Admin accounts: whats it all about?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

paulb100

Thread Starter
Joined
Mar 17, 2005
Messages
1,894
looking for a decent outgoing program control firewall I come across a thread on another forum where the users and OP were arguing amongst themselves, the discussion was about outgoing protection on firewalls being "useless" ...specifically if you are running your windows as an 'admin' like most window account do... as this means any rootkit etc can bypass your firewall anyway...

im just a little confused here.... do they mean running the computer under the hidden "super administrator" account? or just "regular" administrator account? - I ask because I run my Windows 7 x64 under the default it installs in which is 'regular' admin - all the files i have can be "run as administrator" so Im assuming that under this 'regular' admin account I dont really have 'admin' privelages... ...it all gets a bit confusing... I think what Iam trying to find out is:- am I wasting my time using an outgoing firewall? - if so, why then do they bother with them if they can be bypassed when windows default installs on an admin account? - OR why dont thet mention at install of firewall that account should be dropped to 'standard' account? (I notice Avira do this before...)

im just not convinced that malware can bypass my firewall/Anti-Virus because iam on the default windows installation account and the software company that owns that security could not tell me that its 'useless on current setup' - Avira is the ONLY prog to request drop privelages...

be great if someone could clear this up for me....

this is the topic i was reading

and this qoute (as well as many others) was what made me ask about it

Because people have become gullible - brainwashed into thinking that outgoing protection is going to save them from some nefarious root kit that is most likely already on their computer from visiting porn sites and/or just being stupid. All this outgoing "brouhaha" came about because of the panic driven/nefarious/marketing people like ["you know who"] and a host of other chicken littles who write security articles for magazines who "surprisingly" display ads for security sponsors ["you know who"].

As for why certain companies now sell outgoing protection - it probably makes good business sense. It really is fluff though. All good security guys know it is.Just like car alarms. Some one already stealing your car doesn't stop because your car alarm goes off. They simply disconnect it. It calms the illiterate masses,their lemming propensities and generates a ******** of revenue. Companies will sell the lemmings what the lemmings wants. Create some hysteria and watch the lemmings run off the cliff. They aren't responsible for every ones gullibility... Remember "Pet Rocks"? They weren't really pets ya know...

There is nothing wrong with the Microsoft Firewall. It stops the bad guys from getting in - once they are in there is really nothing you can do anyway.
is that person above just assuming that all infections are going to be undetectable rootkits that can bypass everything on your windows 'default' installation? whilst shutting your firewall down in the process? - if an outgoing firewall detects ONE thing then its been worth hvaing... he cant assume that all rootkits/infections are going to do this...

I was going to install an outgoing program control firewall in case anything untoward I may run by accident on my system tries to 'phone home' or allow some hacker access, e.g. (scenario) run a keygen and it pops up "keygen.exe is trying to connect" then you know something untoward is trying to happen and its been stopped and you notified?

I just cant believe that all these software firewalls are 'poop' as the users on that forum make believe and that all your security can be bypassed on default windows installation user accounts because your regular admin. i dont want to join that forum and continue that debate cos by looks of it i will get my head taken off like the OP has .... poor bloke only wanted advice about a good light firewall,...


thanks
 

Stoner

Banned
Joined
Oct 26, 2002
Messages
44,931
Ars is a decent site, but it has members to ignore in certain areas.
Several years ago, I used to read comments like this..........'I don't use an anti-virus app because I don't install malware'.
Because he was/is a respected member......he got a lot of agreement.
I do know this member now uses AV :D.....because he's commented on it since ;)

I use Comodo on a win7 x64 computer because it's highly rated and allows for outgoing control.
I see it as a possible defense against malicious script that's inadvertently been downloaded from a browser session..... and tries to connect to a server to install a rootkit/trojan.

But if you become infected, outgoing control should be considered compromised and either a cleaning of the system or a reinstall done. I keep a drive image around for that possibility.

Running a browser in a sandbox like Sandboxie can be beneficial.
http://www.sandboxie.com/
What gets past your security during a browser session can be eliminated when the sandbox is closed. Also, Sandboxie has a menu that allows whitelisting of what can be run in the sandbox and what apps are allowed to connect to the Internet from the sandbox.
 
Joined
Sep 21, 2007
Messages
12,565
Windows 7 firewall has outbound protection, but it needs to be turned on. See control panel> administrative tools > windows firewall with advanced security.

However, it takes trial and error to set up rules properly to allow certain programs outbound. The firewall does not notify you when something trys to call out, it just stops it. So you won't know which executable to specify an 'allow' rule for. When making the allow rule, you have to go to the program folder and try the exe's one by one.

The roles of security software is to deny and then delay. Another well known term is 'layers of security'. So, you keygen scenario is correct, the firewall should provide a layer of protection. While layers of security may all be bypassable, having them will deter some attackers, and delay others, giving you time to uncover/discover that an attack is underway, and take remedial action.
 

paulb100

Thread Starter
Joined
Mar 17, 2005
Messages
1,894
thanks

ive gone with Zone Alarm Pro, simply because its light... comodo i found a little hungry on resources but that was some time ago - pretty intrusive too, but a great firewall...

i just cant believe some of the stuff i was reading over that site

so can anyone clear up this admin stuff up? - am i at risk? should i drop to 'standard' - I ask because i actually have stopped using AV's - i never get infected and use sandboxie (although not with browser), i do have AVIRA / SAS to call on for scanning
 

aka Brett

Banned
Joined
Nov 25, 2008
Messages
16,918
That thread is pretty old;)
Times change..people change
Running as a standard user is safer as there is less chance of change to the system while running standard.
So there is some truth...but not a black and white issue regarding the firewall
An infection is still an infection and will go out/a software firewall will show such attempts made.
I also run as an admin rather than standard user...I have tried the standard user..but ran into occasional bugs such as missing tray icons that just wouldnt show regardless.


As far as the firewall issue...its always nice to get an alert that a file is wanting to access the internet.
Although an antivirus product may have not caught it...you just did...Thats always makes one feel "privileged"
 
Joined
Sep 21, 2007
Messages
12,565
With Vista and Win 7, the regular admin account created after install has the admin token separated but held ready. When you confirm by clicking 'continue', then the admin token is engaged. Also if you choose to run a program as admin, the admin token is engaged. At least thats the way I understand it.

Go here:
http://blogs.msdn.com/b/e7/archive/2009/02/05/update-on-uac.aspx
And read the section on "The purpose of UAC". It takes Microsoft to explain it clearly :)

I've always used a standard account for daily use since I had Vista.

Here is a document explaining rootkits:
http://docs.google.com/viewer?a=v&q...C9Hc23&sig=AHIEtbSlDO1OE2ppO53nThfw-oZrNjfOUQ

According to that Symanctec document, most rootkits require admin rights to function. So running a Standard user account is safer.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top