A while back someone on a security forum linked mechbgons guide which I read and tested on a couple of machines. Impressive site and mechbgon I found your security guide the best on the web. I also tried dl'ing malicous files on an XP machine I was getting ready to reformat to test the my setups security and it passed with flying colors after putting on the limited account with SRP.
Guide here:
http://www.mechbgon.com/build/security2.html
I've seen links this new study that, if I understand correctly, shows that on a patched windows system Anti Virus programs still detect 90% or less of malware.
http://mtc.sri.com/live_data/av_rankings/
And this link shows 92% of critical vulnerabilites on an unpatched Windows system are negated by a limited/standard user account.
http://blogs.zdnet.com/security/?p=2517
To simplify a few things please tell me if I have these things correct.
1. Based on the above links, you'd likely be safer running a limited account as a limited user online with an unpatched system compared to a patched system running as an admin online?
2. UAC 'mimicks' a limited user account. If you want a true security boundary of a limited account you must use a limited account. Correct?
3. Keeping UAC enabled on a limited account in vista/win7 is worthwhile to keep IE protected mode, and file & registry virtulization. Is file & registry virtulization kind of like sandboxing or blocking off your program files and registry?
4. [FONT="]SRP prevents executables from running in places other than the Windows and Program Files directories. So in conjunction with a limited user account which cannot add/remove programs or add/remove anything to Windows or Program File directories, and with the software restriction policy you can only execute files from Windows/Program Files so I fail to see how a nasty infection could take hold in this environment? Seems it would be rock solid security wise.
5. Most interesting to me was this quote on another thread from mechbgon: "[/FONT] In the course of my SiteAdvisor work, I've set up a highly-vulnerable Win2000 system hundreds of times, loaded with all sorts of exploitable out-of-date stuff, and deliberately sent it to MPACK-infested sites and every other sort of dangerous site I could find. It was nearly impossible to get it infected when using a Restricted User account (which is what Win2000 calls a low-rights account). But if I logged on as an Admin, the box was pwned immediately."
So with Win2000 configured as a limited user, compared to Win7 running as admin with UAC enabled, the Win200 box would be more secure?
Hope my questions can help others also and thanks for the great forum you have here!
[FONT="][/FONT]
Guide here:
http://www.mechbgon.com/build/security2.html
I've seen links this new study that, if I understand correctly, shows that on a patched windows system Anti Virus programs still detect 90% or less of malware.
http://mtc.sri.com/live_data/av_rankings/
And this link shows 92% of critical vulnerabilites on an unpatched Windows system are negated by a limited/standard user account.
http://blogs.zdnet.com/security/?p=2517
To simplify a few things please tell me if I have these things correct.
1. Based on the above links, you'd likely be safer running a limited account as a limited user online with an unpatched system compared to a patched system running as an admin online?
2. UAC 'mimicks' a limited user account. If you want a true security boundary of a limited account you must use a limited account. Correct?
3. Keeping UAC enabled on a limited account in vista/win7 is worthwhile to keep IE protected mode, and file & registry virtulization. Is file & registry virtulization kind of like sandboxing or blocking off your program files and registry?
4. [FONT="]SRP prevents executables from running in places other than the Windows and Program Files directories. So in conjunction with a limited user account which cannot add/remove programs or add/remove anything to Windows or Program File directories, and with the software restriction policy you can only execute files from Windows/Program Files so I fail to see how a nasty infection could take hold in this environment? Seems it would be rock solid security wise.
5. Most interesting to me was this quote on another thread from mechbgon: "[/FONT] In the course of my SiteAdvisor work, I've set up a highly-vulnerable Win2000 system hundreds of times, loaded with all sorts of exploitable out-of-date stuff, and deliberately sent it to MPACK-infested sites and every other sort of dangerous site I could find. It was nearly impossible to get it infected when using a Restricted User account (which is what Win2000 calls a low-rights account). But if I logged on as an Admin, the box was pwned immediately."
So with Win2000 configured as a limited user, compared to Win7 running as admin with UAC enabled, the Win200 box would be more secure?
Hope my questions can help others also and thanks for the great forum you have here!
[FONT="][/FONT]
Facebook
Twitter