Text 8932, 127 rader
Skriven 2006-01-02 14:30:08 av Rich (1:379/45)
   Kommentar till text 8930 av Mike N. (1:379/45)
Ärende: Re: Kodak EasyShare software
====================================
From: "Rich" <@>

This is a multi-part message in MIME format.

------=_NextPart_000_04F3_01C60FA9.0832E280
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   A normal user has access to that own user's settings which include =
which programs run when that user logs in.  This user can't change the =
configuration of other users unless those others users allow it.  My =
suggestion to home users is to make sure that any administrative = accounts
have a password assigned and when they do so and are asked if = this user's
files should be made private that they answer yes.  I = discourage users from
creating folders for data files outside the user = profile directories where
file security provides isolation.

   For many if not most viruses and trojans, this may make little =
difference.  To do what is often attributed to to recent malware admin = rights
aren't needed.  You can still display advertisments or act as a = relay for
spam or pretty much anything else you want once the infected = user logs in.  I
agree that it is bad that Kodak's software requires = running as admin.  It is
a problem and sometimes a serious one but it's = not the problem some folks try
to make it out to be.

   Together with use of antimalware applications running as an admin is =
more dangerous.  An admin user can subvert malware detection easily.  A =
non-admin can't.  The ability to become infected is similar but the = ability
to evade detection or cure is very different.

Rich

  "Mike N." <mike@u-spam-u-die.net> wrote in message =
news:le6jr1h0n67l0leprnpp636n6l6fcoos5t@4ax.com...
  On Mon, 02 Jan 2006 14:40:04 -0500, Gregg N <invalid@invalid.invalid>
  wrote:

  >That's not true; virus could still be installed and set to start=20
  >automatically.

     This assumes that the Low Privilege user account has access to the =
start
  menu or registry.   However privilege escalation will always be an =
issue,
  as well as fooling the user into authorizing privilege.
------=_NextPart_000_04F3_01C60FA9.0832E280
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2802" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; A normal user has access =
to that own=20
user's settings which include which programs run when that user logs =
in.&nbsp;=20
This user can't change the configuration of other users unless those =
others=20
users allow it.&nbsp; My suggestion to home users is to make sure that = any=20
administrative accounts have a password assigned and when they do so and =
are=20
asked if this user's files should be made private that they answer = yes.&nbsp;
I=20
discourage users from creating folders for data files outside the user =
profile=20
directories where file security provides isolation.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; For many if not most =
viruses and=20
trojans, this may make little difference.&nbsp; To do what is often =
attributed=20
to to recent malware admin rights aren't needed.&nbsp; You can still =
display=20
advertisments or act as a relay for spam or pretty much anything else = you
want=20
once the infected user logs in.&nbsp; I agree that it is bad that = Kodak's=20
software requires running as admin.&nbsp; It is a problem = and&nbsp;sometimes
a=20
serious one but it's not the problem some folks try to make it out to=20
be.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; Together with use =
of&nbsp;antimalware=20
applications running as an admin is more dangerous.&nbsp; An admin user =
can=20
subvert malware detection easily.&nbsp; A non-admin can't.&nbsp; The = ability
to=20
become infected is similar but the ability to evade detection or cure is =
very=20
different.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV>"Mike N." &lt;<A=20
  href=3D"mailto:mike@u-spam-u-die.net">mike@u-spam-u-die.net</A>&gt; =
wrote in=20
  message <A=20
  =
href=3D"news:le6jr1h0n67l0leprnpp636n6l6fcoos5t@4ax.com">news:le6jr1h0n67=
l0leprnpp636n6l6fcoos5t@4ax.com</A>...</DIV>On=20
  Mon, 02 Jan 2006 14:40:04 -0500, Gregg N &lt;<A=20
  =
href=3D"mailto:invalid@invalid.invalid">invalid@invalid.invalid</A>&gt;<B=
R>wrote:<BR><BR>&gt;That's=20
  not true; virus could still be installed and set to start=20
  <BR>&gt;automatically.<BR><BR>&nbsp;&nbsp; This assumes that the Low =
Privilege=20
  user account has access to the start<BR>menu or registry.&nbsp;&nbsp; =
However=20
  privilege escalation will always be an issue,<BR>as well as fooling =
the user=20
  into authorizing privilege.</BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_04F3_01C60FA9.0832E280--

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)