Active Forum Topics | Getting Started | Interviews | EMR Forum | Medical | Billings | Press & News | Voice Recognition | The Water Cooler

emrupdate.com
Unbiased independent EMR discussions
Doctors Lounge » Browsing the Web and Reading E-mail Safely as an Administrator

Browsing the Web and Reading E-mail Safely as an Administrator

Doctors Lounge

Syndication

Recent Posts

Tags

View more

News

  • Welcome to your Doctors Lounge. Here we hold our collection of excellent posts and EMR resources for you to browse, reference and share. These posts and articles are drawn from across our different forums where we collect the excellent and important ones for future reference. This Blog is also available as an RSS feed from the RSS logo on this page. Please pass on our web address to other Doctors that you know who are researching EMR applications.

Archives

Loading

Originally posted by DSeiNeuro

Original Post: here
Source: Microsoft MSDN Site

Michael Howard
Microsoft Security Engineering

November 15, 2004

Summary: Michael Howard discusses how you can run as an administrator and access Internet data safely by dropping unnecessary administrative privileges when using any tool to access the Internet. (10 printed pages)

Download the DropMyRights.msi file.

I've said this many times, but I'll say it again, "Running with an administrative account is dangerous to the health of your computer and your data." So, whenever someone says they must operate their computers as administrators, I always try to persuade them it's not the correct thing to do from a security perspective. That said, every once in a while I meet someone who has a valid reason. For example, I use one of the computers in my office to install the latest daily build of Windows, and I need to be an administrator to install the OS. However, and this is a big point, I do not read e-mail, browse the Web, or access the Internet in any form when running as an administrator on that machine. And I do not do so because the Web is the source of most of the nasty attacks today.

What if someone does want to browse the Web? Or read e-mail? Or do Instant Messaging and so on, and for some reason must run in an administrative context? If you look at the major threats to computers, they are from user interaction with the Web through tools like browsers and e-mail clients. Sure, there are non-user interaction attacks, such as Blaster (http://www.cert.org/advisories/CA-2003-20.html) and Lion (http://www.sans.org/y2k/lion.htm), but that's in part why we turned on the firewall in Windows XP SP2!

Note   For Best practices on running as a non-admin, I urge you to look over Aaron Margosis' blog to glean tips on running as a non-admin in Windows.

An Example of Why Running as an Admin Is Bad

Some nasty malware works only because the user browsing the Web is an administrator. A good example is a recent variation of the Bagle/Beagle worm named W32.Beagle.AV@mm. I would recommend you read up on what the worm does once it is invited onto a computer system. Symantec has a good write-up at http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.av@mm.html. I say invited because the malware is not taking advantage of a coding or design defect. It is using simple human error to execute.

Amongst the many things this malware does, all of which require admin rights, are:

  • Creating files in the system32 directory.
  • Terminating various processes.
  • Disabling the Windows Firewall.
  • Downloading and writing files to the system32 directory.
  • Deletes registry values in HKLM.

All these fail if the user running the e-mail client is not an administrator.

So wouldn't it be useful (read: safer) if you could browse the Web, read e-mail, and so on as a non-admin, even though you need to perform your normal daily tasks as an admin? Luckily, Windows XP and Windows Server 2003 and later support this capability using restricted tokens.

Further Detail

Windows XP and Windows Server 2003 and later support functionality called Software Restriction Policy, also known as SAFER, which allows a user or software developer to run code at a lower privilege without having the user enter credential information when the application starts. For example, an administrator could run an application as a normal user by stripping out certain SIDs and privileges from the application's token as the application is launched. Some applications, most notably Internet-facing applications, such as a Web browser, instant messaging, or e-mail client, should never be run under an administrative context.

The DropMyRights Application

DropMyRights is a very simple application to help users who must run as an administrator run applications in a much-safer context—that of a non-administrator. It does this by taking the current user's token, removing various privileges and SIDs from the token, and then using that token to start another process, such as Internet Explorer or Outlook. This tool works just as well with Mozilla's Firefox, Eudora, or Lotus Notes e-mail.

Posted Jul 20 2006, 10:13 AM by John Doe
Filed under:
 
©2008 emrupdate.com. All rights reserved. | Acceptable Use Policy | Proud to be supported by the following EMR Vendor Sponsors:

eClinicalWorks | DescriptMED |  EMR Experts |  Medical Office Online | NextGen | SynapseDirect | TSI Healthcare
Getting Started |  Forums |  Medical |  Blogs |  Interviews |  Unique Visits ISP Providers  | Timezones | Contact Sales