I was on the Wikipedia article for User Account Control and I came accross SuDown on the external links. It says it is UAC for XP. If anyone knows about this program, please clarify this, for SuDown, am I supposed to log in on my administrator account, or a limited account? Does this really help for security?
This almost sounds like using DropYourRights which has been used and described
in detail.
For more information you can look at:
http://forum.avast.com/index.php?topic=16849.msg241232#msg241232
It is quite a bit different to DMR it is about changing the actual account to still be one with administrator account but modified by SuDown
[b]suDown overview[/b]“suDown” is a play on words: it is the abbreviation of the terms “switch user down”. Basically it transforms your original Administrator account to a Sudoer account which is still an administrative account but runs in a low privileged environment. This approach provides you with extra security against malware and other unwanted programs during everyday work and also gives you easy access to higher privileges anytime you need them.
Transforming your user account into a Sudoer account is as easy as placing it to the so-called “sudoers” localgroup and suDown takes care of the rest. Privilege elevation in the low privileged environment can be evoked through the “sudo” program which is available from the command line and with the right-click context menu. The “sudo” command authenticates you with the password of your user account and executes the given application in the context of your user
but with administrative permissions. It also caches your password for 5 minutes so running multiple applications with high privilege is comfortable enough.
- But does it ask a visual sign (elevate privileges) or you must manually (context menu or cmd line) start it each time?
- Does it transform an administrator account into a sudoers’ one? Can this action be reverted?
I don’t really know I haven’t used it this is just some of the information that came up in a google search for SuDown.
- would say you don’t have to manually start it each time as you are logging on to the account run under sudown.
Basically it transforms your original Administrator account to a Sudoer account which is still an administrative account but runs in a low privileged environment. This approach provides you with extra security against malware and other unwanted programs during everyday work and also gives you easy access to higher privileges anytime you need them.
So because it runs effectively at low privileges so if something requires a higher privilege then it would request your password in much the same way as Vista UAC.
- It does appear to transform your account with admin privileges to one run under SuDown, I don’t know how easy it would be to revert the changes. The one thing I would say should I ever test it I would create a new user account with admin privileges and convert that to one run under sudown.
I’m thinking the contrary, i.e., when you’re logged in this account and you want to start an application with admin privileges you need to do it manually and it does not seem to be automatically invoked:
Privilege elevation in the low privileged environment can be evoked through the "sudo" program which is available from the command line and with the right-click context menu.
It’s automatic in Vista and Linux: when needed, a window come up and ask for admin (root) privileges.
Yeah, seems safer testing before.
Sorry I got what you posted as meaning something different like having to apply it to an application like you have to do with DMR. However, I don’t think you would have to escalate the privileges just to start an application, but I guess it would depend on what the program requires admin privileges for. This is the problem with running with lessor privileges and is also something that would be a problem in Vista that is an issue with the UAC.
I simply don’t know enough about it, but I would hope that it would be automatic in that when something tries to carry out a function requiring higher privileges it challenges with a dialogue where you enter the password (if you agree it should be done), rather than simply block it without your knowledge.
You have to be informed about what is going on in your system otherwise IMHO it isn’t worth using I hate programs that take autonomous actions that can have repercussions and you have no idea what has happened or why. This is not unlike those tools that block new start-up entries without asking for user input, e.g. the common issue with a missing avast con.
This is not unlike those tools that block new start-up entries without asking for user inputOne of the reasons I like WinPatrol. It asks to allow or block changes.