What is Digg?44 Comments
- gwjc, on 10/12/2007, -9/+42Nah, Thanks but I'd rather read the interesting article about a trojan using MS's own EFS to it's advantage and bury this lame ass, libelous comment.
- santu, on 10/12/2007, -3/+23If you're running windows as a non-privileged user, you're likely not to be vulnerable to 90% of usual threats unless another flaw allows privilege escalation.
However, most people are local administrators on their workstation because it's much less painful this way and some software requires high-level rights to work properly.
It's sad, but it's the way the windows world goes for ages. - gnarfel, on 10/12/2007, -0/+16"Make me a sandwich."
"What? No!"
"sudo Make me a sandwich."
"Okay."
Point being, people are stupid. Most systems are unprotected. You cant mold the masses to the software, you mold the software to the masses. - jrbrewin, on 10/12/2007, -5/+19you're glad you're on a mac... because you don't get security patches?... uhm... why do i keep getting apple update bouncing in my dock then?
- chris9902, on 10/12/2007, -1/+13you can't buy common sense in a box that's why most people don't have it.
- redxii, on 10/12/2007, -4/+15"Recently a trojan was seen to take advantage of EFS to protect itself and execute with administrative privileges. The trojan creates an administrator login account with a random name and random password."
Oh yeah? What if I'm not running with administrator privileges? How's it going to create another administrator login then? Or a service? And why would there be a patch for it? This is just another example of using a legitimate function for malicious purposes, and in the case of Windows the right environment with default administrator privileges. To get rid of all viruses is to get rid of the whole OS API, for there is no magic bytes that distinguish say Mozilla's firefox.exe from a malicious exe. - paulmdx, on 10/12/2007, -0/+8Please do explain why cmd.exe is where "this crap comes from".
- jcaino, on 10/12/2007, -1/+9Well, that's great for you guys - but what about all the people out there that run on admin accounts because that's the way they were shipped from dell, hp, your favorite b & m store or otherwise.
You're probably also smart enough to be running up to date virus protection and not click on any old link that comes flying into your email.
The vast majority of people running Windows are likely to be subject to this exploit. - jrbrewin, on 10/12/2007, -0/+8home edition doesn't support EFS anyway.. so. that's nice. :)
on pro of course, the other option is to just delete, disable, or change the password on the randomly named administrative user and this will prevent access to the encyrpted malware. - jjmcwill, on 10/12/2007, -0/+7"Speaking of using a laptop with limited privilege, how do you change your network settings when you move your laptop from a network location to another? Esp. the Run As is not in the context menu of Network Connections."
See http://support.microsoft.com/Default.aspx?kbid=313808
You can create a shortcut to any of the Control Panel applets and should then be able to change the "Run As" setting to run them as Administrator. For Network Settings, it's ncpa.cpl - inactive, on 10/12/2007, -0/+6@cheungpat
Make a short cut to RunAs and have it launch "control"
Though it would be a whole lot nicer if it followed something like KDE does in its Control Panel--where the admin required stuff was highlighted in a red box (but you can still see your settings) and all you had to do was click Auth or something....
Maybe Vista will fix this? - lolage, on 10/12/2007, -3/+9Indeed. I've been running as limited from day one on my laptop, theres really just no need to sit and run as admin all the damn time; it really irks me to see people slamming windows with some run of the mill 'exploit' that could have been avoided if some common sense were applied.
- cheungpat, on 10/12/2007, -4/+9"Indeed. I've been running as limited from day one on my laptop, theres really just no need to sit and run as admin all the damn time; it really irks me to see people slamming windows with some run of the mill 'exploit' that could have been avoided if some common sense were applied."
Speaking of using a laptop with limited privilege, how do you change your network settings when you move your laptop from a network location to another? Esp. the Run As is not in the context menu of Network Connections.
And there are just so much programs that write to the Program Files folder which is by default not writable by a limited user. (I just installed one that does just the same.)
I hope Windows Vista will do better about this, though I am not optimistic. I think if a normal user is prompted for asking whether he wants to allow a program to escalate privilege, he'll just press okay anyway. - fishsoda, on 10/12/2007, -0/+5http://xkcd.com/c149.html
This is where "make me a sandwich" came from. You can even order a t-shirt! - cheungpat, on 10/12/2007, -0/+4A malicious software doesn't need cmd.exe to execute anyway.
By the way, Windows XP has a runas command that allows limited user to escalate privilege to a different user (such as an Administrator). This works like su in UNIX. - jejones, on 10/12/2007, -1/+5Agreed...OTOH, a friend once had some trouble with having her modem recognized on a Windows box and posted to LJ about it. Among the other responses, I said in passing, "You _are_ running without administrator privileges aside from times that you absolutely need them, right?"
Whoa... the response was immediate, huffy, and totally ignorant of the Principle of Least Privilege. "_I_," she responded, "know what I'm doing!"
I think the Catholic church calls that "invincible ignorance" or something...
Then there's the proverbial grandmother--does she know not to run as administrator, or is she confused by all that bother of "run as" or logging in under a different name, and just doesn't bother? (Funny how Linux bashers claim Linux is too complicated, but when the topic of viruses/spyware/etc. come up, respond with a list of the precautions they (wisely) take, and add "only an idiot wouldn't do that!" Well, there must be a bunch of idiots out there among Windows users.) - KnightMareInc, on 10/12/2007, -2/+6you almost have to run as admin on xp
- aB0z, on 10/12/2007, -1/+4What's this? A digg story linking directly to *gasp* CONTENT?
Isn't that against the general convention of this site? You're supposed to link to an ad laden "blog", with no real content and only a poorly spelled summary of someone else's blog update.
Anyways, In regards to the story:
Running as a limited user might help, but you will have limited capabilities, and therefore is not practical for most users.
The single biggest problem is the activeX controls that people seem to install without trepidation.
Don't click on shady ads, don't dowload random software from questionable websites, and run a (somewhat) secure browser alongside a decent (not Norton/McAfee etc) firewall+antivirus package.
The real problem here is the nut between the keyboard and the chair. - dacheetah, on 10/12/2007, -2/+5"sudo Make me a sandwich."
lmfao.
That line made my day...
Hands up if you would make "root" a sandwich. - nmaster64, on 10/12/2007, -1/+3Fear the unhackable condoms!
- Lazybones, on 10/12/2007, -0/+2I nearly always have to use CMD when troubleshooting with a user.
I wonder how Linux users would feel if you disabled the command line shell. - inactive, on 10/12/2007, -4/+6There's a user on my computer named p9s50W5k4GUD2c6. I think I'm infected!
- jcaino, on 10/12/2007, -1/+3obviously, you aren't one of the many, many customers that has ever called tech support.
I assure you - cmd.exe is used - t3hX, on 10/12/2007, -8/+9I think he's kinda more saying that Mac OS wouldn't have a big hole in it, and he more looks forward to not having to fix this.
- inactive, on 10/12/2007, -0/+1@cheungpat (stupid comment edit >_< timed out on me; and now placed it at the wrong reply... (look way up))
Make a short cut to RunAs and have it launch "control" (this will launch the entire thing (Control Panel) unlike the above which would just launch a certain applet)
Though it would be a whole lot nicer if it followed something like KDE does in its Control Panel--where the admin required stuff was highlighted in a red box (but you can still see your settings) and all you had to do was click Auth or something....
Maybe Vista will fix this? - jcate, on 10/12/2007, -0/+1here is the link that came out a few weeks ago...
http://www.projectstreamer.com/users/r0t0r00t3r/xp_priv_esc-1/xp_priv_esc.html - Stan57, on 10/12/2007, -0/+1The guy says to avoid the virus to make sure to have unsigned Active-X Disabled. On my windows it came disabled by default. Even if i lowered it to medium security its still disabled. So why is this an issue. I am no super geek,what am i missing here??
- d7415, on 10/12/2007, -0/+1I ran as a limited account on XP Pro for 3 weeks. I probably tinker more than most, but several programs (HW monitors) wouldnt run without runas - one wouldnt install without runas. That's just 3rd party, without all the other stuff. It would probably have been bearable after some getting used to, but in the end I just gave in and set it back :P. I rarely (luckily) have any malware problems - virus scanner's kept up to date, software firewall, router, etc. plus backups to some degree or another. It's just not worth the hassle for me. YMMV.
- Kirsha, on 10/12/2007, -2/+3Who cares, honestly. Its a TROJAN. If you run the damn thing by opening some dumb unknown file, you deserve to be ***** over.
- nullmind, on 10/12/2007, -1/+1I honestly could give less of a ***** about who posted this story, because I find it interesting. If I don't find it interesting, I just request a bury or don't digg it, and move on with my pathetic internet life... What is so difficult about that?
- fishsoda, on 10/12/2007, -9/+9How is he cheating the system? It seems I may be missing some comments here.
- bemenaker, on 10/12/2007, -1/+1So if you go and change the password on this random account, you can then access all the files it creates. Hell, you can take ownership of them and still delete them if they are encrypted. You won't access them, but if you are deleting them you don't need too. I see the reasoning for this, it does help the trojan stay longer, but it's not a fool-proof protection by any means.
- redxii, on 10/12/2007, -1/+1@ jcate
I also commented on the digg with that video. You need administrator privileges to do what was demonstrated. Try it yourself with a limited account and the guest account. - jeet404, on 10/12/2007, -1/+1I can just imagine reading "now comes with Administrator privileges!"
- UtterNoncesense, on 10/12/2007, -1/+1http://cryptovirology.com/ is another resource about these types of occurances.
- MrViklund, on 10/12/2007, -3/+1Interesting. Very interesting.
- fraggle35, on 10/12/2007, -3/+1How many virus's and trojan's would there be if Symantec and mcafee and all the others didn't make so much money from them?, If they didn't report on them no would no about them, I think they either write most of them or make them up.
- BuddhaChu, on 10/12/2007, -6/+1suexec cmd.exe ? :)
- chris9902, on 10/12/2007, -8/+2you know what would help, if by default things like cmd.exe and Cipher.exe where turned off for home users. They don't use them or even know what there do but it's where 99% of this crap comes from.
- techaddress, on 10/12/2007, -7/+1Is the new Browzar app Adware? Find out: http://techaddress.wordpress.com/2006/09/02/is-browzar-adware/
- gypsi, on 10/12/2007, -22/+5P9 will be back.
This type always comes back. - sophiaperennis, on 10/12/2007, -37/+12I can already foresee an EFS patch for the upcoming and always delightful event named Windows Patch Tuesday. So glad I am on a Mac.
- josepuerto, on 10/12/2007, -28/+0fruit rollups
- Cannon13, on 10/12/2007, -86/+9Burried as lame because you're cheating the system and deserve to be banned. Everyone else should bury this as well.
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is