Hello ppl,
I recently installed Comodo Internet Security and I would like to know your opinion on this application and how trustworthy it is. Will it keep my computer safe from online attcks and viruses given I don't download vicius apps myseld and not visiting p*rn sites?
You don't need a "Personal Firewall".
Yours, VB.
Yiu should have done that in the first minute after installing XP.
Just the normal way:
- log out as user
- log in as administrator, install the software
- log out as administrator
- log in as user and use the software
Wolfgang
? "Wolfgang Kueter" ?????? ??? ?????? news:gittlv$sgs$ snipped-for-privacy@news.shlink.de...
I just created one right now although it feel unfamiliar with it :-)
Well iam a kind of guy that tries out every day new applications and games.
It will be a tedious task having each time iw ant to install an app logging out and logging in again 4 times.
Is there a way while being in LUA mode to be able to install new applications or remove old ones without having to logout and login again as admin and then logout again so to use them?
Something similar to linux which just by providing the root password while so one can make system wide changes.
Is there an option on LUA to run/install somehtign as addministrator?
It isn't that new. I just found a blog that mentions it back in October
2007You can choose to create a new Windows account that is a limited (standard) account. That will restrict what you can do, and what malware can do, too. Of course, to install software you will probably have to logoff and logon under an admin-level account. This is a nuisance but has been a long-time recommendation by those that don't want to bother using protection utilities on their web browser while logged under an admin-level account. Using a limited Windows account is a lot of hassle but it does have some advantages. I have way to many duties and activities that require using an admin-level account to waste my time trying to use a limited Windows account. I'd be repeatedly bouncing between my standard and admin-level accounts during the day.
A process can be made to run under a LUA (limited user account) token. That is, the process will have the same privileges as that token. Since the token has the limitation of a standard user account, that process is also limited. But that only applies when you run that process under the limited environment. When using DropMyRights, SysInternals' psexec, or other such utilities that run the child process under limited privileges, only the process they start is limited. So if you use them to start the web browser, that instance of the web browser is limited and you get more protection. If you do not use them to start the web browser but instead start the web browser directly, you are running an unlimited browser process just like you are now. Since these utilities only limit the process they start, they will not limit the same process started by some other application, like e-mail. So they do not help to limit the browser when, say, you click on a URL in an e-mail. The only time you'll have a limited browser is when you specifically use these utilities to drop their privileges. Unless you use these utilities to load the web browser, your web browser will be running unlimited.
The author of DropMyRights also wrote a RunSafer utility. It modifies policies for the application to reduce its privileges. That means that program will always run limited no matter what application started it. However, when you need to run unlimited, like when visiting Windows Update, doing an Adobe Flash update, etc., you can't until you rerun that utility to remove those limiting policies. The same is true of Online Armor and its Run Safer option you can enable on an application. It will always run that application under limited privileges and you're stuck having to wade through their config screens to disable the Run Safer option and then go start that application. A lot of hassle.
GeSWall is both a policy enforcer and a near-sandbox. Not only does GeSWall enforce the limited privileges of running a process under a LUA token but restricts it even further as to where in the registry and file system that the restricted process can write or read. Anything downloaded by that restricted process is tracked as untrusted and you'll get warned when you try to run it that it is untrusted. If the payload gets ran, like using a buffer overrun exploit, it is ran inside the isolated mode in which that restricted process is running under control of GeSWall. A sandbox, like Sandboxie, is even more restrictive than GeSWall but also more a nuisance to use if you do want to keep something of your browser session. The next further restrictive step is to use a virtual machine.
You could just use DropMyRights or SysInternals psexec to limit the web browser only when you want it limited, like making a shortcut for it on your desktop and Quicklaunch toolbar. However, that would be the only time your browser is limited. Clicking on a URL link in an e-mail or some application whose help uses the browser to look at the online pages for that help would mean that browser is unlimited. One some of my hosts, I use GeSWall to automatically ensure that every web browser instance is limited and also isolated no matter who started it, plus I can easily switch back to non-isolated, unlimited mode for the browser just by clicking a "G" button in the titlebar. One some of my other hosts, I don't use GeSWall and instead just use the SysInternals' psexec program (or I could use DropMyRights) to limit just the instances of the browser that I choose to start. Depends on the software config on a host and how comfortable you feel with what level of interfering security. All security interferes with your work, some methods being worst than others.
Google bought GreenBorder which was a sandboxing utility. They incorporated it into their Chrome web browser. There is also separation between each tab that you open in that it starts another process plus each is using the GreenBorder technology to sandbox each tab's process. I haven't experimented much with Chrome. While it does have some very good advances for web browser features, I simply don't like it. Not just because of its slimlined UI but mostly for a lack of features along with the lack of an army of add-ons to customize it. For one, when using a sandbox for the web browser, like Sandboxie, I can choose to keep some content from sandboxed environment when I close the browser. Can't do that with the sandboxed tab processes for Chrome. If wanted to go further than GeSWall to limit and protect my web browsers, I'd probably look into Sandboxie (alas, their free version is just too crippled in that it won't protect all instances of an application no matter who starts it and it turns into nagware after the
30-day trial). I do hope that it will spur Microsoft and Mozilla to incorporate similar sandboxing into their browsers. See Google's comic strip for more info about Chrome and its limited sandboxing scheme on page 25 at:
"Fast User Switching" or "Run As..." come to mind ...
cu
59cobalt
Since Microsoft has documented that the *desktop* not the process is the security boundary with Windows, that's most definitely *not* what you want to do. Instead you want to create an LUA, do your everyday work with that account, and only switch to an admin account to do administrative work.
cu
59cobalt
Huh? Just where did I ever mention the desktop process (the first instance of explorer.exe) being the parent of all processes? It can be. It might not. I said these utilities only limited the child process it starts and why they are NOT complete solutions if and only if you demand that all instances of a particular process be limited. The part you snipped out was were I mentioned that other solutions take care of limiting ALL instances of that program no matter how it was started. Some folks like it always protected (but might also want some means of temporarily disabling the protection) so the method of using a utility for those instances you want to protect is what they want. They don't want to use a limited Windows account. Some want all instances protected for only some programs but not all of them so the 3rd party utilities, like GeSWall, DefenseWall, Bufferzone, Sandboxie, SafeSpace, etc., let them default to limiting those processes but they still have an "out" when limiting the process makes it unusable.
Please provide a references to that Microsoft documentation.
The "desktop" is just explorer.exe handling it. You could, if you wanted to and found one that was usable, replace that desktop program with some 3rd party program. Securing the boundary of a process is how you secure it. You don't need to backtrack through every parent process in the chain since it isn't the parent(s) that are committing the actions that you want to secure. Even the 3 techniques that Microsoft went with in Vista (User Access Control, Mandatory Integrity Control, and User Interface Privilege Isolation) do not try to secure at the desktop since only sometimes is that instance of explorer.exe the parent process.
The majority of your programs are local and don't need to be limited. It is your Internet-facing apps that you want to limit, with the web browser being the primary target and e-mail client is the 2nd target. I'd like to see just how productive you would be in a software QA position in trying to install, uninstall, and debug programs while under a limited Windows account. Whether a limited Windows account is the solution depends entirely on how you use your own host and for what tasks. Hell, even many games won't play under a limited account. You say to only switch to an admin-level account when there are admin tasks to perform. What if those admin tasks constitute the large number or majority of the user's tasks? Security is great but ONLY if it doesn't get in the way of the user performing the tasks they want to perform. So how many multiple levels of doors do you lock when you leave your house? After you starting adding several levels, when would you realize that they are getting too much in your way?
Your browser running under a limited (standard) Windows account or loaded under restrictions of a LUA token while you are logged in as an admin will still have the same set of limited privileges. You haven't gained anything going to a limited Windows account for the browser that you couldn't have had while running it under an admin account with the same limitations. The same loss of privileges for the web browser occurs under the limited account or under the LUA token.
If you want to see what privileges your browser has, get SysInternals' Process Explorer. Right-click on the browser process in Process Explorer and look at its properties to see it security properties (privileges). You don't have any more privileges running under a LUA token under an admin account as you do for it running under a limited account.
Also, running with reduced privileges is only one layer in malware protection. Don't expect it to protect you from all pests. Do you think Google Earth cannot be installed under a limited account? It installs because it simply deposits (copies) files into the user's profile path to which they have write access, and it will run from there because the user had execute permissions there, too. The "install" is simply a copy and it will run under that limited account. That the payload cannot perform some functions doesn't prevent it from, say, deleting all your files since the user under a limited account can do that, too. Don't expect limited privileges to provide some magic bullet against malware. It's just another layer of protection.
Ansgar wrote:
Providing the host has enough memory to accommodate leaving all the processes running from the limited account so you can switch to another admin-level account. Fast User Switching leaves all the processes running. Plus is isn't just software installs for why users may need to be logged under an admin-level account. Fast User Switching (FUS) will add 10MB of memory consumption to each context (each active account), and then there's the memory consumed by each application you run in the other concurrent active account. That 10MB can vary widely greatly depending on how many startup programs are loaded when you open the other account through FUS (Startup folder, Run registry key, winlogon events, and other startup locales in the registry); however, you really shouldn't be loading much in your admin-level account but even the security programs will consume memory.
There are also some applications that won't run under Fast User Switching (because they won't run concurrently under multiple active Windows accounts). Some clipboard manager utilities come to mind. They weren't designed to have multiples of themself running as the same time, especially under different accounts with different privileges (policies). The were designed to run under an NT environment but not under a multi-user environment. The user would have to ensure that such programs did not get loaded on login for the admin-level account to prevent the duplicity. Yeah, you could get rid of this software but it might be something you really want or truly need to do your work. The point of the computer is to do the tasks that you want. You pick your applications based on your needs and then choose the OS. The other way around has you selecting the OS and using its security features but maybe losing critical applications because they won't work under concurrent active accounts. You need the application first (to do your required tasks), not the OS (which is just the plate on which you serve the meal). Also, in the KB 294739 article below, you might have installed (or you might later install) an app that interferes with Fast User Switching (FUS). There have been many users that complained that they were using FUS and then it stopped working. I believe another reason FUS stops working is if the user enabled offline files
There is also the problem of trying to share resources across the multiple active accounts. An open file handle for a file in folder could cause problems in the other account that wants to delete the folder or have write permission to that file.
Remember that Fast User Switching is *not* available when connected to a domain for Windows XP (it is available when on a domain when using Vista). It is only available in a workgroup setting because it only lets you switch between local accounts. nik never mentioned WHICH version of Windows that he is using, or if he is logging onto a domain or logging on locally (into a workgroup). Read
When using the Welcome Screen, you divulge half your logon credentials to anyone that can see that screen, like when letting other users use your host (even when using their own accounts). Besides trying to get my password, I'd also like to make they try getting my logon name.
Some users like to leave the password blank to their account for ease in logging in although it removes a major security feature of NT-based Windows. FUS requires that at least one of the accounts between which you are switching has a non-blank password.
Be careful of locking yourself out of your accounts. A security policy locks an account if too many unsuccessful logon attempts are executed against an account. You can see these values in the group policy editor (gpedit.msc) or local security policy editor (secpol.msc). If you are the only user of your host, this probably won't happen. If you let others share your host and they use FUS to try cycling to another account and do it enough times then they could lockout your account(s). If you share and use FUS, you might want to reconsider the current settings for the lockout security policies (to shorten the lockout period and the number of bad attempts). If you're on a domain, you don't get to modify those policies that get pushed to your host (unless you have an admin login on the domain that gives you privileges to your own host to make registry edits using .reg files in your Startup folder).
Many software installs that require admin privileges to complete will also require a reboot. That means you will be slamming your other account that you switched away from but which may still have applications running and open files. Make sure to close all apps in the other non-admin account before you permit the reboot for the install in the admin account (hopefully the install will prompt for a reboot instead of just doing it without permission).
I haven't bothered to investigate into any security vulnerabilities of using Fast User Switching simply because I don't use it myself (i.e., for me, any vulnerabilities would be a non-issue).
There can be advantages to Fast User Switching. There can also be disadvantages and pitfalls but if you can avoid them without losing any tasks that you need to perform then it's one way to do most of your tasks under a limited account and have an admin-level account within easy reach.
In a day and age where RAM is measured in GB rather than MB, and for a system with only a single user like the OP seems to have, that's hardly a problem.
[...]Don't use b0rken software. Problem solved.
[...]That's plain and utter nonsense. I'd like to see a single valid reason for this ridiculous claim.
Boot the recovery console, rename the administrator profile, reboot, log in as administrator. A new profile will be created. Not that it were a bad thing to have a backup admin account, it's just not necessary.
cu
59cobalt
You didn't. And I never said you did. You missed my point.
Ummm... yes, I am well aware that explorer.exe manages the desktop. I'm also aware of how the default shell can be changed. However, that doesn't change a single thing about how the window messaging system works.
Unfortunately it's not that easy, since the Windows GUI adds another method for IPC (sending messages between windows) that does not have any security system at all (or, judging from the blog article you mentioned below, did not have one before Vista). That leaves it up to each single programmer to handle incoming messages, and Visual Studio's default is, of course, to use the default handlers provided by Microsoft.
Apparently Vista introduced some kind of privilege separation there, so Vista may be fine (assuming that this system is working in the first place). However, if the OP uses XP or earlier (not sure if he does, AFAICS he didn't mention his OS) that simply won't work.
cu
59cobaltI didn't understand these sentense. Can you please put it simpler?
But as an aswer to me in a previous post in this thread you said that administrative tasks can be done with ease by selecting "Run as..." within a LUA. Correct? So, why switching back and forth from LUA to admin-level when he can do out admin task within our LUA enviroment?
? "VanguardLH" ?????? ??? ?????? news:giut1p$7ra$ snipped-for-privacy@news.motzarella.org...
Very nice and straightforward comparisation.
But PLUS extra functionality in case (2) where all admin tasks such (install, update, remove.debug) can be performed with ease and without the hassle of switchign back and forth to deifferent-level accounts.
a) At that point can you please explain to me the GREATEST REASONS of running under a windows limited account or running under LUA token under admin account opposed of running as iam now, which is JUST PURE admin level?
I would be understanding this better if you can tell me in case of an ypothetical infection of a malware (i.e.trojan horse) what this can do to an admin level account that wouldn?t be able to do in a limited account.
Lets say the infection came place from firefox visiting an infected webpage.
b) One last thing folks I would like to ask is for example lest say I keep using my admin account running my internet-facsing apps apps full privileged.
Why do all the security stuff you mentioned when I have CPF installed on my admin account which is eligible to notify me on EVERY malicious possible action a malware that?s found its way into my system trying to perform?
If ti tried to put itself on winxp startup it will tell me about it and I block it, same way if it tries to inject data to another proccess I will be notified and block it, or if it tries to use windows services to abuse them and hide it self I will also be notified to blcom it.
So ig I have such good protection with CPF why bother installing software like DropMyRigths or 'psexec'? CPF is a tough cop and spy as to what happens on my system and NOTHING WILL EVER BE INSTALLED OR DO SOEMTHIGN HARMUFULL WITHOUT ME KNOWING ABOUT IT AND ALLOW IT?
Won't you agree with me?!
Thanks for the info. Regarding services, my recollection is that you always had to design them to be non-interactive; otherwise, they could hang waiting for human intervention that never occurs. Back when we QA folks (not programmers per se) had to convert a program into a service using srvany, one of the requirements was that the program must not have any UI and require no human intervention. Of the security products that I've tested, some use a service but have a separate UI app to control its configuration or behavior.
Regarding the messaging system between windows, that's what the application virtualization, sandboxing, or isolation security product is supposed to be controlling or restricting between the red (isolated) and green (non-isolated) processes.
That I didn't know. Thanks for the info. My reading of the isolation security apps that I was interested in was that they do control the window messaging between red and green apps.
nik gr wrote:
Just to be sure, I'm just presenting an alternate to having to bounce back and forth between admin and non-admin accounts. For the majority of users, the blanket statement to do your work under a non-admin account is still good advice. It's just not advice that is usable by all users but for them they need to add more security than what they get just with Windows.
While LUA gives added security, it not a panacea. However, it may eliminate the need to be installing and running more security software that can cause conflicts between themselves, consumes more memory and CPU cycles, and overly restrict wanted behavior in applications than what would occur under a LUA. There is a lot of security software out there using different protection techniques and a lot of it doesn't work with each other. Trying to find a entire security suite that is all compatibile is something akin to alchemy, and what works today might not work tomorrow due to version changes that alters compatibility.
The HIPS (Defense+) portion of CFP might prompt when it sees the small payload delivered by a buffer overrun (assuming the app was allowed to continue running upon the detected buffer overrun which SafeSurf is supposed to catch). You would have to allow that code to load and run by answering OK to the prompt. However, since the payload is running within the same process or as a child of it, and since you permitted the parent app to load (it's something you do want to run) then you might not get a prompt. Back in version 2 of CFP, you could have it alert when a parent wanted to start a child process. I don't recall if they carried that forward to version 3. It isn't available in Online Armor. I do know that when you okay a process, and if you have it in Paranoia mode, that any additional behaviors detected later for the same app will get prompted and it'll be up to you to figure out at that time if you want to allow the additional behaviors. The problem here is that an app may not exercise all its behaviors during your initial use of it, so as you continue using the app then CFP will alert when you later trigger the additional behaviors in that app. That's why HIPS, especially at an extreme alert level, can be daunting to the typical user to figure out how to properly configure for a good app. Both Comodo and OA provide whitelists for many known good apps to reduce this prompting but CFP doesn't use them in its paranoia mode (because that mode is what you selected to have it prompt you about every behavior).
Answering all the prompts in paranoia mode can waste more time than you want to spend. After all, the point of your computing platform is to get your tasks done, not to tweak the OS and security programs trying to harden that OS. I've gone that route where I had trialed many security products trying to achieve the most secure Windows that I could have but the performance and resource impact was too great, responsiveness of the host was reduced, and I got tired of doing what seemed more work securing the OS and apps than of actually using them. Too much security is itself an interference - and, to some degree, also achieves what the malware author intended: you spend inordinate resources trying to protect yourself. Like terrorists, even if they don't attack, they still get some satisfaction from your fear and all your efforts to protect yourself.
There's ultimate protection. And then there's good-enough protection. Do you everyday wear a Kevlar vest, pants, and bullet-resistant helmet based on the premise that maybe one day someone shoots at you? Not even SWAT does that. Trying to come up with a "flavor" for a security suite for everyone just ain't gonna happen. Some are more paranoid than others. Some users are more thoughtful or educated regarding their use of their host. Some want someone else to come up with hardcoded expertise instead of them figuring it out. Even what I like today might not be what I like tomorrow for my security suite.
Based just on your original question, is CFP good, yes, it is. It is all that you will need? No, especially in regards to its antivirus component. How much more do you need? Depends on how badly you want to choke your system. Over time, I end up with security products that I eventually decide are beyond my comfort level. Besides, I'm willing to flatten my host and do a fresh install of the OS and apps if need be, plus I do incremental image backups that let me snapshot back to before the infection. I don't spend more than a couple evenings trying to disinfect my host since that's how long it would take me to rebuild it (and even shorter for restores).
Security is nice but don't get too carried away with it.
Compromising one account won't compromise the entire system. Also malware running with limited privileges won't be able to install a rootkit to hide its presence. What more reason do you need?
[...]Despite any claims the manufacturer may or may not have made in this respect, that's simply not possible.
Ask yourself:
a) How would a program manage to detect every possible kind of malware? b) How would a program manage to reliably distinguish between user actions and actions carried out by some software in place of the user?
The answer to both questions is, of course, very simple: it can't.
If the program were to intercept every possible kind of communication a malware might abuse, you'd be flooded with notifications, because other (legitimate) programs use the very same mechanisms. That's simply not feasible.
Your delusions notwithstanding no software is capable to guarantee that. And you simply won't notice if some malware slips by undetectedly. In which case your entire system will be compromised.
cu
59cobalt
No.
My wording was probably misleading here. Sorry. I meant "switching" in a broader context here. Not only logging off and back on with an admin account, but also by using FUS or executing a program via "Run As..." under an admin account.
However, RunAs is only a workaround, because programs will share the same desktop, meaning they may be susceptible to something like shatter attacks carried out by malware running with reduced privileges. The advantage is, that you limit the time programs with elevated privileges are exposed. The better (more secure) way is to log off, log on as an admin to do your admin tasks, then log off and back on with your normal user account. Yes, that's not necessarily convinient.
With Vista Microsoft seems to have introduced some additional kind of access control, so that shatter attacks may not be an actual problem in this scenario anymore. However, I don't know enough about this new system to make any statement about its reliability. Conservative approaches like logging off and back on are virtually always the safest bet when it comes to security.
cu
59cobalt
Before using Chrome, you want to Google around regarding its security. It has features to improve security but then there are gotchas, like:
a) Of course CPF it cant detect every possible kind of malware but it can analyse the behaviour of a weird executable that is trying to meddle with windows itself by means of gain ing access to specific system services or creating hooks or using shared dlls. The moment such thing might occur then CPF will alert me to react to these actions by allowing them or block them
b) Same as answer (a). CPF can't tell if I made an action or some trojan did. But by analysing the nature of the action, its behaviour, as in what it tries to mess with it will notify me for the event taken place.
I would be flooded with notification only by non-valid windows component/applications tryign to perform trickery, legitimate windows service wont be filling me with pop up alerts.
I still aint convince of why CPF by itslef aint enough for protecting me since it seems it can understand all the mechanism an app can use to alter data on my system or to create communication paths.
Personally I feel pretty safe with CPF.
? "VanguardLH" ?????? ??? ?????? news:gj3l4f$r10$ snipped-for-privacy@news.motzarella.org...
Great! We finally came to the day when everythign we type is recorded by our browser and then sent away to various other 3rd party analysers.
IE 8 will incorporate that function too.
Safety no more for ppl then. Firefox will embed such keylogger actions to iself as well?
What will we be using then if all companies do the same?
Perhaps learn C++ and program a browser of our own?!
Very sad....
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.