Welcome to the APBWeb.
Results 1 to 3 of 3
  1. #1
    Odd's Avatar
    Odd
    Odd is offline Cosmonaut Trainer
    Supporting Member Lvl 3
    Join Date
    10-08-08
    Posts
    2,056
    Rep Power
    2508664

    Drop My Rights! (Windows XP)

    Term's FireFox speed tips inspired me to share a tip as well. It's a simple, free and effective little security utility called "DropMyRights". It's for XP so if you're running Vista shoo, nothing to see here.

    What does it do?
    It reduces the rights level on an individual program, like the web browser, independent of the user's account level. Many people run Windows under an administrator level account. This simplifies life, but also makes it easier for malware to get its hooks in. Having dealt with some on a family member's computer recently I can tell you it's not so easy to get rid of anymore. And no, until last month she'd never gotten any sort of malware either.

    Why do I want it?
    It's another layer of protection, in this case one that doesn't slow your computer while taking up system resources. Also, it does not modify your browser in any way. If you do need administrator access it's still available without changing accounts.

    Why should I trust a program based on what a guy with a frog avatar says?
    You shouldn't. Here are a few detailed articles on it by more reputable sources.
    Michael Horowitz at CNet
    Michael Howard, Microsoft Security Engineering
    Brian Krebs at the Washington Post
    Mark Squire at SecurityFocus

    Where do I get it?
    The download link is near the top of Michael Howard's article.

    How do I use it?
    Download the dropmyrights.msi file and install it. The default install path is C:\Documents and Settings\accountname\My Documents\MSDN\DropMyRights. During install change that to a shorter location like C:\DMR. Alternatively, install it at the default and copy the single dropmyrights.exe to somewhere more convenient afterward.

    Now simply go to the Internet Explorer (or Firefox, etc) icon you regularly use to launch the browser. Right click and select Properties. Select the Target field. Add text to change it from "C:\Program Files\Internet Explorer\iexplore.exe" to C:\DMR\DropMyRights.exe "C:\Program Files\Internet Explorer\iexplore.exe" (using the shorter directory you chose) The IE icon will change, so click on Change Icon on that same Properties window, browse to C:\Program Files\Internet Explorer, select the ixexplore.exe and it'll show the available icons, including the original. Set it, hit all the OKs.

    That's it.

    From now on when you launch IE via that icon's shortcut dropmyrights will lower IE's privileges before it starts. You'll notice it's working because there will be a split second flash of a DOS box at the launch. If you run into a site that requires administrative access, for example your bank may require a plug-in, simply launch IE from a shortcut without the dropmyrights addition. I have IE in my quicklinks so I added dropmyrights to that shortcut, but left the one in the programs list unchanged. You'll need to launch from the unchanged icon to apply updates to the program, but that's sort of the point: any malware you encounter won't be able to make changes either.

    You can use dropmyrights for most any program. Use the same procedure to secure your other internet facing programs like email, IMs and Windows Media Player. Running as a limited user is better security, but if you run as an administrator this gives you some of that protection.

  2. #2
    countybear's Avatar
    countybear is offline BDRT - Baby Daddy Removal Team
    Verified LEO
    Super Moderator
    Join Date
    01-18-07
    Location
    Louisiana
    Posts
    6,512
    Rep Power
    4611628
    Disclaimer:

    This topic and its content is the suggestion of a software program change that is not in anyway supported, endorsed, nor suggested by OfficerResource.com, its co-owners or site staff. We have not researched nor tested it, and no assumption of its effectiveness or safety is implied by us.

    It is offered by the user 'Odd' only, and in his opinion, will serve to perform the function designed.

    Please continue.

    "The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money."
    - Alexis de Tocqueville, Democracy in America

    Tell me not, Sweet, I am unkind,
    That from the nunnery
    Of thy chaste breast and quiet mind
    To war and arms I fly.
    - Lovelace

    The opinions expressed by this poster are wholly his own, and should never be construed to even remotely be in representation of his employer, its agencies or assigns. In fact, they probably fail to be in alignment with the opinions of any rational human being.

  3. #3
    TXCharlie's Avatar
    TXCharlie is offline Former & Future Reserve Officer
    Join Date
    12-29-05
    Location
    Dallas Area
    Posts
    5,528
    Rep Power
    3224965
    In general, I agree it's best to just operate on a User-level account, and only sign into the Administrator account when software needs to be installed, or Windows settings need to be changed. Some IT organizations even disable network & internet support altogether under the Administrator account so it doesn't serve as a portal for a virus, as you say.

    But I'm lazy too, so my userID is always a Local Administrator - It's a pain in the ass to log into Administrator everytime I need to kill a task, change a setting, or install something. Besides if my computer at work gets infected, I get new versions of software and sometimes even a new PC, along with two days of mindlessly feeding the CD drive re-installing Windows, Office, Visual Studio, SQL Server, and all the other crap I use - Then two more days of mindless Microsoft Update installations.

    If I stretch it out, that equals a whole week of watching the hourglass in one window, and surfing the net in another window

    (\__/)
    (='.'=) This is Bunny. Copy and paste Bunny into your
    (")_(") signature to help him gain world domination.

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •