gawguy Posted September 17, 2010 Report Share Posted September 17, 2010 This came up in my other topic recently and I just came across this article, which has more info than you might ever want to know about the Why's, What's and How's of this subject. It is a white paper from the University of Michigan, Information Technology Security Services. Link Crux of the matter: "The reason you need to quit running as admin is because the hackers are counting on it! When you are running as admin, any piece of code that you launch can: • Install kernelâ€Âmode rootkits and/or keyloggers (which can be close to impossible to detect) • Install, start and stop services (e.g. stop the Windows Firewall) • Disable/uninstall antiâ€Âvirus software • Install ActiveX controls, including IE and shell addâ€Âins (common with spyware and adware) • Copy files into Windows directories • Edit systemâ€Âwide registry values • Access data belonging to other users • Cause code to run whenever anybody else logs on • Replace OS and other program files with trojan horses • Access LSA Secrets which may include domain account information • Modify other local accounts and passwords • Modify configuration files (such as the HOSTS file for web redirection) • Cover its tracks in the event log • Etc. None of these realâ€Âworld malware activities are possible when you are running as a normal (nonadmin)user." After this the article goes on for about another 20 pages. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.