Darksat
|
|
« on: August 23, 2006, 08:28:11 am » |
|
BASIC SANDBOXING OF PROGRAMS this has no relation to S.E.O
One of the most dangerous things you can do is run a web capable program as an admin or root user. as an admin/ root user any program you run has full access to everything on your harddrive. In windows XP it is possible to create a guest account that has a lot more security restrictions quite easily through the user control panel. Many users however prefer to run in root. the security solution for this is known as sandboxing. basically it allows you to run programs from your admin account with guest privilages, this is recommended for all programs accesing external data, explorer, kazaa, opera, etc
simply create a shortcut similar to below with your user name for your guest account after user: if its a non networked machine its just going to be something like user:guest, if its a network machine it will be similar to below.
%windir%\system32\runas.exe /profile /user:IMI_LONDON\guest "C:\Program Files\Opera75\opera.exe"
this code is designed to run the opera browser however just change "C:\Program Files\Opera75\opera.exe" to whatever program you want to run. a dos window will popup asking for the password for the guest account, if there is no password for it just hit return and your program will run as your guest account through your admin account, preventing viruses and infections from accessing system files where they normally like to hide.
Remember, play safe, SANDBOX
This has been another public security announcement by DARKSAT.
|
|
« Last Edit: August 23, 2006, 08:30:37 am by Darksat »
|
Report Spam
Logged
|
|
|
|
|
neutron2k
|
|
« Reply #1 on: August 23, 2006, 09:28:08 am » |
|
I never knew about this you learn somthing new every day What is your opinion about net capable games running under admin accounts?
|
|
|
|
Darksat
|
|
« Reply #2 on: August 23, 2006, 09:46:03 am » |
|
Depends on the game. Games are targeted a lot less than browsers, mail apps and filesharing programmes, saying that if you downloaded it from somewhere iffy I wouldnt recommend it. There are a few games with security holes but in general they are reasonably secure. its still a point of entry though.
|
|
|
|
neutron2k
|
|
« Reply #3 on: August 23, 2006, 09:59:04 am » |
|
All my games are purchased from the shelves. I don't do file sharing. I'm dead against it. P2P has brought nothing but severe viral infections and trouble imo.
|
|
|
|
Darksat
|
|
« Reply #4 on: January 27, 2007, 08:46:28 am » |
|
You could always sandbox your P2P app. in fact its a really good idea so you dont get infected by crap you download.
|
|
|
|
Defcon 5
|
|
« Reply #5 on: January 27, 2007, 08:56:31 am » |
|
Oh my god thats a brilliant idea I love it best thing i have ever heard of sandboxing i love it
|
|
|
|
Defcon 5
|
|
« Reply #6 on: January 27, 2007, 09:11:32 am » |
|
so whats this part about ? "IMI_LONDON"
|
|
|
|
Darksat
|
|
« Reply #7 on: January 27, 2007, 09:52:59 am » |
|
so whats this part about ? "IMI_LONDON"
I was on a network called IMI_London at the time I wrote that tutorial. Just replace that bit with what comes up in your username/login field.
|
|
|
|
Defcon 5
|
|
« Reply #8 on: January 27, 2007, 09:57:57 am » |
|
Oh right it works even if i use IMI_LONDON then :s
|
|
|
|
Darksat
|
|
« Reply #9 on: January 27, 2007, 10:02:41 am » |
|
Err, No You want to put in what comes up in your login box eg replace /user:IMI_LONDON\guest with whatever is appropriate eg MSHOME/guest or workgroupname/guest or pcname/guest
When you hit control alt delete in XP it should say, you are logged in as "whatever/username" thats what you put in.
**EDIT** Actually you should put in the login field of your restricted account but it should have the same firstpart and whatever lastname you have (normally guest)
|
|
« Last Edit: January 27, 2007, 10:05:37 am by Darksat »
|
Report Spam
Logged
|
|
|
|
Defcon 5
|
|
« Reply #10 on: January 27, 2007, 10:05:41 am » |
|
yeah thats what i did after you said pcname/sandbox but it also works if i put in IMI_LONDON
|
|
|
|
Darksat
|
|
« Reply #11 on: January 27, 2007, 10:10:07 am » |
|
If its a home PC it will, but if your authenticating over a network you will probably need to modify it.
|
|
« Last Edit: January 27, 2007, 10:11:39 am by Darksat »
|
Report Spam
Logged
|
|
|
|
Defcon 5
|
|
« Reply #12 on: January 27, 2007, 10:15:36 am » |
|
Oh right yeah just a home pc , I don't know anything about networking you should do some posts on that .
|
|
|
|
Darksat
|
|
« Reply #13 on: January 27, 2007, 01:20:17 pm » |
|
Are you really that worried if its not your PC? OK, I will stick up some stuff on securing a network when I get the time.
|
|
|
|
Defcon 5
|
|
« Reply #14 on: January 27, 2007, 01:24:25 pm » |
|
have to learn some day. i got some bits from college to setup a small crossover network at home last time i tried at college i couldn't do it.
|
|
|
|
|
|