tag:blogger.com,1999:blog-35005627.post556906389014239763..comments2023-09-01T13:15:10.510+03:00Comments on hype-free: What can a malicious program do under a limited account with Windows 7?Cd-MaNhttp://www.blogger.com/profile/05030326541176171725noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-35005627.post-57440184965532759652010-04-09T16:02:44.014+03:002010-04-09T16:02:44.014+03:00@Zuk: I don't recall exactly what method I'...@Zuk: I don't recall exactly what method I've used, but there are plenty of methods a non-privileged user can register a program to start-up (for the given user, not system-wide of course). For example the startup folder.<br /><br />The confirmation dialog popped up because the file was downloaded from the internet and IE (and newer versions of FF on Windows) mark these files as "less trustworthy". Probably a "professional" malware developer would add the finishing touch by ensuring that the malware removes the marking from itself (it is stored in a NTFS ADS - Alternative Data Stream - and is relatively simple to remove, once one knows what to look for).Cd-MaNhttps://www.blogger.com/profile/05030326541176171725noreply@blogger.comtag:blogger.com,1999:blog-35005627.post-70850516070084798412010-02-17T02:51:43.927+02:002010-02-17T02:51:43.927+02:00Nice post!
Well.. The interesting part is the re...Nice post!<br /><br /><br />Well.. The interesting part is the registering himself as running automatically.<br />It's known that a user-separation isn't that good except that malware can steal files from same session at one login. but if it's a trojan that plans on keep being in the computer the start-up ways of registration is the most difficult work for the malware writer.<br />can you explain how did you register yourself as start-up executable and why did that window popped up? <br />some technical details will be awesome.Zukhttps://www.blogger.com/profile/05696533480735906317noreply@blogger.comtag:blogger.com,1999:blog-35005627.post-25773189538949982122009-07-10T15:27:51.384+03:002009-07-10T15:27:51.384+03:00Good article again =)
Limited user accounts don&#...Good article again =)<br /><br />Limited user accounts don't really do anything except protect the system from infection. They don't protect the user profile, as your test shows. To protect the user profile, too, execution of malicious code should be stopped. Easier said than done (!) but things like software restriction policies can help there, even with their own weaknesses. Nothing helps against social engineering though, at least not on the software side. If people want to see dancing pigs, they're going to see them, security be damned. ;) <br /><br />Your article made me think of something else, too. Now that Windows is pushing for more restricted user accounts instead of the default admin accounts of Win 2k and XP, malware will have to adapt and black hats will code malware that works well with restricted rights. I wonder if that will also lead to more malware being made for other systems such as OS X or Linux, which both default to restricted user rights? I think that it might, since if the malware coders have to make limited user aware malware for Windows there's really no reason why they couldn't start making the same kind of malware for Linux and OS X, too. The differences between those systems and Windows, when not running as admin or root, aren't that large.Anonymousnoreply@blogger.com