secure way to run IE--- using Limited acct, or Runas' "Protect from unauthorized ..."

T

Tom H

I want to run IE as securely as possible, so I follow MS advice not to run
IE under admin account priviliges --- I use "Runas" to temporarily switch
accounts, and run IE as a user with limited priviliges.
However, bookmarks don't appear right away under the limited account, they
require a restart to even show up at all and if I want to use the new
bookmarks under other accounts I have to duplicate them manually, and that's
a hassle.
So, I was wondering about the other option that "Runas" provides, which is:
"Stay with the current account, and protect the system and data against
unauthorized program activity."
My question: Under XPHome, which is the most secure way to run IE?

-One --- using Runas' other option: "Current User --- Protect my computer
and data from unauthorized program activity"?

-Two --- under the limited account?

thx
 
M

Modem Ani

Hopefully I can clear up a little confusion here (using XP Home to
illustrate):

The permissions of the user account determine what can and cannot be done on
the system. If you are logged on as an Administrator and run IE as a Limited
User, any virus or spyware (for example) that you obtain through Internet
Explorer has Administrator privileges on the system. On the other hand, if
you are logged on as a Limited User, a virus or spyware can't do anything on
the system that a Limited User is not allowed to do.

Therefore, the conventional wisdom (and Microsoft's advice) is that you
should do your day to day computing as a Limited User, switching to your
Administrator account only when you need Administrator permissions on the
system. If your need for Administrator permissions is limited, you may find
it more convenient to use the "Run as" command. For example, you are a
Limited User and you wish to defragment your hard disk.

In practice, XP Home users frequently find the Limited User account too
restricted for their day-to-day computing. XP Pro has more for flexibility
to create user group permissions. Therefore, many XP Home users run as
Administrators pretty much all the time.

Whether you run as an Administrator or a Limited User (or even as a Guest),
you need to take exactly the same precautions.

Modem Ani
 
T

Tom H

Thanks, but what about runas' other option "Protect system and data from
unauthorized program activity", what does that do?
 
M

Modem Ani

The 'runas' feature allows both Limited Users and Administrators to test out
a suspicious program to determine if it causes any harm or makes the
computer act odd in any way while protecting the registry. Checking the box
next to 'Protect My Computer And Data From Unauthorized Program Activity'
will allow the program to execute, but will add the Restricted SID (security
identifier) token to the registry access which will limit the program to
read-only permissions and ensure that it does not alter the registry in any
way.

Running Internet Explorer under these restrictions does more than just
secure the registry. The program will be unable to access data or files in
the user's profile in any way, including the My Documents folder or even
Cookies and Temporary Internet Files and will have virtually no system-wide
access. This is great if you are unwittingly executing a virus-infected
program, but it also causes perfectly safe programs to be unable to run
properly. This is not how you want to use Internet Explorer on a day to day
basis.

Modem Ani
 
T

tom

Great, that explains a lot (I'm the OP). Not good for everyday use, but if
I was going to an untrusted website that I thought might be harboring
viruses, or that I thought had been hijacked, it might have some use in that
kind of situation. Yes, read only access to reg, that makes a lot of sense.
It explains a lot of the odd behaviour too. thx again ...,
 
M

Modem Ani

Glad I could help.

Modem Ani

tom said:
Great, that explains a lot (I'm the OP). Not good for everyday use, but if
I was going to an untrusted website that I thought might be harboring
viruses, or that I thought had been hijacked, it might have some use in that
kind of situation. Yes, read only access to reg, that makes a lot of sense.
It explains a lot of the odd behaviour too. thx again ...,
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IE problems with bookmarks when started with 'runas' 12
Install Adminpac and RUNAS 1
No "RunAs" option 1
using RunAs on a Sims game using CD to run app installed to hard d 3
Allowed home directories using runas command 3
how to run spysweeper in limited account? 2
Unable to access Explorer or folders using Runas 1
IE wont RUN 1

Top