Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Do we actually need so many security programs?
Message
<blockquote data-quote="Andy Ful" data-source="post: 774331" data-attributes="member: 32260"><p>I have just tested another possibility. The user can create the special, restricted SUA account for MS Office only:</p><ol> <li data-xf-list-type="ol">MS Office on SUA.</li> <li data-xf-list-type="ol"><span style="color: rgb(184, 49, 47)"><strong>Local SRP high restrictions.</strong></span></li> </ol><p>SRP can apply high restrictions similar to Hard_Configurator max restrictions with blocked sponsors, <strong>but only on that special account</strong>. Other accounts will not be restricted by SRP at all. The local restrictions are applied via local policies, so the malware ran as standard user cannot change them. The SUA accounts can be also forced to not elevate processes, so any <strong>malware (also digitally signed) cannot elevate</strong> on such restricted SUA. </p><p>I could make such restricted account in 5 minutes by transferring the registry keys from HKLM Hive (made by H_C) to HKU Hive created by SUA.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 774331, member: 32260"] I have just tested another possibility. The user can create the special, restricted SUA account for MS Office only: [LIST=1] [*]MS Office on SUA. [*][COLOR=rgb(184, 49, 47)][B]Local SRP high restrictions.[/B][/COLOR] [/LIST] SRP can apply high restrictions similar to Hard_Configurator max restrictions with blocked sponsors, [B]but only on that special account[/B]. Other accounts will not be restricted by SRP at all. The local restrictions are applied via local policies, so the malware ran as standard user cannot change them. The SUA accounts can be also forced to not elevate processes, so any [B]malware (also digitally signed) cannot elevate[/B] on such restricted SUA. I could make such restricted account in 5 minutes by transferring the registry keys from HKLM Hive (made by H_C) to HKU Hive created by SUA. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
