Tuesday, February 2, 2010

security asceticism-start browser from diff user

A lot of information security guys use windows. Sure thing -We Are All Sinners!
All of us know that they must work under limited account on windows - but usually we work with admin privileges. Yes it insecure, but everybody does it! So, how you can reduce the risk staying working under admin account?
Just start your web browser from account with limited privileges and access rights.
1. Create a user with such limited rights. (I've called him- browser)
2. Create a desktop shortcut with this command:

%windir%\System32\runas.exe /savecred /user:browser "C:\ProgramFiles\Mozilla Firefox\firefox.exe"

Thats all folks. If your browser will be penetrated , attacker gets only limited rights on your system.


No comments:

Post a Comment