Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Why you should be on a Standard user account
Message
<blockquote data-quote="Andy Ful" data-source="post: 812074" data-attributes="member: 32260"><p>If I correctly remember Chrome uses the Task Scheduler. The special scheduled task is created when you install Chrome, and this requires Admin rights. Every update starts as an elevated process and it is not running on SUA. This is true also for most Windows system tasks. If you are infected on SUA, then the malware starts with standard rights - this is a big difference.</p><p></p><p>Edit.</p><p>Almost all UAC bypasses rely on the fact that the malware and elevated processes run on the same account - this is the case on Admin account. When you use SUA and do not use Admin password, then the malware cannot steal the admin privileges, because the elevated processes run on another account and are invisible to the malware.</p><p>On Admin account UAC tries to isolate elevated processes from not elevated (<span style="font-size: 15px"><strong>User Interface Privilege Isolation)</strong></span>, but it is impossible to do it right by design, when both elevated and unelevated processes run on the same account.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 812074, member: 32260"] If I correctly remember Chrome uses the Task Scheduler. The special scheduled task is created when you install Chrome, and this requires Admin rights. Every update starts as an elevated process and it is not running on SUA. This is true also for most Windows system tasks. If you are infected on SUA, then the malware starts with standard rights - this is a big difference. Edit. Almost all UAC bypasses rely on the fact that the malware and elevated processes run on the same account - this is the case on Admin account. When you use SUA and do not use Admin password, then the malware cannot steal the admin privileges, because the elevated processes run on another account and are invisible to the malware. On Admin account UAC tries to isolate elevated processes from not elevated ([SIZE=4][B]User Interface Privilege Isolation)[/B][/SIZE], but it is impossible to do it right by design, when both elevated and unelevated processes run on the same account.(y) [/QUOTE]
Insert quotes…
Verification
Post reply
Top