9 replies to this topic

[NobleTruths]

If someone is using a user account that has limited (non-admin) privileges, can an infection still over-take the computer and effect administrator privileges (self-elevate)? Likewise, can an infection on one account cross to other accounts on the same computer? My sense is "yes" for the second, due to common programs/etc....but I am not sure about self-elevation of privileges.

[Rocket Grannie]

Did you research these subjects before asking your questions?

I Googled "limited user account" and this was the first hit.
http://www.microsoft...seraccount.mspx

Now, how about you research your second question, then tell us the answer.

[NobleTruths]

Actually, my question arose because I was reading about that, lol. But that article states:

If you work in a Limited User account, you might be able to decrease the effect of a virus or other malicious software.

The word "might" is what got my mind churning. Most of my research kept using the same cautious wording. So, I figured I would ask the most experienced people I knew who had front-line battle experience. I will get back with you when I definitively answer the second question...i.e., after a good night's sleep.

[Rocket Grannie]

That article also states: "If you suffer an attack from malicious software, the attacker can gain access to your computer through the account that you're using—limited accounts give the attacker limited access, and administrator accounts give the attacker administrator access."

I think that answers your question. Nothing ambiguous about that.

[screen317]

It sort of depends on the infection, but generally, using a limited account is more advantageous than an administrator account (security-wise).

[dave38]

The disadvantage of a limited account is that many programs will not work. So many people, me included, use an admin account so that while you are more open to infection, at least you can use all the programs on the computer!

[NobleTruths]

It sort of depends on the infection, but generally, using a limited account is more advantageous than an administrator account (security-wise).

When you say it depends upon the infection......would I be correct to assume that a "simple" infection gets limited, but a zombie-creating botnet would still overwhelm the system?

[NobleTruths]

Likewise, can an infection on one account cross to other accounts on the same computer? My sense is "yes" for the second, due to common programs/etc....

Now, how about you research your second question, then tell us the answer.

Further research shows that, yes, the infection will effect multiple account, as I suspected, if it effects the Operating System or shared programs. Multiple accounts only keep data separate.

[Rocket Grannie]

Further research shows that, yes, the infection will effect multiple account, as I suspected, if it effects the Operating System or shared programs. Multiple accounts only keep data separate.

Well done!

[NobleTruths]

This is a blog what addresses some of my questions:
http://www.blueridge...download-attack

In part it states:

No, LUA still leaves computers vulnerable from drive-by download attacks that steal password/credentials, copy data records and documents, destroy files, ransom user content, serve as an attack platform inside an enterprise firewall, and serve as one of thousands of other computers as part of a Botnet. LUA just makes it more difficult for attackers to burrow their malware so deep into a computer (i.e., rootkit) that it may never be detected.