Less rights will even make Adobe Reader secure...

Hi malware fighters,

The majority of malicious PDF, Word, PowerPoint and Excel files will only infest when the user has logged on with full admin rights, high time for users to lower their rights. “Almost all shellcode that is found inside malicious documents will download a trojan through HTTP to write to SYSTEM32 and then execute the malcode”. So if the infectious code cannot write to SYSTEM32, the shellcode will fail and the malware cannot infest the OS. “To be protected against these kind of attacks one should limit one’s user rights.” For Windows 7 and Vista this already takes place via UAC.

Less rights
The users of Windows XP have no alternative then use a standard account, but that can also lead to problems. However there is a way to prevent risky applications like Adobe Acrobat and Microsoft Office full admin rights. You can use two popular tools to do this - DropMyRights and StripMyRights. Both programs will produce a “restricted token” and will launch mentioned software with less rights. Acooding to Didier Stevens both DropMyRights and StripMyRights have some drawbacks. That is why he developed an alternative by the name of LowerMyrights, that will be presented soon.

For those that cannot wait the Belgian security expert writes in a blogposting how to set Software Restriction Policies using SAFER so certain applications will be run with a fully functional “rstricted token”. In such a way even programs like Adobe Reader can be used safely.
Links: http://blog.didierstevens.com/2009/09/27/preventing-malicious-documents-from-compromising-windows-machines/
http://blog.didierstevens.com/2009/09/28/quickpot-safer-and-malicious-documents/
on SAFER: http://blogs.msdn.com/michael_howard/archive/2005/01/31/363985.aspx

polonus

I have several customers that run programs that need admin rights in order to run. It’s such a pain.

At least, if they upgrade to Vista or Win 7, I think they’ll be able to right-click the icon, and do a “Always run as administrator” or whatever it is.

That all depends on when they want to spend a butt load of money to upgrade their OSes for their aging hardware.

Don’t use Adobe Reader:
http://forum.avast.com/index.php?topic=44686.0

Hi YoKenny,

We all know this. I use FoxitReader, but I used Adobe Reader as an example how less rights dramatically minimizes the impact of 97% of known malware for the Windows OS. DavidR has been propagating the use of DropMyRights for ages here and he was right from day one. But I agree with you it is unwise to use Adobe Reader, there are better alternatives,

polonus

You can use two popular tools to do this - DropMyRights
Even though this is no longer available from Microsoft, the program and instructions are still available from [url=http://mysharedfiles.no-ip.org/][b]MySharedFiles[/b][/url]: http://mysharedfiles.no-ip.org/DropMyRights/

It sometimes pays not to get rid of “OLD” software. :slight_smile: