Jump to content


Photo

User Privileges and Infection


  • Please log in to reply
9 replies to this topic

#1 NobleTruths

NobleTruths

    Advanced Member

  • Helper Trainee+
  • PipPipPip
  • 168 posts

Posted 17 March 2010 - 10:15 PM

If someone is using a user account that has limited (non-admin) privileges, can an infection still over-take the computer and effect administrator privileges (self-elevate)? Likewise, can an infection on one account cross to other accounts on the same computer? My sense is "yes" for the second, due to common programs/etc....but I am not sure about self-elevation of privileges.
NO AMOUNT OF ENLIGHTENMENT
CAN ALTER THE WAY THINGS ARE.
IT IS OUR PERCEPTIONS,
NOT THE WORLD ITSELF,
THAT MUST BE TRANSFORMED.

#2 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,920 posts

Posted 17 March 2010 - 10:53 PM

Did you research these subjects before asking your questions?

I Googled "limited user account" and this was the first hit.
http://www.microsoft...seraccount.mspx

Now, how about you research your second question, then tell us the answer.
a109.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#3 NobleTruths

NobleTruths

    Advanced Member

  • Helper Trainee+
  • PipPipPip
  • 168 posts

Posted 17 March 2010 - 11:14 PM

Actually, my question arose because I was reading about that, lol. But that article states:

If you work in a Limited User account, you might be able to decrease the effect of a virus or other malicious software.

The word "might" is what got my mind churning. Most of my research kept using the same cautious wording. So, I figured I would ask the most experienced people I knew who had front-line battle experience. I will get back with you when I definitively answer the second question...i.e., after a good night's sleep. :closedeyes:
NO AMOUNT OF ENLIGHTENMENT
CAN ALTER THE WAY THINGS ARE.
IT IS OUR PERCEPTIONS,
NOT THE WORLD ITSELF,
THAT MUST BE TRANSFORMED.

#4 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,920 posts

Posted 17 March 2010 - 11:29 PM

That article also states: "If you suffer an attack from malicious software, the attacker can gain access to your computer through the account that you're using—limited accounts give the attacker limited access, and administrator accounts give the attacker administrator access."

I think that answers your question. Nothing ambiguous about that.
a109.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#5 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,814 posts

Posted 18 March 2010 - 01:48 AM

It sort of depends on the infection, but generally, using a limited account is more advantageous than an administrator account (security-wise).

Please consider donating to help support the continued prompt and excellent services of this site.


#6 dave38

dave38

    Devout Murphyite!

  • Retired Staff
  • PipPipPipPipPip
  • 8,508 posts

Posted 18 March 2010 - 02:05 PM

The disadvantage of a limited account is that many programs will not work. So many people, me included, use an admin account so that while you are more open to infection, at least you can use all the programs on the computer!
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#7 NobleTruths

NobleTruths

    Advanced Member

  • Helper Trainee+
  • PipPipPip
  • 168 posts

Posted 18 March 2010 - 10:15 PM

It sort of depends on the infection, but generally, using a limited account is more advantageous than an administrator account (security-wise).

When you say it depends upon the infection......would I be correct to assume that a "simple" infection gets limited, but a zombie-creating botnet would still overwhelm the system?
NO AMOUNT OF ENLIGHTENMENT
CAN ALTER THE WAY THINGS ARE.
IT IS OUR PERCEPTIONS,
NOT THE WORLD ITSELF,
THAT MUST BE TRANSFORMED.

#8 NobleTruths

NobleTruths

    Advanced Member

  • Helper Trainee+
  • PipPipPip
  • 168 posts

Posted 18 March 2010 - 10:34 PM

Likewise, can an infection on one account cross to other accounts on the same computer? My sense is "yes" for the second, due to common programs/etc....



Now, how about you research your second question, then tell us the answer.

Further research shows that, yes, the infection will effect multiple account, as I suspected, if it effects the Operating System or shared programs. Multiple accounts only keep data separate.
NO AMOUNT OF ENLIGHTENMENT
CAN ALTER THE WAY THINGS ARE.
IT IS OUR PERCEPTIONS,
NOT THE WORLD ITSELF,
THAT MUST BE TRANSFORMED.

#9 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,920 posts

Posted 18 March 2010 - 10:40 PM

Further research shows that, yes, the infection will effect multiple account, as I suspected, if it effects the Operating System or shared programs. Multiple accounts only keep data separate.


Well done! :clapping:
a109.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#10 NobleTruths

NobleTruths

    Advanced Member

  • Helper Trainee+
  • PipPipPip
  • 168 posts

Posted 19 March 2010 - 12:35 PM

This is a blog what addresses some of my questions:
http://www.blueridge...download-attack

In part it states:

No, LUA still leaves computers vulnerable from drive-by download attacks that steal password/credentials, copy data records and documents, destroy files, ransom user content, serve as an attack platform inside an enterprise firewall, and serve as one of thousands of other computers as part of a Botnet. LUA just makes it more difficult for attackers to burrow their malware so deep into a computer (i.e., rootkit) that it may never be detected.


NO AMOUNT OF ENLIGHTENMENT
CAN ALTER THE WAY THINGS ARE.
IT IS OUR PERCEPTIONS,
NOT THE WORLD ITSELF,
THAT MUST BE TRANSFORMED.




Member of UNITE
Support SpywareInfo Forum - click the button