jusupov.com

I’ve mentioned a few tips previously here and now I’ve found another great tool that helps you to stay even more secure in Windows XP. Introducing DropMyRights little usefull software written by Michael Howard who is specialist in security, working in the Secure Engineering group at Microsoft.

Before I begin with DropMyRights, let’s take a look at how Windows XP operates and how it can be vulnerable.

First off when you do a Windows XP install, somewhere at the end of the installation it will ask you to enter usernames to be used on that computer. You need to enter at least one username there otherwise it won’t let you pass to the next step. Well, did you know that Windows assigns Administrator rights to that users that you created?

What does that mean?

That means that these users can do a lot of System related tasks which usually allowed only to Administrator. I understand that if you are not a member of Administrator groups you will have a lot of restrictions and sometimes it’s just easy to add yourself into that group. However, this comes with a lot of responsibility. While you are surfing with Administrator rights you can easily get malware (malicious software) , viruses infect your system easier and also critical Windows system files can be at risk of modifying or even deletion.

What’s DropMyRights in this?

DropMyRights allows you to run applications with restricted rights (i.e. non-Administrator rights). This applies even if you are logged in as Administrator or if you are a member of Administrators group.

Why bother? I have AntiVirus softwares installed!

Sometimes, you are behind of patches and upgrades. Sometimes patches come only after you are infected.

How to install and use?

1. Download the application here and install it. The application will be installed in C:\Documents and Settings\%Username%\My Documents\MSDN\DropMyRights.
2. I’d like to copy the DropMyRights.exe file to somewhere else, for example C:\Downloads\DropMyRights.exe.
3. Now I can setup shortcut and type in the location of the item C:\Downloads\DropMyRights.exe “C:\Program Files\Internet Explorer\IEXPLORE.EXE” , then I give a proper name for the shortcut, let’s name it IE – Non-Admin.
4. It will create a shortcut with a default exe icon, you might want to change icon to IE icon or the application you are trying to run with DropMyRights.

Notes:

According to SANS Top-20 Internet Security Attack Targets (2006 Annual Update), Internet Explorer, Windows Libraries and MS Office are the most vulnerable.

Other alternatives:

• Alternative for Microsoft Windows XP – is Ubuntu Linux
• Alternative for Internet Explorer is – is Mozilla Firefox, very much popular these days
• Alternative for Microsoft Outlook (Express) is – Mozilla Thunderbird