu Linux (that's the one
I'm using so that's all I can talk about) is that they have a central
repository of software that is checked by the maintainers so as long as you
get programs from there you are virtually assured that they don't contain
malware. And bugs tend to get fixed very quickly.

 

[Allan]

This is probably the most basic recommendation to secure your system.
Setup a limited user account for everyday activities and use an
Administrator account only for installing new trusted software. Linux
has always done this and Windows is slowly going that direction with
it's default configuration.

But how effective is a limited user account in preventing viruses
taking control of your system? Knowing a little about how permissions
work with NTFS, I can't figure how a virus could bypass this. Of
course there is a way because enterprises get viruses just as anybody
else (albeit not as often) and in a corporate environment limited user
accounts are exactly the norm. So how do viruses do it? If they don't
have write access to the registry, how do they make themselves
executable on system restarts?

I will only understand how protected I am if I understand what it
takes for a virus to circumvent this scheme. The worst security is
having the IMPRESSION you're secured...

Yes, even using a Limited User account you still may need a firewall and
anti-virus software. The malware may inflict less damage when it infects
your machine on a Limited User account. There is no single security measure
that protects you; unfortunately common sense and safe practice on the part
of the user are the most important features of secure computing. One reason
enterprises get viruses is that employees open emails which can then
propagate througout the internal network.

 

[AreWeThereYet]

Setup a limited user account for everyday activities and use an

Administrator account only for installing new trusted software. Linux
has always done this...

I went from '98 to linux and started using XP just within the last 2 years
because I needed specific apps...

Obviously I followed your logic in configuring the new XP box. Except I ran
into numerous problems with programs not running or not running correctly
from a limited-user account! Even worse - calls to various software-support
groups were met with that "deer in headlights look" -

- 'umm... we didn't consider that possibility. Why do you want to run our
app in limited-user again?'

- 'There's a limited-user account? '

-'Of course I understand what your saying, if you don't want to run
applications as administrator why don't you just use linux?'....

.... admin mode it is. And honestly it hasn't been a problem. Even though the
machine has been down more than up, Microsoft has largely been off the hook.
And I take full credit for installing the only virus in two years (last
week..) - which leads us to -

The worst security is having the IMPRESSION you're secured...

I'll drink to that - or because of it... Let me just say NORTON ANTI-VIRUS
and WINDOWS DEFENDER are WORTHLESS!

I haven't had a virus in about 10 years, because I'm careful. But I figured
I'd get caught sooner or later, and so I diligently pay my dues to Symantec
and AAA every year.

When I finally clicked the wrong thing last week, NAV promptly let me know -
before taking a core-dump on my front lawn. Symantec's virus-specific removal
tool didn't even DETECT the virus (even though the normal AV did) and manual
removal instructions didn't even apply. (Windws Defender slept soundly
through this ordeal...)

Turns out you can only view symantec support pages in Internet Explorer WITH
Active-X and Java. Useful when your systems being overrun by virus' that
exploit Java, Active-X and IE...

Finally I get Symantec's Product Support Specialist:
Abul-Jzmal-Bin-Dhali-Laden on the phone. He forms me that "tis is a fee based
service. my option to pay $99.95 for Premium Viriess Remo-val"...

(no not $100, $99.95 - apparently there's a difference...)

Isn't that why I paid the last $50 (x 6 of the last 10 years)????

Me:
"You've got to be kidding me. What are my real options?"

Abul-Bin-NAV-laden
"I'm vry srry sirra - tis is a fEE based Service Oly...."

Me:
"Forget it, I'm downloading bit-defender now, and I'm taking 100 customers
with me. I'm going to apply for my refund tomorrow (renewed <60 days ago!)."

Abul-Bin-NAV-laden
"Vry GooOd - U have GooOd Day Sirra <click...>"...


*** Not only did I get HUNG UP ON! I tried again in Symantec-CHAT the next
day. Almost Identical conversation - AND they terminated the connection AGAIN
before I even got to get nasty...

http://anti-spyware-review.toptenreviews.com/
http://anti-virus-software-review.toptenreviews.com/

Turns out we still live in a competitive free-market society, where OTHER
people want my money too. Who knew...

On a side-bar my openSUSE-box is running MUCH faster these days as well.
Funny how problems solve themselves....

Sorry for the long story, but wanted to throw in my $39.95 - and two-cents.
Think it's about beer-thirty now so gotta run! ;-)

 

[Shark]

One reason
enterprises get viruses is that employees open emails which can then
propagate througout the internal network.

Yes, I understand that. But even if it propagates itself as a worm
through the network, it still won't be able to modify the registry or
autoexec.bat or any other self executable file upon startup. Meaning,
as soon as the computer is turned off the virus or worm is killed.
Evidently there is another technique viruses are using and that's what
I want to understand.

 

[Shark]

I went from '98 to linux and started using XP just within the last 2 years
because I needed specific apps...

Obviously I followed your logic in configuring the new XP box. Except I ran
into numerous problems with programs not running or not running correctly
from a limited-user account! Even worse - calls to various software-support
groups were met with that "deer in headlights look" -

This was very true in the early days I'm not sure it still holds out.
I'm currently running under a LUA and everything works fine. The whole
Microsoft Office package as you would expect (or not...), multimedia
applications (video, mp3, images), chat, email (NOT Outlook), Google
Desktop and Earth, ..., just to name the more popular ones. I don't
run games and those are really picky in terms of security settings (in
fact, any system setting). Game developers have an I-own-the-box
attitude when they program and expect no limitations of any sort. In
the gaming world it's not uncommon for users to build high-end custom
boxes just for games and so the mentality strengthens.

Sorry for the long story, but wanted to throw in my $39.95 - and two-cents.
Think it's about beer-thirty now so gotta run! ;-)

Cheers mate, you NEED that beer!

 

[Shark]

The way I understand it, in theory Windows is quite safe - if set up
correctly and barring stupid actions by the user (see above). Use a limed
account and Firefox with NoScript active.

What's the deal with NoScript? I know very little about how browsers
work maybe this is the "backdoor" to LUA. Active-X, Javascript, Java,
EVEN if they are allowed to execute malicious code my theory on not
being able to install as auto-executable still holds. Unless they
don't need access to the registry or Program Folder and somehow put
themselves in the Data folder. Hummm....... Can somebody shed some
light here on how these things work and how limited rights mixes in?

 

[Niniel]

Look, the bottom line is this:

Running a limited account does not mean you are absolutely safe. Having an
army of AV and ASW programs does not mean you are absolutely safe.

The fact of the matter is that software has bugs. These bugs can be found
and exploited.
Then there is software where the security holes are actually features - see
ActiveX.
NoScript is a tool to protect you from browser-based attacks - specially
prepared web sites that use JavaScript and other scripting for phishing
attacks, and other attacks. Or even badly programmed legitimate sites that
allow hackers to insert and execute code. (It's quite scary. I recently read
an article on a German computer site where an editor had checked out a bank's
site and without trying too hard found multiple ways for cross scripting
attacks to succeed).

Also, if you browse down to the thread about SAM databases you'll see that
the windows security settings reside in memory unencrypted, and that there
are tools who can read them. That entire database is very badly protected, it
can be easily cracked and altered (which sometimes works in your favour, e.g.
if you have to break into your own box after malware took over - check out
UBCD4Win).

So I guess I need to modify my earlier statement - the Windows file
permissions system is quite configurable and can be locked down securely. But
other design features of Windows can render all of that moot.

 

[Anteaus]

Limited users are only effective if restricted NTFS permissions apply to the
disks in question. Thus, they are not effective for removable disks, etc.

Working as a limited user, the main hassle is not so much the need to change
to Admin to install software, but the fact that on the return to a limited
user, you lose any user-based settings and configuration done as Admin. Thus
you get into a catch-22, whereby installation and some config-changes MUST be
done as Admin, but others are LOST if you do make them as Admin. This will
soon have you banging your head on the wall.

Linux also suffers from this issue, but not nearly to the same extent.

What's really needed is a way to change from "John Doe, User" to "John Doe,
Admin" for installing software, and NOT from "John Doe, User" to "Zaphod
Beeblebox, Admin" -which is what actually happens.

 

[Niniel]

That can be done - at least to a certain degree - by using sudo (for
windows). It'll give temporary admin powers to your own account for things
like installing software. There are several implementations out there that
can be easier or more difficult to configure (one requires setting up a sudo
server). The version I have is pretty simply to install, but it doesn't
always work.

 

[Shark]

Look, the bottom line is this:

Running a limited account does not mean you are absolutely safe. Having an
army of AV and ASW programs does not mean you are absolutely safe.

The fact of the matter is that software has bugs. These bugs can be found
and exploited.
Then there is software where the security holes are actually features - see
ActiveX.

I'm well aware of that but thanks. Personally, I don't expect
infallibility in security setups. But I do try to understand the
limitations of any given method.

NoScript is a tool to protect you from browser-based attacks - specially
prepared web sites that use JavaScript and other scripting for phishing
attacks, and other attacks. Or even badly programmed legitimate sites that
allow hackers to insert and execute code. (It's quite scary. I recently read
an article on a German computer site where an editor had checked out a bank's
site and without trying too hard found multiple ways for cross scripting
attacks to succeed).

I'll give it a try, thanks for the tip.

Also, if you browse down to the thread about SAM databases you'll see that
the windows security settings reside in memory unencrypted, and that there
are tools who can read them. That entire database is very badly protected, it
can be easily cracked and altered (which sometimes works in your favour, e.g.
if you have to break into your own box after malware took over - check out
UBCD4Win).

Aha! And so I finally perceive the true limitation of permissions: it
can be cracked! I thought this was much harder to do.... After reading
that post and investigating a little further it turns out that
cracking the permissions database is a matter of seconds. From the
little I read, you must have physical access to the local machine
(which is not possible to the Internet attacker) but I get the idea.
In relation to viruses cracking permissions I came across this
Microsoft Security Bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
In the recent past, I think it was the most serious flaw where a user
would get infected simply by hovering the mouse over a malicious
webpage. Of the seven vulnerabilities associated with this flaw, FIVE
were "Elevation of Privilege", meaning: bypassing limited user
accounts!

My conclusion is this. Limited User Accounts are very effective in
deterring viruses installing on your system. They are so effective
that the simple elevation of privileges is a legitimate target for
hackers. Limited User Rights is another hoop hackers have to jump
before taking control.