Oh boy! Just got my new system, booted it up and away I go. Everything is so fast and I just love it. A few weeks of Internet usage later and all of a sudden, all heck breaks loose! Browser is getting hijacked and redirected and things are so not so swell after all. What happened? I kept up-to-date with Windows Security Updates and my firewall is running. How could this happen to me?

The short answer is you were careless and ran your system everyday using the account with admin privileges . It’s really not your fault as the system was shipped to you that way and no one cared enough to tell you otherwise. Some systems come from the OEM configured to run under the user-id Owner and others use the default Administrator. You should have been running under a Limited User Account(LUA).

What is an LUA account?(Limited User Account). It’s just another login without admin privileges. This forces all programs running under this account to be able to only alter files you create. There are several user-ids used to operate the system – try this:

• · <shift><alt><del> (all three at the same time) to run the Task Manager
  · click on the Process Tab
  · and then click on the column heading User Name

At a minimum you will see names like SYSTEM, Local Service, Network Service and --- the other one is your login-id. If it is shown as Administrator or Owner – oops, you’re exposed!

So what? These accounts have admin privileges, which then allows any program to do whatever it likes, such as rewriting the boot.ini file (your system will BSOD if this occurs), replace the Taskmgr.exe (so you can’t find the Trojan) and then start to send your private data anywhere it desires. Running day-in and day-out under an admin account is begging for security and identity theft problems.
[digg=http://www.tech-101.com/system-security/topic48.html][/digg]
The solution is to run the majority of the time using an LUA account. The drawback to LUA is that some applications were not written for this scenario and require users to have full access permissions to the entire computer (a sure sign of poor program design).

(see LUA Compatibility KB307091). Some notable programs that have problems are:
Paint Shop Pro 7.0, Quicken 2001 Suite, Microsoft Money 200x and MSN Messenger Service (now that’s funny!), and VMware – you need to evaluate the list for yourself.

Go back to the section Security 101-1b. Local Login Security
right now and create a new ADMIN account (if you have not already done so). Login to that account and do two things to it:

• 1- change the name of your original account
  2- change the type of account to Limited User

Your original account password will not have changed so you’ll be able to login and access all your exist files.
Here’s how this protects you:

• · Programs you run will not be able to write or modify anything in the \Windows or \Program Files directories
  · Any Trojan that bites you via email or your browser will not be able to do so either! J

The impact to you will be the need to install programs using the Admin account as well as to run Windows Updates from there too. There’s a simple means to run a program as an Admin without logout-login:

• · On any shortcut, right-click->run as …
  · Pick the Admin user id and enter the correct password

Running IE to access Windows Updates using the run as … does not work however – oh it runs – up to the point of storing files and then it dies

The Vista info is here
and here

[update]

February 3, 2009 (Computerworld) Nine of out 10 critical bugs reported by Microsoft Corp. last year could have been made moot, or at least made less dangerous, if people ran Windows without administrative rights, a developer of enterprise rights management software claimed today.

BeyondTrust Corp., which touts its Privilege Manager as a way for companies to lock down PCs, tallied the individual vulnerabilities that Microsoft disclosed in 2008, then examined each accompanying security bulletin. If the bulletin's "Mitigating Factors" section, the part that spells out how to lessen the risk of attack or eliminate it entirely, said that users with fewer rights "could be less impacted than users who operate with administrative rights," BeyondTrust counted the bug.

For details, see the link above
[/update]



Security 101 table of contents
next ->2b. NTFS
contributed by jobeard
[last edit] Feb 4, 2009[/edit]

__________________
J. O. Beard; you + tech-101.com => synergism. Secure your system now

Thanks to rev olie and jobeard!
I will look into the service pack issue and the LUA another time.
For now, i wanted to clean and improve performance of this lappy
before i head off to West Africa for a project.
Thanks again!

Steve