J
John Brock
What bad things can happen to me while using a plain vanilla
"Limited" Windows XP user account? In the most extreme case,
suppose I am totally reckless, and I visit every questionable web
site I can find, and click on every questionable attachment that
comes my way. In theory it would still seem that nothing really
bad can happen, other than having files owned by that account spied
on and/or altered. In fact it seems reasonable to expect that any
malware I ran into would -- on finding itself in an unexpected
non-Administrator environment -- simply fail, so even that sort of
compromise wouldn't be too likely. But I am just speculating, and
I'd rather know the facts. So what are the risks?
One thing I have heard is that IE, being fused to the kernel, always
runs with full privileges, and is thus always a security risk, even
in a Limited account. However I always use Mozilla, which I would
think would take care of that problem. Or does it? Is there maybe
some way a malicious web page could get to IE through Mozilla?
And what about Outlook? Does it have the same problem as IE? I
don't use Outlook either, but I an just trying to understand the
issues. In general I am interested in both likely and worst case
scenarios. Any thoughts?
"Limited" Windows XP user account? In the most extreme case,
suppose I am totally reckless, and I visit every questionable web
site I can find, and click on every questionable attachment that
comes my way. In theory it would still seem that nothing really
bad can happen, other than having files owned by that account spied
on and/or altered. In fact it seems reasonable to expect that any
malware I ran into would -- on finding itself in an unexpected
non-Administrator environment -- simply fail, so even that sort of
compromise wouldn't be too likely. But I am just speculating, and
I'd rather know the facts. So what are the risks?
One thing I have heard is that IE, being fused to the kernel, always
runs with full privileges, and is thus always a security risk, even
in a Limited account. However I always use Mozilla, which I would
think would take care of that problem. Or does it? Is there maybe
some way a malicious web page could get to IE through Mozilla?
And what about Outlook? Does it have the same problem as IE? I
don't use Outlook either, but I an just trying to understand the
issues. In general I am interested in both likely and worst case
scenarios. Any thoughts?