JoeSchmoe007
join:2003-01-19
New York, NY
1 edit | Making the user a member of "Users" group to preve I recently setup computer with Windows XP Pro for my parents. All they need to do is to browse Internet and send/receive email. They don't need to install any additional applications/games/etc, and if they ever do - they will ask me.
They are not really computer literate, but have a general understanding of what NOT to do. Nevertheless, accidental possibility of their computer being infected with viruses and/or spyware is something I've been thinking about.
So far what I did I made sure they belong ONLY to the "Users" group.
I think this pretty much resolves 99%(100% ?) of all possible problems (even without the use of AV/anti-spyware).
Am I right in this assumption ? Please feel free to correct me. I posted this on other forum but haven't gotten the straight answer to this question. People just suggest to make it "Limited" account as this is one of the simplified choices in default Control Panel setup. But this all boils down to user group and access right assignment at the end AFAIR.
The reason behind this opinion is that all spyware/adware/etc. needs to install itself, and since this user has no write access to anything but "My Documents" folder, any installation will not be possible. Am I correct in this assumption ? I actually never tried going to one of these sites that install spyware IE plugins on your PC to answer "Yes" when they ask me to install their app just to see what will happen :-D | |
|
 
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
 ·Comcast
| Re: Making the user a member of "Users" group to preve You mention IE and if that is their\your choice for browser and you haven't added them already....I suggest you add a couple extra layers of protection....which shouldn't give Mom and Dad any heart burns.
• IE-Spyad
• SpywareBlaster | |
|
 | JoeSchmoe007
join:2003-01-19
New York, NY
3 edits | Re: Making the user a member of "Users" group to preve Bubba,
I am aware of different kinds of AV/anti-spyware programs. This is not what I concentrate on in this post. My question is in bold  in my original post. Now I see I haven't been completely clear in it, I should have asked if making them the members of "Users" group even without the use of AV/anti-spyware is sufficient to avoid 99%(100%) of the problems. Did you happen to know the answer ? That is is there any factual evidence of the spyware/viruses that are able to install itself under the account that only belongs to "Users" group ? | |
|
| |
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
·Comcast
| Re: Making the user a member of "Users" group to preve said by JoeSchmoe007  :I am aware of different kinds of AV/anti-spyware programs. Works for me BUT perhaps you need to be told the programs I threw out were NOT AV/anti-spyware programs.
As for your bold....IMO your wrong in your assumption. When script attempts to run....I doubt if being a member of "Users" group will cause Active script to slow down one I otta. Beyond that....I'll move on and let others attempt to assist you.
"Did you happen to know the answer ?"
No comment to that question....bold or no bold ! | |
|
| | | JoeSchmoe007
join:2003-01-19
New York, NY
| Re: Making the user a member of "Users" group to preve Bubba,
I value you input very much. I haven't thought about the Active Script. I am not really knowledgeable about how it works. But from "general" (not sure if "general" applies here) point of view - if it can't write anything to the computer, no harm can be done, right ? Can you point me to some information that gives detailed technical explanation of this subject and exploits of that kind? Or maybe just name a couple of well known exploits that use it and I will look up the info myself. | |
|
| | | |
Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
·Comcast
| Re: Making the user a member of "Users" group to preve said by JoeSchmoe007 :I haven't thought about the Active Script. I am not really knowledgeable about how it works. But from "general" (not sure if "general" applies here) point of view - if it can't write anything to the computer, no harm can be done, right ? Can you point me to some information that gives detailed technical explanation of this subject and exploits of that kind? Or maybe just name a couple of well known exploits that use it and I will look up the info myself. I'm sure I could if need be....but my simple thinking is still with not only your Mom in mind....but my Mom also.
Script is nothing more than instructions and as Mom travels the net she's bound to click on a link that has script code to display a penis pumper....and that's when my phone starts ringing....thu heck with being able to write to the HD....that wonderful pop-up is now in her face. That's where the link to IE-Spyad comes in. As for info about Active script....Google would keep you busy with any and all info you care to research.
I'll respect your wishes and get back on topic....so others can answer your Assumption question. | |
|
TerryMiller
Premium
join:2003-10-23
1 edit | Re: Making the user a member of "Users" group to p Several users on my network at work have running spyware executables and belong solely to a users group. These are NT4 boxes. They can't change the time or install packaged software, but web rebates and CWS manage to find there way in. I'd be killed if I disabled all activeX, so instead I clean.
Edit:
I did have to clean and XP SP1 box as well. | |
|
| 
ttt2525
@cable.rogers | Re: Making the user a member of "Users" group to p Question: Why use IE if it is such a problem then? | |
|
TerryMiller
Premium
join:2003-10-23
| It's always a trade-off between functionality and security. The original question was, "Will making my mom a member of the users group be 99-100% secure". My experience is no.
since we like bold in this topic
The hosts file or ie-spyads reg files would go a long way towards helping in keep the system secure as previously mentioned. Like anything else they need updating.
--
My family site | |
|
gds4141
Premium
join:2003-08-10
Omaha, NE
| How do you get CWS on a user? On my unpatched, non-updated test machine I’ve been trying to get it to install for the last 5 or 6 months. This box is not on a network and is XP. I’ve manage to capture CWS attempts on regmon and filemon and captured a couple of “exe”, but even running the “exe” later does not work. I even keep all the security settings on IE set to low. I must be something wrong.:o
Gary | |
|
|
TerryMiller
Premium
join:2003-10-23
| Re: Making the user a member of "Users" group to p I don't know how they get it. But there were 3 on the box I cleaned today. They were cleanable with spybot so perhaps they hadn't fully executed, but registry entries and files were on the box. The noticable problem was some sort of home page hijack to one of the fake search engines and pop-ups.
--
My family site | |
|
| | Indy Sabre
Sabre Rider From Indianapolis
join:2003-10-02
1 edit | Re: Making the user a member of "Users" group to p said by TerryMiller :I don't know how they get it. But there were 3 on the box I cleaned today. They were cleanable with spybot so perhaps they hadn't fully executed, but registry entries and files were on the box. The noticable problem was some sort of home page hijack to one of the fake search engines and pop-ups. Terry, thanks for the info. If they were cleanalbe with Spybot maybe that says that the damage was at least limited  . Running spybot is pretty easy.
In your previuos post, you implied they weren't running IEspyad, right? Were they runnning a realtime AV?
IMHO, I think for the non tech savy user, installing (me) and teaching (them) to keep Spywareblaster and Spywareguard updated is easier.
Also, if there is a infection on the limited account some others have said that they are removed by just deleting the user account. If this is the case, maybe just copying the user profile into a back up account (before an infection) would be handy becuase you could then just consider the actual working user account as disposable (this is one of my current strategies). | |
|
Indy Sabre
Sabre Rider From Indianapolis
join:2003-10-02
| said by JoeSchmoe007 :I recently setup computer with Windows XP Pro for my parents. All they need to do is to browse Internet and send/receive email. They don't need to install any additional applications/games/etc, and if they ever do - they will ask me. They are not really computer literate, but have a general understanding of what NOT to do. Nevertheless, accidental possibility of their computer being infected with viruses and/or spyware is something I've been thinking about. So far what I did I made sure they belong ONLY to the "Users" group. I think this pretty much resolves 99%(100% ?) of all possible problems (even without the use of AV/anti-spyware). Am I right in this assumption ? Please feel free to correct me. Here is a link to some threads related to your question: »Re: tips & tools for running as non-admin
To comment further, incase you are interested - I am by far no expert but I set up friends and family on XP SP2, get everything installed on an admin account, then copy the user profile to a limited account. Then teach them to do their normal surfing and email only formm the limited account.
I also use and recommend a realtime enabled AV, ScriptSentry, Spywareblaster, Spywareguard and Spybot.
One key (to relative easy recovery) if you are worried about something infecting the box when they are running in limited mode is to have an image saved from when you set everthing up and had it working. I use Ghost 2003, imaged to another hardrive, partion or CDRs or DVDs.
I don't expect them to perform the imaging if they aren't tech savy enough but I do teach them to back up their my documents folder to a CDr. | |
|
|
|
|
|
