Quoting Kulju:

Quote:
Quoting Rifter:

Quote:
Come on, get serious.  You and I both know the average user has about as much technical knowledge as a chimpanzee.

Exactly my point, thats why one should never use computer with admin-rights! There are only two points:
a) you don't have technical knowledge --> don't use with admin rights
b)you have technical knowledge --> you are wise enough to not use with admin rights. If you still do, see a).

Quote:
but that environment and my 3 PC home network are completely different animals and require different methods for proper functioning.

There are no difference if you have 3 or 3000 cmputers. Basic pricipals are still the same.

Quote:
As Achim noted, there are too many restrictions placed on the user level.

Name one exept calendar...If you don't know how to do other things, I'm willing to give you help if you want.

Quote:

  Ultimately, though, it is MY computer, and I should have the right to utilize it any way I see fit to and Microsoft be damned

Ultimately it is my thumb and it is my right to hit it with a hammer if I like, but that's not too smart eather. Of course you can use your computer logged in with admin-rights, but that's just stupid. Please continue to do so, but don't recommend that to any other user.

Well, guess what, slick.  That's your OPINION.  My opinion differs, as it is my right to do.  You don't like it?  Tough, keep your comments to yourself, and don't tell me what to do.  Other users can make up their own minds without you acting like the almighty's gift to computer users.  I don't require anybody else to agree with me, nor do I call them stupid for not doing so.

ETA: Moo

Quoting jbartlett777:

Quote:
I have seven computers in my house, five of which are always on and I always log in as an Admin user, and the last virus I had was the Form virus back in 1992.

And again...If one likes to get in to your computer viruses are really "old school". Major point is to get target computer under your control so that the real user don't know ANYTHING about it. Every time you get caught by a viruss canner etc. you don't get anything out of that machine. Viruses are so "passe".

Hi Guys,

Regarding adding images: clicked icon 'temp allow script' > click again image icon brings up the following

Explorer User Prompt
Script Prompt
IMG URL:

http://_______________

providing a path, does not insert an image. are the images just from net, or can they come from hd? Seems very strange. Thanks and

Take Care
Rico

Rico

Quoting hydr0x:

Quote:
I gotta agree with Kulju here, Rifter you have no idea about the OS structure and you're spreading false information

1) You're not right with your "my private pc won't be attacked by pro hackers because there's nothing of interest on it". WRONG. Even if there's no data on it, what's of interest is it's computing power. Hackers don't hack your pc to get your data, they hack it to USE it for their plans.

2) "Good" hacks are the ones you don't notice. Which means that you not noticing being hacked means nothing.

3) All your precious security software is absolutely worthless if you run with admin rights, why did you even pay for it? Any semi-skilled hacker can surpass that kind of software if you have admin rights. Hardware firewalls are indeed more secure, but not unhackable, and certainly not only hackable by pros.

4) Not using admin rights is possible without any noticable loss in functionality. I've done it with Windows 2000, Windows XP Pro and now Windows Vista for years and never had real problems with it.

5) If you think it's MS trying to force you into something you should try out more secure OS. The Windows user right limitations are ridiculous (especially pre-Vista) compared to some other OS out there.

You people really ought to mind your own business.  You don't know what I have on my computer in the way of security measures, and you don't know anything about my procedures.  You're talkin' out your backsides if you continue to say you do. 

The vast majority of people get into trouble by not maintaining any kind of protection at all.  You don't want to use admin rights, fine, don't.  But don't presume to tell anybody else what to do.  You don't have the right.

Quoting hydr0x:

Quote:
Quoting Rifter:

Quote:

The vast majority of people get into trouble by not maintaining any kind of protection at all.  You don't want to use admin rights, fine, don't.  But don't presume to tell anybody else what to do.  You don't have the right.

You just don't get it. It's not about telling YOU what to do, if you want to leave your pc unsecure, fine, no one cares. The problem is that you're spreading false information here, making people believe they are on the safe side if they just run enough security software. The truth is, security software isn't worth a cent if you're using admin rights. That's what people need to know and we're just stopping you from telling them otherwise just because you think you know something about this topic, which you obviously don't.

But you seem to be implying that if i don't run with admin rights i CAN'T get hacked, that's not exactly correct either. Alot of people get hacked or get a virus because they don't use common sense when the use the internet, they download programs from just anywhere they find them just because they're free, or they believe anything they see in an e-mail.

Rob

If you had to ask that question, you probably shouldn't be running with admin rights. As for "just to make sure I'm not vulnerable" that is laughable.

Do not be fooled by anyone stating otherwise, you are vulnerable, everyone with a computer is vulnerable.

However that quote is also incorrect. The effectiveness of your security software will not be compromized when running as an admin user. AV, firewalls, IDS, IPS and HIPS systems detect/block what they are configured to or detect/block.

Running as user means that malware/hackers may not under certain circumstances be sucessfull, typically spyware and adware that tries to install software as the logged in user will fail.

However a bot that sucessfully exploits a process with local system priveliges will sucessfully attack both systems.

Both of the above scenarios require your security software to not detect or block the malware/hacker and the system to be exploitable in some way.

Running as admin means that "if" malware gets into your system, the malware/hacker will have an easier time gaining full control of your system, assuming they havn't coded the malware to escalate it's priveliges. In which case it'll make no difference either way.

My last point is that the malware/hacker may not require admin rights in order to carry out what they want to do. A distributed denial of service attack may only require an IE browser to be started and pointed at a particular site.

The guys on Wilder and many other such sites are security experts, just because they do something doesn't mean it's right for everyone, they aren't relying on their security software to protect them, their systems can be restored quickly and easily to a previous state. They are running multi level protection and monitoring systems. If you aren't doing the same you probably should be running as admin.

As a general rule of thumb, if you don't need to be running as admin you shouldn't be running as admin.

This is just good security practice.

I hope this clears up any confusion from all parties.

Rgds

KGudge
CNA, CNE, MCNE, MCP, MCSE, CCNA, Comptia A+ and Security+, CISSP.

Hi Kgudge,

Re-reading your post. An important point in a security scenario is, a layered approach, that includes several security apps. Everyone should be running more than just a AV & FW. Several more layers are required. Also one of those layers should be a backup system.

I'm surprized that you have not said anything, to this community about running browser + email, via 'Drop My Rights' kind of a middle of the road, approach, for admin rights folks, so as to move on, without offending users too much.

Take Care
Rico