With the number of hostile websites increasing every day surfing has
become a much more risky activity. In this article Gizmo shows you two
different ways to increase your surfing safety. Additionally he explains
how to configure all your programs that use the internet, to work more
safely.
A. Introduction
The good old days of casual and
carefree surfing are over. Today a simple act like clicking on a search
engine hit or responding to an ad may take you to hostile website whose
main mission is to infect your PC with spyware, trojans and worse.
Worse
still, hackers are now regularly attacking and compromising legitimate
websites and then using these sites to infect surfers.
And
don't expect your anti-virus program to save you. Many of these evil
sites make use of specially crafted malware products that your AV
program doesn't know about or cannot see.
Nor can you hope to be
saved by keeping your software up-to-date with the latest security
patches. These hostile sites often exploit new or undocumented flaws in
Windows, your browser or other products to take control of your PC.
The
good news is that it's possible to protect your PC against hostile
sites. There are actually several different ways but in this article I'm
going to discuss two of the most convenient ways. Happily, they are
also among the most effective.
A. Introduction
The
good old days of casual and carefree surfing are over. Today a simple
act like clicking on a search engine hit or responding to an ad may take
you to hostile website whose main mission is to infect your PC with
spyware, trojans and worse.
Worse still, hackers are
now regularly attacking and compromising legitimate websites and then
using these sites to infect surfers.
And don't expect
your anti-virus program to save you. Many of these evil sites make use
of specially crafted malware products that your AV program doesn't know
about or cannot see.
Nor can you hope to be saved by keeping your
software up-to-date with the latest security patches. These hostile
sites often exploit new or undocumented flaws in Windows, your browser
or other products to take control of your PC.
The good
news is that it's possible to protect your PC against hostile sites.
There are actually several different ways but in this article I'm going
to discuss two of the most convenient ways. Happily, they are also among
the most effective.
This
should start your default browser securely locked away in its own
sandbox. SandBoxie indicates to you the browser is sandboxed by putting
a "#" sign before and after your browser window title bar caption.
You
can use your sandboxed browser perfectly normally. In fact apart from
the # signs in the title bar you wouldn't know that it is sandboxed.
But sandboxed it is. That means that for all practical purposes your real PC cannot get infected by visiting a hostile website.
When
you have finished browsing shut down your browser and then right click
the yellow SandBoxie tray icon again. This time select "Terminate
Sandboxed Processes."
Once selected everything that happened while surfing is deleted, including of course any malware infections and files.
That
also includes of course any bookmarks you created and any files you
deliberately downloaded. If you want to permanently bookmark sites while
browsing in a sandbox I suggest you use an online bookmarking service
like Google Bookmarks or Del.icio.us. Advanced users can configure
Sandboxie to share bookmarks with the non-sandboxed version of your
browser thus making any new bookmarks created while surfing in the
sandbox permanent. Details can be found on the Sandboxie site.
You
can copy downloaded files from your sandbox to your real PC before you
delete the sandbox contents. That way you permanently keep file you
want. You can find full instructions how at the SandBoxie site here. I
do however suggest that before you move any file out of the sandbox that
you actually first install the downloaded file from within the sandbox.
If your security software doesn't sound any alarms and the programs
seems to be behaving as you expect then go ahead and move it to your
real PC and install it again. Remember though to still delete the
contents of the sandbox.
For more information on using SandBoxie consult the online tutorials at the SandBoxie site
C. Running your browser with reduced privileges using DropMyRights
For a hostile website to install malware on your PC the malware must
have access to full "administrator" rights on your PC. That's not
normally a problem as most Windows users operate with full
administrative privileges; its the default setup for users in all
Windows systems prior to Vista.
By denying malware
access to administrator rights you can prevent it from installing. The
easiest way to do this is to use a limited rights Windows user account
rather than one full administrator privileges.
It
sounds like a great idea but there are many practical problems using a
limited user account. For example lots of simple routine tasks like
changing the system clock, plugging in a USB drive, running a defragger
and updating software can't be carried out in a limited user account.
An
alternative approach and more practical is to adopt the converse
policy, that is, to routinely use an administrator account with full
rights but reduce the privileges just of your web browser and other
risky programs. It's a strategy that offers fewer inconveniences than
running a limited user account at the cost of a slightly lower level of
security.
Several free tools are available that allow
you run your browser and other specified programs with reduced
privileges. Best known is Microsoft's own DropMyRights which works with
Windows XP and above.
Using DropMyRights is quite easy.
In essence you use the program to create a desktop shortcut to a
special version of your browser that operates with limited privileges.
To surf safely you just click the desktop icon. If you want to use your
browser normally with full administrator privileges then just start
your browser the normal way.
The instructions for
installing and using DropMyRights with Internet Explorer on the author's
site are a bit cryptic for beginners so I've created a fuller version
below:
1. Download DropMyRights from here It's only a tiny 164KB file so it should download in just a few seconds.
2. Locate the downloaded file DropMyRights.msi and double click it to start the install. Accept the EULA and click "Next"
3.
When asked the location of the installation folder cut and paste the
following line into the box and then click "Next" and then "Close."
C:\Program Files\DropMyRights
4. Right click on your Desktop and select New / Shortcut
5.
In the first screen of the shortcut wizard cut and paste one of the
following lines into the blank box headed "Type the location of the
item:"
Cut and paste the following line if you use Firefox as your browser:
"C:\Program Files\DropMyRights\DropMyRights.exe" "C:\Program Files\Mozilla Firefox\firefox.exe"
Cut and paste the following line if you use Internet Explorer as your browser:
"C:\Program Files\DropMyRights\DropMyRights.exe" "C:\program files\internet explorer\iexplore.exe"
6.
Click "Next" and enter an appropriate name for your Shortcut for
example "Safe Firefox" or "Limited User Internet Explorer" then click
"Finish."
That's it. You now should have a desktop shortcut that when clicked starts up your browser with limited rights.
If
it doesn't work then it's possible your browser is not installed in the
default location. If so edit the shortcut settings to point to the
correct location for your browser.
Browsing with
limited rights is not really any different to browsing normally except
that it's way safer. Some operations that require admin rights may not
work but if you run into these problems then you can start your normal
browser with full admin rights to complete whatever operation you were
attempting. That's a small price to pay for avoiding infection.
D. Running other internet facing applications using DropMyRights
The
procedure for running your email program, IM client, media player and
other internet based applications using DropMyRights is essentially the
same as that for your browser that I outlined in section C above.
What differs is the command line you use in step 5.
The
exact command line you use is different for every program but there's
an easy way to work out what that command line is for any program. You
do this by using the shortcut or program icon you use to launch the
program.
For a hostile website to install malware on
your PC the malware must have access to full "administrator" rights on
your PC. That's not normally a problem as most Windows users operate
with full administrative privileges; its the default setup for users in
all Windows systems prior to Vista.
By denying malware
access to administrator rights you can prevent it from installing. The
easiest way to do this is to use a limited rights Windows user account
rather than one full administrator privileges.
It
sounds like a great idea but there are many practical problems using a
limited user account. For example lots of simple routine tasks like
changing the system clock, plugging in a USB drive, running a defragger
and updating software can't be carried out in a limited user account.
An
alternative approach and more practical is to adopt the converse
policy, that is, to routinely use an administrator account with full
rights but reduce the privileges just of your web browser and other
risky programs. It's a strategy that offers fewer inconveniences than
running a limited user account at the cost of a slightly lower level of
security.
Several free tools are available that allow
you run your browser and other specified programs with reduced
privileges. Best known is Microsoft's own DropMyRights which works with
Windows XP and above.
Using DropMyRights is quite easy.
In essence you use the program to create a desktop shortcut to a
special version of your browser that operates with limited privileges.
To surf safely you just click the desktop icon. If you want to use your
browser normally with full administrator privileges then just start
your browser the normal way.
The instructions for
installing and using DropMyRights with Internet Explorer on the author's
site are a bit cryptic for beginners so I've created a fuller version
below:
1. Download DropMyRights from here It's only a tiny 164KB file so it should download in just a few seconds.
2. Locate the downloaded file DropMyRights.msi and double click it to start the install. Accept the EULA and click "Next"
3.
When asked the location of the installation folder cut and paste the
following line into the box and then click "Next" and then "Close."
C:\Program Files\DropMyRights
4. Right click on your Desktop and select New / Shortcut
5. In the first screen of the shortcut wizard cut and paste one
of the following lines into the blank box headed "Type the location of
the item:"
Cut and paste the following line if you use Firefox as your browser:
"C:\Program Files\DropMyRights\DropMyRights.exe" "C:\Program Files\Mozilla Firefox\firefox.exe"
Cut and paste the following line if you use Internet Explorer as your browser:
"C:\Program Files\DropMyRights\DropMyRights.exe" "C:\program files\internet explorer\iexplore.exe"
6. Click "Next" and enter an appropriate name for your Shortcut
for example "Safe Firefox" or "Limited User Internet Explorer" then
click "Finish."
That's it. You now should have a desktop shortcut that when clicked starts up your browser with limited rights.
If
it doesn't work then it's possible your browser is not installed in the
default location. If so edit the shortcut settings to point to the
correct location for your browser.
Browsing with
limited rights is not really any different to browsing normally except
that it's way safer. Some operations that require admin rights may not
work but if you run into these problems then you can start your normal
browser with full admin rights to complete whatever operation you were
attempting. That's a small price to pay for avoiding infection.
D. Running other internet facing applications using DropMyRights
The procedure for running your email program, IM client, media player
and other internet based applications using DropMyRights is essentially
the same as that for your browser that I outlined in section C above.
What differs is the command line you use in step 5.
The
exact command line you use is different for every program but there's an
easy way to work out what that command line is for any program. You do
this by using the shortcut or program icon you use to launch the
program.
5. In the Target box you will see an entry similar to the following:
"C:\Program Files\Outlook Express\msimn.exe"
This
is the name and location of the actual Outlook Express program. What we
need to do is prefix this with the command that runs the DropMyRights
program. Here's the command below. Copy it now and in the next step we
will paste it.
"C:\Program Files\DropMyRights\DropMyRights.exe"
6.
Left Click on the very first position in the Target box, just to the
left of the "C:\... and paste the DropMyRights command you copied in the
last step. Make sure there is exactly one space between the line you
pasted and the original contents of the target box. If done correctly
your Target box line should now look like this:
"C:\Program Files\DropMyRights\DropMyRights.exe" "C:\Program Files\Outlook Express\msimn.exe"
Note the space between " "
7. Click "Apply" then "OK" and the window should close.
8. One last step. Rename the copied desktop icon to something like "Safe Outlook Express" or "Outlook Express - Limited User."
9 That's
it. Your copied icon when clicked will now launch Outlook Express with
the restricted rights of a Windows limited user. In the future collect
your mail by using this safe version of Outlook Express and you'll be
much better protected from email borne infections.
This
example uses the icon for Outlook Express but the same approach can be
used to create safe versions of all your applications that use the
internet.
No comments:
Post a Comment