Going around admin policy

[zmaster]

Hi all,
I am one of the admins at my company. Recently our boss used a group policy to block off firefox.exe and asked me to see if his method is foolproof.

I am trying to hack it. Unfortunately the change of name/location is not effective, so my next step is to try change the process name. How would one go about doing that?
Any other suggestions would be appreciated.

Keep well
Z

 

[Billb2]

Reinstall another copy in your account?

 

[zmaster]

i tried that, but as soon as the process firefox.exe loads up, it gets shot down by the system

 

[mechBgon]

If he wants it foolproof, his next step should be to combine non-Admin user accounts with Software Restriction Policy (and of course, to not let anyone log onto an Admin account except IT staff). how SRP works in this scenario. No ability to install stuff, no ability to even run anything that wasn't installed by an Admin. Not even from a USB drive or a CD.

 

[ChAoTiCpInOy]

Run it from a thumb drive.

 

[Zugzwang152]

Run it in a virtual machine.

Remote desktop to another unrestricted machine and run it from there.

 

[thegisguy]

+1 for what ChAoTiCpInOy said. Try installing the portableapps version on your system, rename the exe, and see if it runs.

 

[DivideBYZero]

Originally posted by: thegisguy
+1 for what ChAoTiCpInOy said. Try installing the portableapps version on your system, rename the exe, and see if it runs.

this

 

[zmaster]

Originally posted by: thegisguy
+1 for what ChAoTiCpInOy said. Try installing the portableapps version on your system, rename the exe, and see if it runs.

tried it. it seems by blocking the dll's the exe gets blocked.
the way i got around it was by running a older version of ff.
still, i convinced him to unblock it by running a report on the advantages of ff vs ie.
bear in mind that the report is heavily biased towards ff.
http://rapidshare.com/files/18...Firefox_vs_IE.pdf.html

was gonna try running it in vm, but he unblocked it now. Now that is an awesome boss. actually listens to your input instead of dismissing it with "my word is the law" attitude

 

[VirtualLarry]

So let me get this straight, this wasn't just a test of a sofware restriction policy, with Firefox.exe arbitrarily picked as a subject, but that your boss was actually considering banning firefox? Why in the world would they do something like that. If they wanted to enhance online security tenfold, they would do an institution-wide rollout of firefox, followed by a banning of IE.

I've never gotten malware using firefox heavily (oftentimes, to go to "seedy" sites), in all of the years that I've used it, which is quite a few. (I was a hardcore Mozilla user from when before Firefox existed and took over as the primary browser product of mozilla.org.)

Edit: Btw, there ARE ways around SRP.

 

[mechBgon]

Originally posted by: VirtualLarry
So let me get this straight, this wasn't just a test of a sofware restriction policy, with Firefox.exe arbitrarily picked as a subject, but that your boss was actually considering banning firefox? Why in the world would they do something like that. If they wanted to enhance online security tenfold, they would do an institution-wide rollout of firefox, followed by a banning of IE.

Actually, if they want to enhance online security tenfold, the first thing they'd do would be to make sure all their browser add-ons are up-to-date, e.g. Flash Player, Adobe Reader, QuickTime, Sun Java, etc. That's the big attack surface nowdays. And having done my homework, I'd take IE7 in Protected Mode over any other browser for security, due to its proactive defenses against exploits (known or unknown). IE in Protected Mode is sweet 😎

 

[bsobel]

If they wanted to enhance online security tenfold, they would do an institution-wide rollout of firefox, followed by a banning of IE.

More fud. IE in protected mode is safer than FF.

 

[lxskllr]

Originally posted by: bsobel

If they wanted to enhance online security tenfold, they would do an institution-wide rollout of firefox, followed by a banning of IE.

More fud. IE in protected mode is safer than FF.

That only applies to Vista and IE7+, right? I'd say Vista+IE7 is more secure, but XP and under my confidence goes to FireFox and Opera.

 

[bsobel]

That only applies to Vista and IE7+, right? I'd say Vista+IE7 is more secure, but XP and under my confidence goes to FireFox and Opera.

True, that is a Vista feature.

 

[Oakenfold]

Originally posted by: VirtualLarry
So let me get this straight, this wasn't just a test of a sofware restriction policy, with Firefox.exe arbitrarily picked as a subject, but that your boss was actually considering banning firefox? Why in the world would they do something like that.

Maybe they want to limit the # of app's they run? Maybe they do not intend to ever update firefox and only want to manage IE. If they aren't going to ensure that all the FF browsers are kept up to date then they probably don't want FF on their network period, at least if they are thinking about patch management that would be my guess.