> -----Original Message----- > From: Michael Kintzios [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 09, 2006 9:12 AM > To: gentoo-user@lists.gentoo.org > Subject: RE: [gentoo-user] antivirus > > > -----Original Message----- > > From: Bob Young [mailto:[EMAIL PROTECTED] > > Sent: 08 March 2006 21:05 > > To: gentoo-user@lists.gentoo.org > > Subject: RE: [gentoo-user] antivirus > > > [snip] > > As to <insert App Name here> not running without Admin > > rights, most of those > > cases can be taken care of with RunAs. It's better to run a > > single App with > > Admin privledges rather than have all apps including email > > and browsers > > running with Admin rights. > > Actually, it would be better to troubleshoot the particular application > and allow it write/execute or modify rights *only* to the files it needs > to access for the particular plain user (typically some files or a > folder under C:\Program Files).
In most cases it's not blocked file writes that cause these apps to fail, it's blocked access to registry keys. In many cases, I'm convinced it's simply a matter of the app incorrectly specifying read/write access to a value or key that it really only needs read access to. It would be inappropiate and dangerous to grant registry write permissions to regular users, even just for certain keys or subsections, just to fix one or two badly designed apps. If it were just a matter of writing to files under the "Program Files" directory, then the apps would work under a PowerUser account, and yet there are indeed badly designed apps that fail to run as a PowerUser, but work fine when executed with Admin rights. > It may take some time to set up access rights for all such badly written > apps, but it'll keep your M$Windoze box as safe as it will ever be. If > in addition you shut down all the open by default Windoze ports > (135-139, 445, 500, 1900, 4000 + remote admin) and disable I agree that a properly configured firewall is important to system security on any machine with a public IP address, that's true regardless of what operating system is running on it. > unnecessary/dangerous services and also stop using OE and IE (or at > least stop using them with their default settings) you should be safe > enough going about your normal business. I've never used OE under Windows, I consider it a throw away app, I find the full version of Outlook much more capable. As to the defaults for it and IE, I'd agree that it's possible to choose more "lockedown" settings. I'm less concerned about this if they are running under a non Admin account and are behind a decently configured firewall. Personally I find html email much more readable and expressive than bland ASCII text, that being said, neither I nor my wife open unknown/untrusted attachments. WRT IE, I enable/disable scripting/ActiveX depending on what I'm doing and what I know about my destination(s). Regards, Bob Young -- gentoo-user@gentoo.org mailing list
