IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New I'm not running as Admin. :-)
There's a big audit coming up and our IT "department" is trying to make sure we pass. They don't need any additional work, like setting up a new laptop for me, until that is done.

Tell me, or point me to an objective explanation, that tells me how UAC makes me (a user who doesn't open e-mails or click on links from unknown people, who doesn't visit pirate software sites, who has never inadvertently installed software under Winders, who runs SBS&D and Symantec AV, who has 30+ years of experience with computers of various kinds) more secure, please. I don't claim to be infallible when it comes to this stuff.

(And once it's on the Domain and the remote admin stuff is installed, it'll probably be locked down anyway, so it really doesn't matter how I feel about it. It's going to be set however they set it (meaning I can't install software without logging in as Admin anyway).)

Thanks.

Cheers,
Scott.
New Sheesh
If your IT "department" (it's one bloke and it's not his full-time job, amirite?) needs to prepare for an audit, they need to revisit how they do things daily. Seriously. That's fucked up.

Being audited is a case of showing the auditor the records they ask for. If it needs "preparation", then someone's not doing their job.*

UAC: https://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx



I have a low tolerance for excuses when it comes to this sort of thing. Well, I say "low tolerance". I really mean "no tolerance".

If I were to not do my job (in the worst case, this would mean missing a governance milestone, such as the final review before the tender goes to the prospective customer, or even missing the submission date - this last would probably have terminal consequences) and I were to present "but I was getting ready for audit" as my excuse, I'd be having meetings without coffee.

New Re: Sheesh
In wildly heterogeneous research environments with a history of researchers being able to do what they need to do on whatever hardware they need to do it on (everything from supercomputers to embedded controllers), and no formal end-user IT support to speak of, things don't always go the way they "should" when it comes to IT practices. Sometimes new requirements take effect with very little lead time as a result of mistakes and poor practices in another (unrelated) part of the "organization" that get press visibility. Adequate resources to implement those new requirements don't suddenly appear along with them.

Aircraft carriers can't turn on a dime, so to speak.

Thanks for the link.

Finally, the bottom slider position turns off UAC technologies altogether, so that all software running in a PA account runs with full administrative rights, file system and registry virtualization are disabled, and Protected Mode IE is disabled. While there are no prompts at this setting, the loss of Protected Mode IE is a significant disadvantage of this mode.


I don't run IE so that vector is not available.

Several people have observed that it's possible for third-party software running in a PA account with standard user rights to take advantage of auto-elevation to gain administrative rights. For example, the software can use the WriteProcessMemory API to inject code into Explorer and the CreateRemoteThread API to execute that code, a technique called DLL injection. Since the code is executing in Explorer, which is a Windows executable, it can leverage the COM objects that auto-elevate, like the Copy/Move/Rename/Delete/Link Object, to modify system registry keys or directories and give the software administrative rights. While true, these steps require deliberate intent, aren't trivial, and therefore are not something we believe legitimate developers would opt for versus fixing their software to run with standard user rights. In fact, we recommend against any application developer taking a dependency on the elevation behavior in the system and that application developers test their software running in standard user mode.

The follow-up observation is that malware could gain administrative rights using the same techniques. Again, this is true, but as I pointed out earlier, malware can compromise the system via prompted elevations as well. From the perspective of malware, Windows 7's default mode is no more or less secure than the Always Notify mode ("Vista mode"), and malware that assumes administrative rights will still break when run in Windows 7's default mode.


The answer is to not let malware get on the PC in the first place. The standard user response of Click OK when a popup appears on installing software doesn't protect users any more than not having the Click OK dialog in any situation I've come across on my machines. YMMV.

To be honest, this new laptop is the first one that I've turned the UAC all the way down on - I usually put it on the next to last setting. Maybe I should do that now. ;-)

Again, the settings for UAC and the rest are going to be out of my hands on the new laptop soon. So don't have heartburn over this. ;-)

Thanks.

Cheers,
Scott.
(Who isn't saying that all users should do what I do. And who isn't saying he's never broken his Windows install - that's happened a few times, but had nothing to do with UAC (e.g. breaking partitions on a stretched clone drive).)
New Re: The answer is to not let malware get on the PC in the first place.
Read this Register article and tell me you control what threats your machine is exposed to:

Malware menaces poison ads as Google, Yahoo! look away
Booming attack vector offers mass malware distribution, stealthy targeting


It's a long article, but informative.
Alex

"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."

-- Isaac Asimov
New AdBlock Plus is your friend.
The first thing I do after installing Windows is install an antivirus, update it, scan the system. Then I download the Chrome browser, install Adblock Plus and Flash Control, and then download and install Spybot Search & Destroy. I close the browser, let SBS&D do a scan, then Immunize the system.

From your link:

Experts recommend users run advertising or script blockers to prevent random redirection from malvertising. "Advertisers are really going to hate to hear this but blocking advertising for user protection is a really effective way of blocking malvertising," Schultz says.

Users can use script blockers or ad blockers to reduce their exposure. This reporter has anecdotal evidence that many in the industry run the likes of Ad-Block for security purposes. The scourge is so bad that Cisco's Schultz and the rest of the TALOS team recommend the blockers as a security measure. Schultz personally recommends Request Policy for Firefox users.


An ad blocker and all the rest is no panacea, of course. There's always a chance that "legitimate" companies will accidentally or intentionally infect their customers machines with a virus or a rootkit, for instance. But it dramatically reduces the chances.

FWIW.

Cheers,
Scott.
New AB+ sold out
But there is a new player on the field, EFF's Privacy Badger. It does not concentrate on the visual components of ads, but on the background behavior of the sources.
New Ah. Excellent. Thanks.
https://www.eff.org/privacybadger

Looks interesting. Thanks for the pointer.

Cheers,
Scott.
New No. Adblock plus is not your friend.
Adblock is. AB+ doesn't block all ads. Adblock does.

Confusing nomenclature, but there you go.
New Zooks. I missed all that.
I moved to ABP when AB wasn't available on Chrome and haven't kept up with the details.

https://getadblock.com/

Gotta reconfigure my browsers in the next few days... :-/

Thanks to you and scoenye for the pointers.

Cheers,
Scott.
New AdBlock has a deal as well, apparently
I'm currently looking into uBlock.
Regards,
-scott
Welcome to Rivendell, Mr. Anderson.
New AdBlock seems to hang on some pages for me.
E.g. for a while it seemed to be doing something with Disqus on Atrios's home page - the progress indicator wouldn't stop. (That seems to be fixed now.)

It's weird.

Oh well. I can't complain as I haven't paid anything for any of them yet...

Cheers,
Scott.

New Trying uBlock Origin at the moment.
AdBlock seems weird on more than just Atrios's page. I don't know whether the uBlock/uBlockOrigin[*] split is important, but uBO has more reviews on the Chrome store so it seems like a reasonable place to start.

We'll see how it goes.

Cheers,
Scott.
[*] - FF and Chrome(ium) only.
New I'm running uBlock on Safari
Seems ok so far.
Regards,
-scott
Welcome to Rivendell, Mr. Anderson.
New And so passes AdBlock...
http://www.theregister.co.uk/2015/10/02/adblock_flogged_off_to_mystery_buyer/

Within its headline announcement yesterday that it had been bought by an unnamed outfit, AdBlock said it is now participating in German competitor AdBlock Plus' Acceptable Ads program, which sets the criteria for whether publishers and websites can be unblocked by its filter.

Fixes the nomenclature confusion...
New After the front page story in the NY Times about adblockers...
It seem inevitable that there is going to be even more shakeouts in the ad blocker market after the NY Times finally lets the masses know about them, and after Apple finally lets them on the iPhones. Since there's so much money at stake in on-line ads, people will try to find a way around the blockers.

"Acceptable ads" policies may be a good thing, if the organization behind the standards really is sensible and independent. Web sites do need to find a way to be something other than money pits. But the Devil's in the details.

Cheers,
Scott.
New Cash-cows and Guns
seem to top any list of legislation-proof scams that flourish in countries with religions like vulture-capitalism. This one hits the fantasies of all the more-More-MORE afflicted. A huge group here.
So if we cannot alter what's in jelloware in these afflicted tribes? well.. we see what the pragmatists do later: target the mind-containers. Messy but effective.

I think it's simpler though: alter the early-inculcaton of what 'wealth' *means: and--like the polio virus--much of the later mayhem and massacre can be nipped in the cradle. We train-em-Up early or end up later: shooting-em-Down.


* a lengthy process, usually successfully inculcated only via active early-on parental demonstration: until mental health inspections verify the principle. Logic alone won't work, which really pisses off the people who like recipes for everything. (Same problem as 'proving' why early music exposure and education seems just as vital.) But if we ended stupid-wars and such, what would dull people do for excitement?
     Dell Latitude E7450 and Win8.1 Pro. - (Another Scott) - (25)
         Sounds like how I review hardware now - (drook) - (1)
             Yup. Life's too short. :-) -NT - (Another Scott)
         HDTune Read Benchmark for Hynix mSATA 512 GB SSD - (Another Scott)
         Winaero Tweaker. - (Another Scott)
         Life's too short - (pwhysall) - (18)
             UAC seems useless to me. - (Another Scott) - (17)
                 headdesk - (pwhysall) - (16)
                     I'm not running as Admin. :-) - (Another Scott) - (15)
                         Sheesh - (pwhysall) - (14)
                             Re: Sheesh - (Another Scott) - (13)
                                 Re: The answer is to not let malware get on the PC in the first place. - (a6l6e6x) - (12)
                                     AdBlock Plus is your friend. - (Another Scott) - (11)
                                         AB+ sold out - (scoenye) - (1)
                                             Ah. Excellent. Thanks. - (Another Scott)
                                         No. Adblock plus is not your friend. - (pwhysall) - (8)
                                             Zooks. I missed all that. - (Another Scott)
                                             AdBlock has a deal as well, apparently - (malraux) - (3)
                                                 AdBlock seems to hang on some pages for me. - (Another Scott) - (2)
                                                     Trying uBlock Origin at the moment. - (Another Scott) - (1)
                                                         I'm running uBlock on Safari - (malraux)
                                             And so passes AdBlock... - (scoenye) - (2)
                                                 After the front page story in the NY Times about adblockers... - (Another Scott) - (1)
                                                     Cash-cows and Guns - (Ashton)
         HDTune Read benchmark for Samsung 850 EVO 1TB - (Another Scott) - (1)
             Free year of "unlimited" storage at Amazon with 850 EVO purchase. - (Another Scott)

Powered (for now) by thermodynamics!
308 ms