Security Incidents: RE: IE Malware / Spyware Control Methods

["Bernie Cosell" <bernie () fantasyfarm com>]

On 11 Jan 2005 at 16:11, Jeff Bryner wrote:

> Has anyone resorted to 'run as'  or dropping rights within a process to
> control administrative access within IE: 
I've been doing that since the day I first loaded XP/Pro.  It really 
works very well.  I didn't know about the registry flag trick mentioned 
here:

> Run as with explorer (or ie)
> http://blogs.msdn.com/aaron_margosis/archive/2004/07/07/175488.aspx
for running explorer, but I just use IE [and I can't remember how, but I 
discovered the "put Control Panel in the address bar" trick].  I can go 
weeks at a time without having to log in on my Admin account _at_all_.

Another trick is that when you need to install something, you can just 
"RunAs"/Admin the setup.exe file out of your limited account.

The only tricky part is chasing down the little niggles of improperly 
coded programs: the most common one is programs that require write access 
to their install directory but you run into all sorts of infelicities 
[e.g., needing access to odd registry keys].  If you can figure out what 
the program needs, it is usually easy to tweak the security settings [via 
an IE browsing the filesystem, of course..:o)]

Meta question: does anyone know if [and if so, how] to use the security 
auditing machinery to figure out what a program needs?  The usual 
situation is that you install a program [runas/admin] and then you try to 
run it from your limited account and it just won't run...  I have this 
feeling that I should be able to turn on some sort of event logging or 
some such in XP and then just go to a log to see what the program tried 
to do that it was denied access to, but I haven't been able to figure out 
how to do it...

  /Bernie\

-- 
Bernie Cosell                     Fantasy Farm Fibers
mailto:bernie () fantasyfarm com     Pearisburg, VA
    -->  Too many people, too few sheep  <--