On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 18 of 67:
Next »
« Previous
It's all about file and registry permissions
Any user can execute pretty much any excutable by default, but what that executable is able to do depends on what objects on system the user has rights to.

In Windows each user has their own little profile directory - just like in Unix. Within that directory the user has full rights to everything, which includes their own little piece of the windows registry - you'll find the users registry here: /documents and settings/userfolder/NTUSER.DAT.

In Windows XP, restricted users have read-only access to pretty much every part of the boot drive except for of course their own profile directory. The same goes for the registry - if it not in their portion or the registry, they will only be able to read. Malware can install itself when run as a restricted user, but it would have to install it's files somewhere in the users profile directory and it could only set itself to start up automatically when the user logged on. Backling up the users docs and blowing away the profile directory would remove this type of malware from the system. A few weeks ago, I actually ran into a peice of spyware that kept itself in the users space.

Power users have write access to the program files directory and to the /windows directory - but NOT The /windows/system32/ directory. Power users can also write to certain portions of the registry that affect the whole system, but they can't modify drivers or core system files. While Power users have write access to many parts of the OS, they don't have 'full control', which means they can't take ownership of files and make it so others can't access them. Under Power User rights, malware can install itself onto a system so that it runs for other users, but it can't do any nasty things like install itself as a system service or driver. Theorectically, a peice of malware could install itself so that it runs for all users and wait until an admin logs on (and runs it) to gain even more access to the system.

Administrators, of course, have full access to everything. Spyware that installs under an admin account can do all kinds of nasty things, like modifying permission of it's own files so that you can't delete it, installing itself as a driver or system service, which makes it hard to kill, or writing explorer hooks so that each time it's files are accessed, it installs itself into another random location on the system. The people that write the types of viral malware that do the things I've described above should be whipped, and prosecuted - in that order.

Anyhow, it really similar to the way Unix/Linux works - except in Windows it's much more layered and complicated. The extra complication is a bad thing, because it amkes it really hard to figure out what isn't working when a program fails to run as a restricted user. The end result of this complication has been that application developers sometimes don't bother to write their applications so that they run properly as restricted users and/or users refuse to use their computer as a restricted user because all kinds of things break when they do.

I run my Windows box as a power user. To me it's an acceptable balance between usability and security. As a power user well written programs will install just fine (Firefox is one example) without having to log in as an administrator.
Posted by: toadlife   Posted on: 03/08/05 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Kopete  Linux User 147560 | 03/08/05
Correct me if I'm wrong  NonZealot | 03/08/05
As for your last paragraph  FilledOut | 03/08/05
OK, I'll correct you..  Jeff Spicoli | 03/08/05
Your computer makes a pretty paperweight  NonZealot | 03/08/05
Actually..  Jeff Spicoli | 03/08/05
SRP  Real World | 03/09/05
besides...  linuxoverwindows | 03/09/05
They can run executables  Michael Kelly | 03/08/05
Which ones though?  Jeff Spicoli | 03/08/05
I wouldn't call defrag "simple"  Michael Kelly | 03/08/05
I run as..  Jeff Spicoli | 03/08/05
Re: I run as..  PA-ITGuy | 03/08/05
RE: runas  linuxoverwindows | 03/09/05
Re: Re: run as  NonZealot | 03/09/05
Re; RE: runas  PA-ITGuy | 03/09/05
re: runas - selinux  linuxoverwindows | 03/09/05
It's all about file and registry permissions  toadlife | 03/08/05
Good post  Real World | 03/09/05
They Might be able to  osreinstall | 03/08/05
neh?  linuxoverwindows | 03/09/05
You are correct  Michael Kelly | 03/08/05
You may be right, I may be crazy...  The King's Servant | 03/08/05
rm -rf /  linuxoverwindows | 03/09/05
First socially engineered Linux worm!  NonZealot | 03/09/05
oh, dang  linuxoverwindows | 03/09/05
Although that is useful info...  IT Scion | 03/08/05
Message has been deleted.  Jeff Spicoli | 03/08/05
(nt)I use Trillian for Windows  toadlife | 03/08/05
you can also  jdahs@... | 03/08/05
but its blue and underlined...  linuxoverwindows | 03/09/05
It is not IM  michael-t | 03/08/05
even after a FORCED update, still getting VIRUSES!  matrixdomain | 03/08/05
Did this FORCED update cost money  The King's Servant | 03/08/05
You bite the ...  ShadeTree | 03/08/05
"Proffessional" Geek, not "Vocational" Geek. wink  The King's Servant | 03/08/05
I declare shenanigans!!  Real World | 03/09/05
ive played scrabble but not shenanigans  linuxoverwindows | 03/09/05
Eighter way M$ is so flawed and insecure  matrixdomain | 03/08/05
Let me guess...  toadlife | 03/08/05
Troll  NonZealot | 03/08/05
On that note  toadlife | 03/08/05
I did notice..  Jeff Spicoli | 03/08/05
I think I'm being chased...  The King's Servant | 03/08/05
I'm a proud and virus free Linux user  matrixdomain | 03/08/05
Mike Jr.?  toadlife | 03/09/05
don't have technical discussion?  matrixdomain | 03/09/05
RE: matrixdomain  ShadeTree | 03/09/05
Re: I'm a proud and virus free linux user  matrixdomain | 03/09/05
RE: Matrix Domain  ShadeTree | 03/09/05
there are NO Virus worries in Linux  matrixdomain | 03/09/05
RE: matrixdomain  linuxoverwindows | 03/09/05
RE: don't have technical discussion?  toadlife | 03/09/05
Re: technical discussion  matrixdomain | 03/09/05
Sure thing buddy.  toadlife | 03/09/05
RE: matrixdomain  ShadeTree | 03/09/05
I use windows and am virus free  JasonL31 | 03/09/05
are you sure you don't have a windows virus?  matrixdomain | 03/09/05
Preaching to the choir (didn't you read my full disclosure?)  The King's Servant | 03/08/05
wineX or cedega  linuxoverwindows | 03/09/05
forced update?  linuxoverwindows | 03/09/05
Microsoft takes security-patch hiatus...  Rick_K | 03/08/05
Calling all MS-Trolls. Don't mention "Istanbul"  whisperycat | 03/09/05
who in thier right mind would use msn - lol  JasonL31 | 03/09/05
my right mind  linuxoverwindows | 03/09/05
Here's how much Windows Viruses will cost you  matrixdomain | 03/09/05
speechless...  linuxoverwindows | 03/09/05

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

SmartPlanet

Click Here