stuartk2010

Also... part of the reason I was thinking this was a security hole is that there is obviously no separation of privileges between the admin and system users.

I have seen info suggesting that it isn't that hard to bypass UAC to escalate privileges, particularly when the user account has admin rights rather than being a standard user account. Here's an example: http://www.sophos.com/blogs/chetw/g/2009/1...e-8-10-viruses/ The whitepaper mentioned in that blog entry says that one way is to inject code into a trusted application. Or there are a number of discussions on various web forums about how to do it. I'm not going to post the URLs, but the info is out there.

I wound up getting a really good deal on KIS 2010, so I have moved to that. For now I am using MBAM as just an on-demand scanner (along with SAS Free version), but I see that some people are running MBAM real-time protection with KIS, so I will probably try that and see how it works. I have been looking into Sandboxie and other similar software. KIS has some sandbox features, but I didn't have much luck with that when I tried it. I'm using the 64-bit version of Win 7, so I'm not even sure that sandbox software works properly. What I'm seeing is that it can't actually block software from escaping the sandbox. So I have to wonder why run software in a sandbox in that case?

Depending on what kind of Win 7 license you have (you can't legally do it with an upgrade version), you might want to look into VMWare Player. They have another product called vCenter Converter that lets you take a running system and package it as a VM that you can run on another computer using VMWare Player. (Both products are free for personal use.) I'm running Window 7 64-bit, and I've tried the 32 and 64-bit version of Ubuntu, plus I did a fresh install of XP. All of these work extremely well with VMWare player. So you could take your old XP Pro system, package it up as a VM and then run it on your new computer when you need it. It's free to try, so you don't lose anything but a couple of hours of time trying it. (I enjoy doing stuff like that, so I don't mind spending the time on it.)

I tried Windows 7 Firewall Control Plus and found it was awkward to use and also kept losing it's settings, forcing me to basically start from scratch. I switched to PC Tools Firewall Plus and it seems to work pretty well. I'd sort of like something not quite so simplistic, but it's working so far. (The price is right too.) I've glanced at stem's Windows Firewall Guide (http://www.wilderssecurity.com/showpost.php?p=1449570&postcount=1) and it seems quite good. I'm going to read through it more carefully and see if it's a route I want to take. I also looked at the Agnitum site and blog. Outpost Pro might be worthwhile, but I have to dig into it a bit more and see what people's experiences with it are like. I also have thought about upgrading my NOD32 AV to the full package and using their firewall. This is another one I have to do some research on. I noticed that ESET doesn't seem to talk about their firewall features on their website, and I kind of wonder why they don't. (Or maybe I just didn't see it when I was looking around their site.)

I"m running Win 7 Home Premium 64-bit and tried to install MBAM 1.45. My regular user account is a standard user and I installed as that user. It asked for the admin password and installed. No problem so far. I wasn't able to actually register MBAM. It would say registration accepted or thank you or something like that, but that was it. So I wasn't able to start real-time protection, or have MBAM add itself as a startup program to start with Windows. It puzzled me for a bit, but I found that, unlike some other software, you actually have to register and configure MBAM as a user with admin privileges. Once I switched to my admin user, I was able to register it, and I setup real-time protection. I logged out and back into my regular account, and I had to tell MBAM to enable real-time protection there too, but as it was now registered I had no problem.

Now isn't _that_ a gaping security hole? So "at" runs as the system user and you can use at to open a shell for you. Any malware that can get administrative privileges can then get system privileges for anything it wants to run, and even the admin user won't be able to control it.

The first user setup on Vista and Windows 7 is by default given Administrative privileges. Accounts created after that are "Standard User" accounts by default. Administrative privileges means that Windows will pop up a dialog box and grey out the desktop (there's evidently a security reason for greying it out, but I'm not sure exactly how it works). The dialog will ask if you want to permit some action, as mentioned above. "Mother May I." The problem is that this procedure for approving escalation of privileges only works for well-behaved software. Malware can bypass that and get the escalation on its own without your approval or knowledge. The cure is to make sure that the account you normally use is a standard user. The system will then ask you for the password of the admin account before escalating privileges. There are also some few tasks that affect the entire system that you simply can't do as a standard user. For those you will have to Switch User (login) to the admin account, do what you need to do, and log out. If you're setting up a new system and you're going to, for example, have your normal user account be "bob," when the installer asks you to setup a user account, choose something like "bob-admin." It can be whatever you want, although I don't think it can be "Administrator" because that account is evidently disabled by default in Win 7 and maybe Vista too. Once the install is done and has applied all the updates, create another standard user account, and call it "bob" this time. This is the account you will use on a day-to-day basis for everything but administering the system. I went with "stuart" and "stuart-admin" and for the stuart-admin account I changed the desktop wallpaper and window decorations to be obnoxious, bright colors. I also disabled some of the eye candy. This way I will hopefully never forget when I am logged in as the admin user, and remember to switch to my regular account when I'm done with my administrative tasks. If you have already installed Vista or Win 7 and the account you're using has admin privileges, create _another_ user account and make it an admin user. Set a password and then logout and login as your new admin user to make sure you can access it. When you're satisfied you can, go into user management and change the type of your original account from admin to standard user. Never change all your users to standard user accounts! Never! You'll be locked out of all admin functions, including changing user type back to admin. At that point it's pretty much time for a re-install of Windows. (There might be a way of having into it, but I haven't looked to find out.) Always keep one admin user with administrative privileges. There was a recent report about using just a standard user account. I had tried running as a standard user on XP a while back, but it never really worked well. When it came time to move to Win 7, I checked into this topic beforehand and found out what was needed to do it. Then a few days ago I saw news items about a report that a company named BeyondTrust had released. It's worth reading. You'll be able to find the company's web site easily enough, but here are some of the news items that Google finds on the report: http://news.google.com/news/more?q=beyondt...d=0CDIQqgIoADAA If there's any interest, I could create a new thread about this, since it's somewhat off-topic in this one.

I goofed. I just looked and found out that Microsoft actually stopped selling XP in January of 2009. A lot of vendors are still selling it, but that's just because they still have licenses or stock left. I'd still be a bit miffed about Acer not supporting XP, but I can see their point. I think your best bet at this point is to get the system hooked up to the Internet and grab the drivers as exile360 mentions.

If you have things on this computer that you don't want to or can't afford to lose - are you doing backups? If you're going to get an external hard drive, get a big one (they're not that expensive for a 1TB or larger drive), and use it for backups as well as storing things like video or audio files. I like the Seagate USB external drives, BTW. They work well and it's a major name brand so you know they'll stand behind it if something breaks. Some of them even come bundled with backup software.

You can just download the package from http://www.malwarebytes.org/ for free.

I stopped using free AV software after I found it to not be that satisfactory. It is generally less effective than some other, better packages. I used NOD32 from Eset (www.nod32.com) and have been doing so for the last 5 years or so. It is very well-respected, does really well on the various tests, and won't slow down your computer like some other AV software. I also highly recommend Kaspersky AV. It also does really well at detection and cleaning, although it does seem to slow your system down a bit.

MBAM blocks this IP (IP-BLOCK 209.44.109.82), which is apparently http://www.softworkz.com/ This happens when I run Aid4Mail, which is the software I use to backup my e-mail. There is a web page explaining why Fookes phones home to this Softworkz site. http://www.aid4mail.com/activation.php