is a "user account" less susceptible to maleware than an admin. account?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
It was suggested to me in the community forum for Norton- that a way to less
the chance of malware from web pages is to use a user account rather than my
admin. account because the user account has less access to system resources.

Sounds like a good theory- I'm surprised I haven't heard it before- but is
really that good?

Another, possibly better way to surf risky web sites (such as porn) is with
the use of Acronis backup program's feature "Try and Buy" which apparently
sets up a protected zone on the hard drive and there it mimics system files-
using that, you can try questionable software, load questionable drivers
and/or surf those naughty/dangerous web sites. Has anyone here tried this
and is it really that effective at protecting your system? Supposedly if you
don't like the results of the experiment- you just turn off the system and
you're back to where you started.

Of course having a good AV program and keeping it up to date is critical so
I do that- but I am always thinking of further enhancements in "safe
computing".

Joe


Re: is a "user account" less susceptible to maleware than an admin. account?



On 30/07/2010 17:53, Joe wrote:
Quoted text here. Click to load it

Malware doesn't need 100% access to system resources. Most malware these
days it mostly designed to harvest information, or to use your computer
to transmit spam. For thsi user-level access is enough.

[snip reference to the "sandbox" or virtual machine method of testing
possible dangerous (infected) software]

HTH
wolf k.

Re: is a "user account" less susceptible to maleware than an admin. account?


Quoted text here. Click to load it

I have a customer who brings his computer in to me about once a month to
remove one of the rogue security apps. He blames it on the grandchildren
when they visit and I suspect he's probably right.
So I am going to put the user account thing to a test. Actually, when you
do a fresh install of Avira 10, the first time you reboot, it pops up a
warning about having administrator rights, so there must be some
credibility about the user account idea.
I already have it set up now and have tested a couple of things. You can't
run msconfig. You can run regedit but if you try to change anything, it
won't let you. It let me update Avira and SuperAntispyware definitions, but
it won't allow MalwareBytes to update.
I'm not sure what all else it will allow or disallow but it is worth a try.
The only real time protection it has on it is Avira 10 and Windows
Defender. Avira usually asks you to shut Windows Defender off when you
install it, but on this machine it didn't.
I have a shop computer I may put a limited account on and try and see if I
can infect it. I'll post the results.
Before anyone asks, I keep an Acronis disk image of that hard drive on
another physical drive and when I'm done playing, I just restoreit.

--
        --- Everybody has a right to my opinion. ---

Re: is a "user account" less susceptible to maleware than an admin. account?




[...]

Quoted text here. Click to load it

[...]

Quoted text here. Click to load it

That is, any malware that requires accessing those particular things
that you prevent it from having access to. Mostly this ability to write
to an actual disk is for malware that is designed to be persistent or
recurring.

Quoted text here. Click to load it

That's true, but damaging the system isn't the only problem to address
regarding malware.



Re: is a "user account" less susceptible to maleware than an admin. account?

Within a non-admin account any program I deliberately start will have no
admin-rights and so will not have the possibility do dig itself deeply into
the registry or boot sector, as I understand it.

But what about exloits exploiting malware, that is code, that starts by
overwriting more or less arbitrary parts of the cpu associated memory - do
the non-admin-account restriction of rights still apply for that, so that
access to registry and boot sector is blocked? Does the OS somehow contain
events of this kind?

Dominik



Re: is a "user account" less susceptible to maleware than an admin. account?



Quoted text here. Click to load it

True.


If I understand your question, no. There will still be privilege
escalation exploits from time to time.



Re: is a "user account" less susceptible to maleware than an admin. account?



So, to sum up the answers, working in user account is helpful, but no
guarantee against anything, kind of gradual improvement.

I wonder if it at least makes it easier to remove the thing, should it have
succeeded to install itself.



Re: is a "user account" less susceptible to maleware than an admin. account?



Quoted text here. Click to load it

No, it is *very* helpful (still no guarantee).

Quoted text here. Click to load it

In order for it to "install itself" it has to have the admin
credentials. If you or your software allow some malware to execute in a
normal user account, it doesn't have the power to install itself in most
cases. If something does indeed get installed, having a user account has
no effect on removability. The thing is, if admin gets tainted - you're
SOL, if your standard user account gets tainted, it may interfere with
your ability to remove it as a user, but you can still go to admin and
erradicate the beast from there. Malware installed by admin can thwart
attempts to use "System Restore" or "Safe Mode" which are both handy
tools to be able to use. Malware installed as a user cannot (by design)
affect other user accounts (especially admin).



Re: is a "user account" less susceptible to maleware than an admin. account?



On 06/08/2010 03:38, dominik lenn=E9 wrote:
Quoted text here. Click to load it

Correct, but it does have access to system resources (else it couldn't=20
run at all.)

Quoted text here. Click to load it

Yes, some malware will do this, and can do it even from a user account.=20
How it's done depends on the OS, but all software must call system=20
resources. AIUI, if malware inserts a system call that gives it access=20
at a deeper level, then it can wreak havoc. This is the method used by=20
viruses and worms. The difficulty of doing that varies: relatively easy=20
with Windows, and difficult with Linux and OS-X.

However, in practical terms, it makes little difference. Even a limited=20
user's access to system resources is enough for the kind of malware=20
that's the real threat these days: trojans, which are used to download=20
and activate the spambots and spyware which are the crooks' tools for=20
getting your personal data and hijacking your e-mail. Any malware=20
running in your user account will have the rights and privileges of that =

account. This includes access to the web, the keyboard, data storage,=20
etc. The malware can use your programs' system calls to run in the=20
background. IOW, it can do anything the user can do.

Windows by default allows a non-admin user far more rights than OS-X or=20
Linux do. But although OS-X and Linux limit these rights by default,=20
they are not immune. People will still open e-mail attachments, and=20
browsers must have some ability to execute code offered by other=20
machines. These routes of infection cannot be blocked 100%, the only=20
thing you can do is scan incoming data for signs of malware.

cheers,
wolf k.


Re: is a "user account" less susceptible to maleware than an admin. account?



On 06/08/2010 03:38, dominik lenné wrote:
Quoted text here. Click to load it

Correct, but it does have access to system resources (else it couldn't
run at all.)

Quoted text here. Click to load it

Yes, some malware will do this, and can do it even from a user account.
How it's done depends on the OS, but all software must call system
resources. AIUI, if malware inserts a system call that gives it access
at a deeper level, then it can wreak havoc. This is the method used by
viruses and worms.

[...]

***
A minor point.

Exploit based malware includes true worms, but not most true viruses.
Viruses don't require *any* software vulnerabilities. There is some
confusion on this point because many viruses were written to demonstrate
software vulnerabilities, although the action that makes a virus a virus
is not dependent upon them.
***



Re: is a "user account" less susceptible to maleware than an admin. account?



On 06/08/2010 17:59, FromTheRafters wrote:
Quoted text here. Click to load it

Thanks. Subtle, but significant.

wolf k.


Site Timeline