Paid Advertising
web application security lab

Archive for the 'Anti-Virus' Category

Local Admin Rights Genie just got a rub

Friday, June 23rd, 2006

In the spirit of my post on why companies shouldn’t use laptops like firewalls I did a little research on ways to mitigate giving users no access while still maintaining some level of control over Windows operating systems for when users need to install certain programs as administrator.  Then I came accross an interesting blog article that had a funny quote in it, speculating that it is in fact better to be a local user without admin privileges and without anti-virus than it is to be an admin with AV installed. In the same article he posted a link to SudoWN which is essentially sudo for Windows.

It’s a pretty clever idea, to allow users access only when it is known and intentional.  Of course there are unknown security holes in the system itself, and given keystroke loggers it sorta makes the point moot (yes you can build a keystroke logger in JavaScript even, no admin rights needed).  But it’s a concept worth exploring nontheless.