LandzDown Forum

On one of my most machines (XP Pro) and i assume Home addition similar in fashion, there are items located at LOCAL SECURITY SETTINGS (Courtesy Microsoft Developers), under user rights permissions (accessed from CONTROL PANEL) that allow the ADMIN (Owner) to make various selections to a whole host of USER RIGHTS ASSIGNMENTS.

There is surfaced i do believe a Gromozon malware that effectively in many instances if not all, once entered a system, resets some of those rights to create it's own encrypted User Account in a stealthy manner as to go un-noticed by the user at the time AND THUS BY ESTABLISHING IT'S OWN PERMISSIONS makes resetting them a 9 to 5 job for someone.

Can these settings be effectively disabled or at the very least, alerted to via Event Viewer, to thwart or shield from this method of changing the default patterns set by the computer system at those settings which no doubt reside someplace in our most annoying database known as the windows registry. Links are welcome.

THANKS

occasionaly a program won't work my way, but i make a short cut of it and then when i need it i right click and run as admin ( photo edit and things ) ewido works good but aaw wants admin to update

i have 3 users on my xp
admin\
me\
ghost

admin i only use for windows updates and never surf with
me i use for all the web surfing

ghost has admin but i have never used it, it is my ace in the hole, one last chance to gain controll if something did get in i would have admin rights to change passwords and such

but now i spend my time online with UBUNTU and it came with firefox/e-mail program, firewall set up that will pass grc.com, open office, gimp and in installed avast av for linux so have no reason to use xp for on the web. doesn't have plugins for ff but can take extensions the same way. and adding plugins to ff is a real pain in linux but i don't use them, and it even uses open source java

as far as vista goes from what i read the cheap home version is pretty empty of goodies, and like any new os the first year will be spent de-bugging and getting things to work and patching flaws

The privileges are also just the potential of doing something in Windows. The admin has all kinds of privileges, yet not all of them are active (Vista introduces two levels of privileges with UAC). Every process and thread gets a token (usually inherited) that contains the privilege information.

Invisible user accounts are easily created by messing in the SAM key of the registry (which drivers or services can easily do). So since the respective APIs get confused, your "hidden" account will not be listed anymore.

Now the system policy allows you to get eventlog entries upon successful or failed use of some critical privileges. You may choose this setting to keep track. However, not only will you quickly notice that your eventlog gets quickly filled - it might not be of any value for a normal user in the aftermath (though admins would use this in a forensic analysis).


Ehrm and one problem with Corrine's statement: IMO neither Mac nor Linux (which is only a kernel) is safer than Windows in any respect. It is always a matter of settings ... and these are still chosen by the vendor/creator of the distribution you have.