Darksat IT Security Forums
June 26, 2019, 03:52:23 pm
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  

BASIC SANDBOXING OF PROGRAMS


Pages: [1] 2
  Print  
Author Topic: BASIC SANDBOXING OF PROGRAMS  (Read 6919 times)
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« on: August 23, 2006, 08:28:11 am »


BASIC SANDBOXING OF PROGRAMS
this has no relation to S.E.O

One of the most dangerous things you can do is run a web capable program as an admin or root user.
as an admin/ root user any program you run has full access to everything on your harddrive.
In windows XP it is possible to create a guest account that has a lot more security restrictions quite easily through the user control panel.
Many users however prefer to run in root.
the security solution for this is known as sandboxing.
basically it allows you to run programs from your admin account with guest privilages, this is recommended for all programs accesing external data,
explorer, kazaa, opera, etc

simply create a shortcut similar to below with your user name for your guest account after user:
if its a non networked machine its just going to be something like user:guest, if its a network machine it will be similar to below.

%windir%\system32\runas.exe /profile /user:IMI_LONDON\guest "C:\Program Files\Opera75\opera.exe"

this code is designed to run the opera browser however just change "C:\Program Files\Opera75\opera.exe" to whatever program you want to run.
a dos window will popup asking for the password for the guest account, if there is no password for it just hit return and your program will run as your guest account through your admin account, preventing viruses and infections from accessing system files where they normally like to hide.

Remember, play safe, SANDBOX

This has been another public security announcement by DARKSAT.
« Last Edit: August 23, 2006, 08:30:37 am by Darksat » Report Spam   Logged

neutron2k
Elite-Member
Master
*****
Posts: 469



View Profile WWW
« Reply #1 on: August 23, 2006, 09:28:08 am »

I never knew about this Smiley you learn somthing new every day Smiley

What is your opinion about net capable games running under admin accounts?
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #2 on: August 23, 2006, 09:46:03 am »

Depends on the game.
Games are targeted a lot less than browsers, mail apps and filesharing programmes, saying that if you downloaded it from somewhere iffy I wouldnt recommend it.
There are a few games with security holes but in general they are reasonably secure.
its still a point of entry though.
Report Spam   Logged
neutron2k
Elite-Member
Master
*****
Posts: 469



View Profile WWW
« Reply #3 on: August 23, 2006, 09:59:04 am »

All my games are purchased from the shelves. I don't do file sharing. I'm dead against it. P2P has brought nothing but severe viral infections and trouble imo.

Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #4 on: January 27, 2007, 08:46:28 am »

You could always sandbox your P2P app.
in fact its a really good idea so you dont get infected by crap you download.
Report Spam   Logged
Defcon 5
Master
*****
Posts: 2410



View Profile WWW
« Reply #5 on: January 27, 2007, 08:56:31 am »

Oh my god thats a brilliant idea I love it Cheesy best thing i have ever heard of sandboxing i love it Grin
Report Spam   Logged
Defcon 5
Master
*****
Posts: 2410



View Profile WWW
« Reply #6 on: January 27, 2007, 09:11:32 am »

so whats this part about ? "IMI_LONDON"
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #7 on: January 27, 2007, 09:52:59 am »

so whats this part about ? "IMI_LONDON"

I was on a network called IMI_London at the time I wrote that tutorial.
Just replace that bit with what comes up in your username/login field.


Report Spam   Logged
Defcon 5
Master
*****
Posts: 2410



View Profile WWW
« Reply #8 on: January 27, 2007, 09:57:57 am »

Oh right it works even if i use IMI_LONDON then :s
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #9 on: January 27, 2007, 10:02:41 am »

Err, No
You want to put in what comes up in your login box
eg replace /user:IMI_LONDON\guest with whatever is appropriate
eg MSHOME/guest or workgroupname/guest or pcname/guest

When you hit control alt delete in XP it should say, you are logged in as "whatever/username"
thats what you put in.

**EDIT**
Actually you should put in the login field of your restricted account but it should have the same firstpart and whatever lastname you have (normally guest)
« Last Edit: January 27, 2007, 10:05:37 am by Darksat » Report Spam   Logged
Defcon 5
Master
*****
Posts: 2410



View Profile WWW
« Reply #10 on: January 27, 2007, 10:05:41 am »

yeah thats what i did after you said pcname/sandbox but it also works if i put in IMI_LONDON
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #11 on: January 27, 2007, 10:10:07 am »

If its a home PC it will, but if your authenticating over a network you will probably need to modify it.
« Last Edit: January 27, 2007, 10:11:39 am by Darksat » Report Spam   Logged
Defcon 5
Master
*****
Posts: 2410



View Profile WWW
« Reply #12 on: January 27, 2007, 10:15:36 am »

Oh right yeah just a home pc Grin, I don't know anything about networking you should do some posts on that Smiley.
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #13 on: January 27, 2007, 01:20:17 pm »

Are you really that worried if its not your PC? Grin

OK, I will stick up some stuff on securing a network when I get the time.
Report Spam   Logged
Defcon 5
Master
*****
Posts: 2410



View Profile WWW
« Reply #14 on: January 27, 2007, 01:24:25 pm »

have to learn some day. i got some bits from college to setup a small crossover network at home last time i tried at college i couldn't do it.
Report Spam   Logged

Pages: [1] 2
  Print  
 
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum

Buy traffic for your forum/website
Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.094 seconds with 13 queries.