Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Keyloggers in computer labs

From: "Lucas, Bryan" <b.lucas () TCU EDU>
Date: Mon, 6 Feb 2006 22:26:43 -0600
We implemented this with our XP rollout.  Hopefully Vista, which I
understand is doing LUA by default, will have improved upon it.  We keep
notes on any program that doesn't work, the sysinternals and the couple
of RunAs utils out there are great.

http://netsetup.tcu.edu/kb/reference/appinstalls.htm

http://www.threatcode.com/

http://blogs.msdn.com/aaron%5Fmargosis/


Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971

-----Original Message-----
From: Valdis Kletnieks [mailto:Valdis.Kletnieks () VT EDU] 
Sent: Monday, February 06, 2006 10:16 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Keyloggers in computer labs

On Mon, 06 Feb 2006 22:40:08 EST, James Cooley said:


With these pieces of software, you can see exactly what files and  
registry keys your problematic software are trying to access and  
modify.   With this information, you can relax security on just those



discrete bits of the registry or filesystem that the programs will  
need to run as a non administrator user.   With all of the necessary  
permissions in place, your software will run happily as a user with  
restricted access.


And do the world a favor, and keep careful notes of all the files and
keys that need fixing, and *open bug reports with the vendor*.  It isn't
like "don't run stuff as Administrator" is a new concept - it's been
part
of the Unix world since day one, and Windows has had it since NT4.

If the vendor acts resistant to fixing it, explain to them that they
probably don't want to be the recipient of a "trivial bug allows code
execution as Administrator" posting on Bugtraq.....
Previous By Date Next
Previous By Thread Next

Current thread: