Help Reduce Your Risk of Malware / Virus Infection Options

[ThGreenMoFo]

Reducing privileges on a per application basis

DropMyRights.exe (DMR) is an executable developed by Michael Howard of Microsoft Security Engineering. This program was released on 15 November 2004 in the Microsoft Developer Network (MSDN) and is available as a Microsoft Installer (.msi) package from http://msdn.microsoft.com/library/default....ure11152004.asp. DMR functions to constrain the privileges of any secondary program it is linked to. For instance, linking DMR to Internet Explorer can lower Internet Explorer's system privileges from administrative to constrained.

If you are like most computer users, especially those running the Microsoft Windows XP Home/Professional Operating Systems, the user account you are logged into most likely has total access to (almost) any file on your computer. Subsequently, any application that you open during this session will have the same level of access. Given the current security nightmare that the Internet poses to even the average user, giving any Internet-facing application unrestricted system access can be catastrophic.

According to tests run by SecurityFocus, DMR use dropped the chance of virus infection to zero percent. It should be noted that the chances of downloading a virus can never be reduced to zero however that discussion is out of the scope of this document. An in depth look at why you should not work in an administrative account can be found at http://blogs.msdn.com/aaron_margosis/archi.../17/157962.aspx. To install DMR, complete the following steps:

1. Download DropMyRights.msi from http://msdn.microsoft.com/library/default....ure11152004.asp.
2. Create a new folder on your primary drive in the root directory. For instance, if you main drive were labeled 'C:\', create a folder entitled 'C:\DropMyRights\'.
3. Install DropMyRights by double-clicking the DropMyRights.msi file that was downloaded in step one. After you have completed the installation a new window should open and display to you a list of files including one named 'DropMyRights.exe'.
4. Move the contents of the window in step three to the folder created in step two.
5. Right-click on the desktop and click New -> Shortcut.
6. In the dialog box labeled 'Type the location of the item:' enter 'C:\DropMyRights\DropMyRights.exe "C:\Program Files\Internet Explorer\iexplore.exe" C'.
7. Click Next and in the dialog box labeled 'Type a name for this shortcut:' enter 'Internet Explorer (non-admin)' and click Finish.
8. Next, right-click on the newly created shortcut, change the 'Run:' drop down box to 'Minimized', and click OK.

To ensure that you have successfully installed DMR and linked its execution to Internet Explorer, complete the following steps:

1A. Open Internet Explorer (non-admin) using the shortcut created in step seven above and navigate to http://www.pcpitstop.com/testax.asp. If you are not prompted to install an ActiveX script and do not see the current time and date displayed on the site, proceed to step 2A. If you are prompted to install an ActiveX script ensure that you have correctly completed steps one through eight.
2A. Navigate to http://www.popuptest.com/popuptest1.html. If you receive no popups then your installation was successful. Otherwise, ensure that you have correctly completed steps one through eight.

DMR can be linked to any program on your computer. You may want to consider linking it to any application that relies on a connection the internet to function (e.g. instant messaging clients etc.). Do not discontinue use of your antivirus and spyware software but rather use DMR in conjunction with your other tools. For further information on DropMyRights please see http://www.securityfocus.com/infocus/1848 or http://msdn.microsoft.com/library/default....ure11152004.asp

-If you have any questions feel free to contact me using the information provided in my profile.

[Gringo]

Reducing privileges on a per application basis

DropMyRights.exe (DMR) is an executable developed by Michael Howard of Microsoft Security Engineering. This program was released on 15 November 2004 in the Microsoft Developer Network (MSDN) and is available as a Microsoft Installer (.msi) package from http://msdn.microsoft.com/library/default....ure11152004.asp. DMR functions to constrain the privileges of any secondary program it is linked to. For instance, linking DMR to Internet Explorer can lower Internet Explorer's system privileges from administrative to constrained.

If you are like most computer users, especially those running the Microsoft Windows XP Home/Professional Operating Systems, the user account you are logged into most likely has total access to (almost) any file on your computer. Subsequently, any application that you open during this session will have the same level of access. Given the current security nightmare that the Internet poses to even the average user, giving any Internet-facing application unrestricted system access can be catastrophic.

According to tests run by SecurityFocus, DMR use dropped the chance of virus infection to zero percent. It should be noted that the chances of downloading a virus can never be reduced to zero however that discussion is out of the scope of this document. An in depth look at why you should not work in an administrative account can be found at http://blogs.msdn.com/aaron_margosis/archi.../17/157962.aspx. To install DMR, complete the following steps:

1. Download DropMyRights.msi from http://msdn.microsoft.com/library/default....ure11152004.asp.
2. Create a new folder on your primary drive in the root directory. For instance, if you main drive were labeled 'C:\', create a folder entitled 'C:\DropMyRights\'.
3. Install DropMyRights by double-clicking the DropMyRights.msi file that was downloaded in step one. After you have completed the installation a new window should open and display to you a list of files including one named 'DropMyRights.exe'.
4. Move the contents of the window in step three to the folder created in step two.
5. Right-click on the desktop and click New -> Shortcut.
6. In the dialog box labeled 'Type the location of the item:' enter 'C:\DropMyRights\DropMyRights.exe "C:\Program Files\Internet Explorer\iexplore.exe" C'.
7. Click Next and in the dialog box labeled 'Type a name for this shortcut:' enter 'Internet Explorer (non-admin)' and click Finish.
8. Next, right-click on the newly created shortcut, change the 'Run:' drop down box to 'Minimized', and click OK.

To ensure that you have successfully installed DMR and linked its execution to Internet Explorer, complete the following steps:

1A. Open Internet Explorer (non-admin) using the shortcut created in step seven above and navigate to http://www.pcpitstop.com/testax.asp. If you are not prompted to install an ActiveX script and do not see the current time and date displayed on the site, proceed to step 2A. If you are prompted to install an ActiveX script ensure that you have correctly completed steps one through eight.
2A. Navigate to http://www.popuptest.com/popuptest1.html. If you receive no popups then your installation was successful. Otherwise, ensure that you have correctly completed steps one through eight.

DMR can be linked to any program on your computer. You may want to consider linking it to any application that relies on a connection the internet to function (e.g. instant messaging clients etc.). Do not discontinue use of your antivirus and spyware software but rather use DMR in conjunction with your other tools. For further information on DropMyRights please see http://www.securityfocus.com/infocus/1848 or http://msdn.microsoft.com/library/default....ure11152004.asp

-If you have any questions feel free to contact me using the information provided in my profile.

Thanks for the info but I guess the best way to avoid those problems is to have an updated scanner. and always checks the incoming data that you will pass to your computer

[BruitlE09]

Removing the files is not going to help, if the cause isnt fighted. But, if it has wrong permissions change then chmod. If they have the wrong owner ask your host to remove them