Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Kaspersky Internet Security 2017 vs Cerber Ransomware 4.1.1
Message
<blockquote data-quote="Wave" data-source="post: 560139"><p>Sorry if this is a bit off-topic, I am not trying to hijack the thread!</p><p></p><p></p><p>I'm glad you and [USER=2291]@BoraMurdar[/USER] mentioned administrator privileges (elevated process), and I would like to add as an addition to my previous post the following:</p><p></p><p>If you allow a program to run with administrator privileges without trusting it and knowing for certain it does not have malicious intent, then it can be game over for you in a quick flash and you'll have no chance of staying protected. UAC is constantly abused by people who don't understand how it works and then they complain about Windows security because they allowed an unknown download to run with admin privileges... It's really ridiculous, if only people could take the time to research a bit about how it works, it'd only take a few minutes of their life and would save them so much trouble in the future...</p><p></p><p>For example, if UAC is enabled: programs won't be able to create/delete Windows services/load device drivers, programs won't be able to inject into system processes on previous OS versions like Windows 7 (so before Windows 8/10 introduced additional default protection mechanisms for system processes) like csrss.exe, programs won't be able to communicate with the Windows Task Scheduler to create a task for a program to auto-start at boot with admin privileges whilst bypassing the UAC dialog,... Unless it's elevated!</p><p></p><p>Of course this does not mean that malware which can infect you without administrator privileges is in-existent because this is neither the case, however the malware which will do the most harm will typically and usually require administrator privileges. For example, a kernel-mode rootkit will need kernel-mode code execution (e.g. device driver) and for this to be loaded it'll require the SeLoadDriver privilege acquired from being ran with administrator privileges, but without this privilege it will fail to load the device driver (e.g. via the Service Manager), and Access Denied would be returned by Windows by default. Whereas, a keylogger may be able to hook the keyboard without needing administrator privileges (via abuse of genuine Win32 functions which weren't designed for malware authors in mind).</p><p></p><p>I don't want to cause further distraction and therefore I'll end this post reply here since this thread isn't focusing on UAC specifically, I'll make a thread instead. Sorry if I disturbed anyone, it wasn't meant to hijack the thread! <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite115" alt=":p" title="Stick out tongue :p" loading="lazy" data-shortname=":p" /></p><p></p><p>Stay Safe,</p><p>Wave. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /></p></blockquote><p></p>
[QUOTE="Wave, post: 560139"] Sorry if this is a bit off-topic, I am not trying to hijack the thread! I'm glad you and [USER=2291]@BoraMurdar[/USER] mentioned administrator privileges (elevated process), and I would like to add as an addition to my previous post the following: If you allow a program to run with administrator privileges without trusting it and knowing for certain it does not have malicious intent, then it can be game over for you in a quick flash and you'll have no chance of staying protected. UAC is constantly abused by people who don't understand how it works and then they complain about Windows security because they allowed an unknown download to run with admin privileges... It's really ridiculous, if only people could take the time to research a bit about how it works, it'd only take a few minutes of their life and would save them so much trouble in the future... For example, if UAC is enabled: programs won't be able to create/delete Windows services/load device drivers, programs won't be able to inject into system processes on previous OS versions like Windows 7 (so before Windows 8/10 introduced additional default protection mechanisms for system processes) like csrss.exe, programs won't be able to communicate with the Windows Task Scheduler to create a task for a program to auto-start at boot with admin privileges whilst bypassing the UAC dialog,... Unless it's elevated! Of course this does not mean that malware which can infect you without administrator privileges is in-existent because this is neither the case, however the malware which will do the most harm will typically and usually require administrator privileges. For example, a kernel-mode rootkit will need kernel-mode code execution (e.g. device driver) and for this to be loaded it'll require the SeLoadDriver privilege acquired from being ran with administrator privileges, but without this privilege it will fail to load the device driver (e.g. via the Service Manager), and Access Denied would be returned by Windows by default. Whereas, a keylogger may be able to hook the keyboard without needing administrator privileges (via abuse of genuine Win32 functions which weren't designed for malware authors in mind). I don't want to cause further distraction and therefore I'll end this post reply here since this thread isn't focusing on UAC specifically, I'll make a thread instead. Sorry if I disturbed anyone, it wasn't meant to hijack the thread! :P Stay Safe, Wave. ;) [/QUOTE]
Insert quotes…
Verification
Post reply
Top