Skip to main content

Login with admin privilege can make matters worse

Many windows users don't know that they login with administrator privileges. When viruses or worms attack, they use the user's privileges and they can make a catastrophe.

A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges -- an issue Microsoft has been hotly debating recently.

BeyondTrust Corp. (BTC), a software development company specializing in enterprise rights management, has indicated that the act of giving users administrative rights may leave systems more open to risk.

The report issued by BTC was prepared by assessing security vulnerability bulletins released by Microsoft in 2008, and identifying specific "mitigating factors" (those that could reduce or negate the risk of an attack) within the bulletin. If Microsoft reported that having fewer security privileges would negate or eliminate risk, BTC concluded that the vulnerability was admin-privilege related.

The result of the analysis of the 154 critical Microsoft vulnerabilities indicated that a full 92% could have been prevented if users were not logged into their systems with administrator status. BTC believes that restricting the number of users who can log in with these privileges will "close the window of opportunity" for attackers. This is particularly true for users of Internet Explorer and Microsoft Office. (Source: computerworld.com)

Microsoft has been relatively transparent in their revelation of security vulnerabilities, and has worked with organizations such as Cert.org to identify and address security concerns to the online community. (Source: cert.org)

While Microsoft is not denying the vulnerabilities present in its various Windows operating systems, they have not been exactly forthright about how internal programming "holes" (such as increased vulnerability for users with admin privileges) may make users susceptible to threats or attacks.

I think Microsoft users should be told that using admin privilege accounts is a potential security risk. I found out that many of them don't want to use normal/limited account for their daily account.

Linux users always use ordinary account (non-root acount) to do tasks that do not require admin/root privileges. Ubuntu users for example used to sudo command to do admin tasks like installing packages, upgrade packages etc. Other Linux users are very familiar with su command to do the same tasks. Certain apps will warn you if you run them as admin (ie root). This way Linux users reduce the risks of being infected or attacked by viruses, worms and other types of malwares.

Source

Comments

Popular posts from this blog

mplayer-gui error : Error in skin config file

After installing mplayer-gui package, I can't start it.

$ gmplayer MPlayer 1.1-4.8 (C) 2000-2012 MPlayer Team mplayer: could not connect to socket mplayer: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Error in skin config file on line 6: PNG read error in /usr/share/mplayer/skins/default/main Config file processing error with skin 'default'
After googling a bit, I found out that it was due to the png files in dir /usr/share/mplayer/skins/default. This is the default skin directory. To fix this error, I have to install ImageMagick package because I want to use the convert program to convert all of the png files to format png24. Thus, cd /usr/share/mplayer/skins/default; for FILE in *.png ; do sudo convert $FILE -define png:format=png24 $FILE ; done
Rerun gmplayer and all should be fine.
Have fun!
UPDATE (02-10-2017)

It doesn't work on Ubuntu 16.04 (xenial) but there's a workaround here.

You can update your syst…

Transparent proxy with squid 2.6

I have upgraded my squid from 2.5 STABLE13 to 2.6 STABLE18. Transparent proxy is setup differently in this version. You need this directives in squid.conf (usually in /etc or /usr/local/etc or /usr/local/squid/etc, check with your distro).

acl our_networks src 192.168.2.0/24 127.0.0.1
http_access allow our_networks
http_port 192.168.2.1:3128 transparent
always_direct allow all

where 192.168.2.1 is your proxy server IP address.


If you have flushed your iptables, create new rule:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

where 3128 is the port where squid is running.
References:
http://www.deckle.co.za/squid-users-guide/Transparent_Caching/Proxy

postfix - mailbox size limit and message size limit

postfix is my MTA of choice. I use it for my mailserver because its simplicity , security and sendmail-compatible (the widely used smtp in the world but not as secure). It is also extensible by plugging other servers for various purposes (antispam, antivirus,database etc).

I had one problem with file attachment larger than 10MB. Users couldn't send it although I have setup squirrelmail (SM) to be able to attach files summed up more than 20MB and I had modified php settings as per here. The problem was not in SM setting. It was postfix. By default, attachment size that can be sent by postfix is 10MB ~ 10240000 byte. How did I know it? I looked in log file (for my system it is in /var/log/mail/errors. For other system, the file to look is /var/log/maillog). The line looked like this:

Feb 26 16:30:53 webmail postfix/sendmail[30775]: fatal: me@mymailserver.org(74): Message file too big


Solution
Open /etc/postfix/main.cf with a text editor of choice and find message_size_limit directive an…