Is browsing MySpace via a Windows XP Home Limited user account safe?

[Nocturnal]

Does a limit user account prevent someone from being able to install a codec or activex file? If not, what is the easiest way to make this happen. This is mainly for people who don't know what they're doing and need the least user interaction. Thanks in advance.

Obviously blocking them from using MySpace or any of those types of sites would be ideal to solve the spyware issue but in the case where they are still going to access this site, what's the best solution on top of using a limited user account? Thanks.

 

[Atheus]

Well it's never completely safe to use the internet at all, but limited accounts do help, and so does using a good and fully patched browser.

I didn't think it was possible any more for sites to silently install activex stuff on IE? Certainly not a problem in Firefox anyway.

/edit: http://secunia.com/ for browser vulnerabilities

 

[Nocturnal]

Well I mean just installing ActiveX scripts in general. Since a lot of the MySpace stuff is happening due to someone thinking they need a new codec and then they go and install this fake codec but instead get their computer infected. I will have to reserach this. Thanks again.

 

[MagnusTheBrewer]

No! You'll never recover the brain cells lost to viewing MySpace.

 

[mechBgon]

Originally posted by: MagnusTheBrewer
No! You'll never recover the brain cells lost to viewing MySpace.

:beer:

I'd rank it "fairly safe" from automatic browser exploit. But the social-engineering angle is another question altogether. examples: Adult Content Viewer and fake-codec stuffs. If the user is suckered by this type of stuff, it won't matter what browser he's using. He's going to get pwned unless his antivirus software saves him (or unless the Admin powers are safely out of his reach). And the Zlob and DNSChanger stuff that you're seeing here gets updated as many as >15 times per day to evade signature-based antivirus detection.

The QuickSpace worm a while back was interesting, however, in that even with a Limited account, and even with a disallowed Software Restriction Policy in place, the exploit could still do what it was made to do, because it was using an easy-to-exploit feature in QuickTime to exploit MySpace's site. It worked with IE, it worked with FireFox. In fact, reportedly it even worked from Macs. So never say never The best overall defense was to not have QuickTime installed (I don't). The next-best appears to have been up-to-date antivirus software.