Limited User Privileges Protect PCs From Adware, Rootkits, Spyware and Viruses
Published on 08-19-2006 | Updated on 4-24-2007
Webroot, the manufacturer of Spy Sweeper has released a study which finds that 89% of PCs connected to the Internet contain some spyware/adware infections, with the average home computer hosting 30 different malware programs. Furthermore, according to the Webroot® State of Internet Security report, issued on March 28, 2007, 43 percent of companies surveyed globally have suffered a business disruption due to malware and 60 percent of businesses polled don't have an information security plan.
According to the Webroot study, purveyors of malware are increasingly harnessing the popularity of social networks and Web video to infect PCs. Spyware's threat is getting nastier. Infection rates are on the rise, in part thanks to the surging popularity of social-networking sites like MySpace.com.
"We're finding that the social-networking sites like MySpace are turning out to be hotbeds for spyware," CEO Dave Moll says. "People are creating multiple profiles, and the links on their sites will take you to sites that will either download or drive-by download adware and spyware."
It doesn't help that many younger users aren't sufficiently cautious about where and how they surf the Web, Moll says. "They're not looking out for danger in quite the way that more skeptical adults do," he says. "Kids on MySpace and sites like it act as though they are in a safe youth-only environment, and as a result their behavior is less cautious, and that is something that is being preyed upon by all kinds of Internet villains. And we think spyware creators will be the most aggressive in exploiting that."
Spyware creators are also employing a wider arsenal of weapons. They're piggybacking on other, more malicious types of programs such as rootkits, a type of program that conceals itself, and keyloggers, which record a user's keystrokes on a PC.
All of these infections on Windows PCs are possible in part because so many users are operating the computers with Administrator level privileges. This means that a virus or other malware program has the same rights as you do (full control), over the operating system. If the owners of these computers would switch to using a Limited User account to do their browsing, email and instant messaging the infection rate would drop off the measurable radar.
I have devoted an entire web page to the subject of creating and using Limited or Power User accounts, instead of using the default Administrator level account your computer started with. Go read that page, then create a new Limited or Power User account for your daily use. You can copy your existing settings and preferences to the new account, including your desktop icons and start menu items. Alternately, instead of creating a new Limited User account, create a new "Computer Administrator" account, assigning it a password. Log off the account you are using for everyday use and log onto the new "Computer Administrator" account to set it up as an identity. Once inside that account you can go to Start > Control Panel > User Accounts and change your other account to a "Limited User." When you log back onto your regular account all your icons and settings will still be there, but your user rights will be lowered for your protection.
As a Limited user you cannot install some programs, or uninstall any, nor can you run the Disk Defragmenter or manage accounts and policies. To do these things you can either use the Run As command (explained on the Privileges page), or use the Switch User function to log in to your Administrator level account, do what needs doing, then log off that and log back onto the Limited account.
This really works to protect your computer against virtually all of the current known exploits. If you read the various bulletins released every month by Microsoft, concerning this or that new vulnerability, you'll see a paragraph explaining that the scope of the damage is proportional to the level of privileges on the account you are logged onto. If you are using an account that does not have privileges to create, delete, rename, or alter any files in the operating system directories, the danger from accidentally downloaded malware is close to nil, in that account. This includes the entire crop of browser search hijackers and BHOs. They all depend on being able to write to the local machine branch of the Windows Registry to do their dirty work. Furthermore, if something does manage to attach itself to your browser, under a Limited Account, it cannot jump across identities to infect the administrator account, or other user accounts. Also, viruses and spyware cannot disable your anti-virus, or anti spyware, or firewall programs, from within a Limited User account, but those programs can go after the attackers and remove them before they find a way to install into the system.
Read about an exploit that masquerades as a video decoder to install the Zlob Trojan -->
Spyware creators are exploiting the popularity of Internet video clips to convey their nasty cargo. A Trojan program called Zlob masquerades as a video-decoder program intended to be an update for Microsoft's (MSFT) Windows Media Player. Users may come across a video clip they'd like to see, and on clicking a link are given an error message and a link to install a new version of the player software. The user's browser is then redirected to a download site that gives them a program that includes the Zlob Trojan, which in turn downloads more spyware and other malicious software programs.
To date, Webroot's researchers have identified some 527,000 malicious Web sites, an increase of 100,000 from a year earlier.
Webroot's Spy Sweeper is one of the foremost tools used to detect and remove Spyware, Adware and other malware threats from PCs.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.