If you get really stinkin' rich don't forget me !
Do you use a Standard User Account (SUA)?
- Thread starter shmu26
- Start date
If you get really stinkin' rich don't forget me !
- Apr 28, 2017
- 326
Reasons I don't use Standard
*Computer used more resources versus just having an admin account.
*File storage was less complicated
*I'm pathological about ensuring my settings are at their desired level. Using a Standard account made this much more tedious
*Computer used more resources versus just having an admin account.
*File storage was less complicated
*I'm pathological about ensuring my settings are at their desired level. Using a Standard account made this much more tedious
Nope, read carefully my post earlier. (and also the articles/threads you are quoting)
Issue to you, so honestly, i don't care. Everybody here knows how i am from the start.
I was like that on MT far become being mod, while i am mod and far after i will not be mod. I dont care of others opinion on my character, i just care they got the right infos whatever it displease a member, a developer or even another mod.
I'm not here to sugarcoat my words to people for their ego's sake or sensitivity; it is a security forum, a place people comes for help and learn security. Computer security is important, we are not in facebook where we let people spread wrong/incorrect stuff. I'm straight towards people, even rude so what i say get right into their brain, far better than sugarcoated words; because people remember better when they get slapped.
If you don't like my way, just ignore me but you can be sure i won't ignore anyone incorrectness as far i can find it.
Last edited by a moderator:
Actually I re-read Part 2 and the author mocks Microsoft by mentioning that the CIA has more than likely long known about UAC's flaws. So maybe all the 3 and 4 letter security agencies of the world are already using it. So what if that is true ? It's not something that should knock your security socks off.
Yep, beginners/average security forums members get their paranoia levels skyrocketting after reading (and 90% of the time not understanding) every PoC articles; then go posting "but if that blablabla , if this blablabla, we are owned !"
It is because most infos on the web (and elsewhere) are not explained in practical, easily understood terms for the non-IT professional. Hell, there are IT pros with PhDs that scratch their heads too. It's the lack of readily accessible, easy to understand infos.
It is just like the SMB\Eternal Blue\DoublePulsar ballyhoo. It had some people figuratively buying arms & ammunition along with survival gear.
- Dec 23, 2014
- 8,497
The source of this article are :
Tyranid's Lair: Reading Your Way Around UAC (Part 1)
Tyranid's Lair: Reading Your Way Around UAC (Part 2)
Tyranid's Lair: Reading Your Way Around UAC (Part 3)
The conclusion about SUA:
"What about Over-The-Shoulder elevation, where you need to supply a username and password of a different user, does that suffer from the same problem? Due to the design of UAC those "Other User" processes also have the same Logon Session SID access rights so a normal, non-admin user can access the elevated token in the same way. Admittedly just having the token isn't necessarily exploitable, but attacks only get better, would you be willing to take the bet that it's not exploitable?"
The author pointed out the theoretical elevation vulnerability when supplying credentials on SUA. It could be exploited (maybe). But, there is known vulnerability related to stealing credentials on SUA. The Malware is running in the background and waiting. When you try to elevate something, then it hides the UAC prompt and shows the fake one. After stealing credentials, it elevates without problems. Windows has a policy (and reg tweak) to prevent this vulnerability - if activated, then you must press CTRL-ALT-DEL to show the credentials window.
Edit.
Another well known possibility, is stealing admin credentials from the cache. Caching the credentials is not very useful in home networks, so it should be disabled by policy setting or the reg tweak.
Last edited:
- Jan 16, 2017
- 1,469
Right! Many information on web is explained in very difficult ways. Can't understand those complex technical words. To a non native english person, it becomes even harder. So many times I end up misunderstanding or not understanding at all.
- Jul 3, 2015
- 8,153
Thanks once again to @Andy Ful for interesting and understandable info!
- May 11, 2011
- 444
- Jul 6, 2017
- 271
I might be misinformed but I still prefer doing those few things that need administrator privileges via SUA than logging into Admin account. If I'm that extremely unlucky to catch some kind of malware of which presence I'm not aware and that could exploit my granting administrator privileges to some legit process, I'm fairly sure that logging into my Admin account to do the job wouldn't help at all.
But if I'm wrong, I'll gladly stand corrected and learn something new. 
- Jan 4, 2016
- 1,022
I don't use SUA. Using an admin account with proper default-deny security makes you have much more control and usability. Then, there is a lot of malware which works properly without admin privilegies
Indeed, don't forget SUA is about risks mitigation, not supposed to stop all attacks .
- Dec 23, 2014
- 8,497
Many MalwareTips members (like me) treat their computer as experimental lab, so they often need admin rights. Default deny protection is also my favorite. And of course, using SUA if far away of bullet proof security.
But it is also true that default deny protection can be for many users far more frustrating than SUA!
SUA is still the most efficient solution, for people who do not need frequently admin rights.
Edit1.
Here is some statistics (again), let's look at it in the context of the 0-day malware:
Edit2.
Every security solution is stronger on SUA as compared to Admin account.
But it is also true that default deny protection can be for many users far more frustrating than SUA!
SUA is still the most efficient solution, for people who do not need frequently admin rights.
Edit1.
Here is some statistics (again), let's look at it in the context of the 0-day malware:
- About 80% malware run with the rights higher than standard user.
- 86% of Critical vulnerabilities affecting Windows could be mitigated by removing admin rights.
- 99.5% of all vulnerabilities in Internet Explorer could be mitigated by removing admin rights.
- 82% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights.
- 85% of Remote Code Execution vulnerabilities could be mitigated by removing admin rights.
- 82% of Critical vulnerabilities affecting Windows 10 could be mitigated by removing admin rights.
- 63% of all Microsoft vulnerabilities reported in 2015 could be mitigated by removing admin rights.
Edit2.
Every security solution is stronger on SUA as compared to Admin account.
Last edited:
- Jul 3, 2015
- 8,153
I changed my vote to "yes".Many MalwareTips members (like me) treat their computer as experimental lab, so they often need admin rights. Default deny protection is also my favorite. And of course, using SUA if far away of bullet proof security.
But it is also true that default deny protection can be for many users far more frustrating than SUA!
SUA is still the most efficient solution, for people who do not need frequently admin rights.
Edit1.
Here is some statistics (again), let's look at it in the context of the 0-day malware:
I know many antivirus solutions that have worse statistics on Admin account.
- About 80% malware run with the rights higher than standard user.
- 86% of Critical vulnerabilities affecting Windows could be mitigated by removing admin rights.
- 99.5% of all vulnerabilities in Internet Explorer could be mitigated by removing admin rights.
- 82% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights.
- 85% of Remote Code Execution vulnerabilities could be mitigated by removing admin rights.
- 82% of Critical vulnerabilities affecting Windows 10 could be mitigated by removing admin rights.
- 63% of all Microsoft vulnerabilities reported in 2015 could be mitigated by removing admin rights.
Edit2.
Every security solution is stronger on SUA as compared to Admin account.
That is the best thing you could do, you said you need admin account to use Hebrew character, doesn't Win10 support it ? or you need a dedicated software?
- Jul 3, 2015
- 8,153
The story is I gave in to Microsoft. They are aggressively pushing the new Hebrew keyboard layout, so I decided I would learn it, and I gave up on the legacy keyboard layout. Everything comes with a price.
