Tuesday, February 2, 2010

security asceticism-start browser from diff user

A lot of information security guys use windows. Sure thing -We Are All Sinners!
All of us know that they must work under limited account on windows - but usually we work with admin privileges. Yes it insecure, but everybody does it! So, how you can reduce the risk staying working under admin account?
Just start your web browser from account with limited privileges and access rights.
1. Create a user with such limited rights. (I've called him- browser)
2. Create a desktop shortcut with this command:

%windir%\System32\runas.exe /savecred /user:browser "C:\ProgramFiles\Mozilla Firefox\firefox.exe"

Thats all folks. If your browser will be penetrated , attacker gets only limited rights on your system.


  1. As long as kitrap0d isn't patched by MS, limited rigths are quite enought... But in general, it's a nice idea.

  2. I've used this trick for long time before kitrap0d has been realized. But now right you are - it's could be risky.

  3. It looks like it has been patched last Tuesday. Good news for all of us.