Drive by downloads: how to prevent
August 8, 2007 11:28 AM Subscribe
"Drive by downloads": Looking for a program or technique to prevent them, other than creating a limited user account in Windows XP.
I've tried setting up a user account with limited privileges to protect my computer from "drive by downloads" while surfing, but find it too limiting: I can't run certain programs (e.g. Acronis backup program) or erase some files, and my mouse pad settings get fouled up when switching back and forth from an administrator account, unless I do a total reboot.
So is there a technique, setting, or a program, that would allow me to pick and choose which limitations I put on the XP user account? For instance, disallow program installations but allow erasing files and running certain programs.
System: Windows XP, sp2, and my browser is Firefox. I believe some former MSFT employees may have developed something for IE, but I prefer to stick with Firefox.
I've tried setting up a user account with limited privileges to protect my computer from "drive by downloads" while surfing, but find it too limiting: I can't run certain programs (e.g. Acronis backup program) or erase some files, and my mouse pad settings get fouled up when switching back and forth from an administrator account, unless I do a total reboot.
So is there a technique, setting, or a program, that would allow me to pick and choose which limitations I put on the XP user account? For instance, disallow program installations but allow erasing files and running certain programs.
System: Windows XP, sp2, and my browser is Firefox. I believe some former MSFT employees may have developed something for IE, but I prefer to stick with Firefox.
Response by poster: To be more specific, I don't want to create a whitelist or blacklist, but rather want to be able to globally stop anything from downloading and installing without my awareness and permission.
posted by bbranden1 at 1:07 PM on August 8, 2007
posted by bbranden1 at 1:07 PM on August 8, 2007
(sandboxie isn't restricted to IE by the way -- it can lock down any program)
posted by rjt at 1:07 PM on August 8, 2007
posted by rjt at 1:07 PM on August 8, 2007
Best answer: Drive-by downloads arent really much of an issue anymore. Even IE (since service pack 2) gives a prompt for any downloads. Unless you have goofy active-x settings you should be ok. With firefox you should be twice as ok. Firefox wont install extensions unless you whitelist the domain and even then there's a 3 or 4 second countdown before the extension gets installed.
If you are regularly having problems with programs appearing on your computer without your authorization, I would imagine you have been compromised by a trojan or some very devious spyware. If a spyware cleaning doesnt stop this you may want to consider wiping your PC and doing a fresh install.
Also, were you using RunAs when using a limited account? I'm surpised to hear Acronis doesnt work that way.
posted by damn dirty ape at 2:49 PM on August 8, 2007
If you are regularly having problems with programs appearing on your computer without your authorization, I would imagine you have been compromised by a trojan or some very devious spyware. If a spyware cleaning doesnt stop this you may want to consider wiping your PC and doing a fresh install.
Also, were you using RunAs when using a limited account? I'm surpised to hear Acronis doesnt work that way.
posted by damn dirty ape at 2:49 PM on August 8, 2007
Response by poster: Good catch: I found out that I could do Acronis in "run as" mode if I set up a password in the Administrator account, but there were still odd problems with other programs, and intermittent difficulty with erasing files or folders that weren't in my own user account's My Documents folder. If it happens again, I'll pay more attention to, and post details about, that.
posted by bbranden1 at 4:29 PM on August 8, 2007
posted by bbranden1 at 4:29 PM on August 8, 2007
Best answer: Microsoft's program "Drop My Rights" allows the choice of running individual programs under limited account privileges.
The Washington Post's article about it is here:
http://blog.washingtonpost.com/securityfix/2006/04/windows_users_drop_your_rights.html
A Microsoft page with some explanation and a with a link to the download is here:
http://msdn2.microsoft.com/en-us/library/ms972827.aspx
posted by bbranden1 at 8:57 AM on August 10, 2007
The Washington Post's article about it is here:
http://blog.washingtonpost.com/securityfix/2006/04/windows_users_drop_your_rights.html
A Microsoft page with some explanation and a with a link to the download is here:
http://msdn2.microsoft.com/en-us/library/ms972827.aspx
posted by bbranden1 at 8:57 AM on August 10, 2007
« Older Overnight road trip stop, Columbus OH area to... | Are there any Release Management Engineers out... Newer »
This thread is closed to new comments.
posted by geoff. at 12:07 PM on August 8, 2007