Why are the good old security advices gone

J

Jesper Ravn

Hello

What happend to basic security advices. You nearly don't hear about them
anymore.
Im talking about Limited User Account (LUA) and Software Restriction Policy
(SRP).
Today its all about IE features + big security suites, comodo firewall and
fancy removal tools.
With LUA and SRP all your family desktop/laptops, will newer get infected.
Why has Microsoft and most of the Security MVP's given up on these security
principles.
They are not even listed here:
http://www.microsoft.com/protect/computer/default.mspx

Please also remember that UAC in Vista was not ment to be a security
boundary, from what I have read.
Any comments?.

/Jesper
 
F

FromTheRafters

Jesper Ravn said:
Hello

What happend to basic security advices. You nearly don't hear about
them anymore.
Click to expand...

I try to inject basic and/or general security measures into
conversations from time to time. This, of course, runs the risk of
annoying the people coming here for specific help. It is especially so
for those that proclaim proudly that they have UAC disabled and can't
figure out why something doesn't work as expected.
Im talking about Limited User Account (LUA) and Software Restriction
Policy
(SRP).
Today its all about IE features + big security suites, comodo
firewall and
fancy removal tools.
With LUA and SRP all your family desktop/laptops, will newer get
infected.
Click to expand...

Wrong, these measures are effective against trojans and other malware
that presents itself as a trojan. You can be "infected" by a "virus"
even with those measures in place. Worms also can circumvent any
barriers these measures provide. When it comes to a person making a
decision to run a trojan, LUA limits its scope and SRP has already
failed.
Why has Microsoft and most of the Security MVP's given up on these
security
principles.
Click to expand...

I can't speak for them, but it seems to me that they haven't.
They are not even listed here:
http://www.microsoft.com/protect/computer/default.mspx
Click to expand...

Probably there implicity, haven't read it yet myself.
They are mentioned elsewhere - Google results are numerous.
Please also remember that UAC in Vista was not ment to be a security
boundary, from what I have read.
Click to expand...

This is why the user should not run day to day as 'protected admin' but
as a limited user instead.
Any comments?.
Click to expand...

Sure. The fact that the default (protected) admin account actually has
the user running limited, makes people think it is okay to run in this
account for their day to day activities. It should be pointed out that
even in Vista you should create a standard user account for yourself and
everyone else that uses the computer. For the occasional administrative
task you can supply credentials at the consent prompt. If you are going
to do alot of admin stuff - use whatever admin account suits you.
 
J

Jesper Ravn

FromTheRafters said:
I try to inject basic and/or general security measures into conversations
from time to time. This, of course, runs the risk of annoying the people
coming here for specific help. It is especially so for those that proclaim
proudly that they have UAC disabled and can't figure out why something
doesn't work as expected.


Wrong, these measures are effective against trojans and other malware that
presents itself as a trojan. You can be "infected" by a "virus" even with
those measures in place. Worms also can circumvent any barriers these
measures provide. When it comes to a person making a decision to run a
trojan, LUA limits its scope and SRP has already failed.
Click to expand...

Thanks for you feedback.
Can you provide me with any link/information where malware can bypass LUA +
SRP.

/Jesper
 
J

Jesper Ravn

FromTheRafters said:
I try to inject basic and/or general security measures into conversations
from time to time. This, of course, runs the risk of annoying the people
coming here for specific help. It is especially so for those that proclaim
proudly that they have UAC disabled and can't figure out why something
doesn't work as expected.
Click to expand...

Ok, but please remember that UAC is not a security feature.
The real security (defense layer) is in LUA combined with SRP.

/Jesper
 
F

FromTheRafters

Jesper Ravn said:
Thanks for you feedback.
Can you provide me with any link/information where malware can bypass
LUA + SRP.
Click to expand...

No, I can't. But I'm sure an exploit based worm arriving as data
wouldn't be addressed by policy, and with only limited rights can still
propagate and/or activate a payload. Add to that any ability it may have
to escalate through that or another exploit. If one of the payload's
features is to virally infect - then you will have a virus too.

If all we had to deal with was simple trojans, things would be
different.
 
F

FromTheRafters

Jesper Ravn said:
Ok, but please remember that UAC is not a security feature.
Click to expand...

Right, it is an 'ease of use' feature to encourage users to take
advantage of the real security feature of the use of LUAs and the
principle of "least privilege".
The real security (defense layer) is in LUA combined with SRP.
Click to expand...

Absolutely!
 
Top