RE: admin privileges and trojans

["Lall, Navneet Singh" <nlall () ipolicynetworks com>]

Hi,

If you are logged in as a non admin account then processes you execute
will
Have non admin user rights. This can prevent those programs if infected
to do harm than they would be running with admin credentials. But most
of time the viruses and Trojans don't need admin privileges.

Viruses will infect the system processes which will have all the freedom
to do anything irrespective of which user level you login with. 

Trojans just need to open a non reserved port which a user level process
can do but non admin log can prevent it from serious harm. Usually
Trojans are not intended to do any harm. Primarily they are used to
steal information. Viruses and worms are intended to do harm and spread.


Moreover being a non admin user is a little irritating as you will not
be able to do some regular work like installing a new program.

I suggest one should take the middle path. Provide users the admin
access with strict security policies. This approach works well for all
parties.

Navneet Singh

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of W W
Sent: Wednesday, November 29, 2006 11:00 AM
To: security-basics () securityfocus com
Subject: admin privileges and trojans

I'm trying to put together some information for the higher ups to show
them the threat level by allowing users to have admin privileges on
their systems.  Would it be safe to say that a lot of trojans/viruses
could not be installed on a system where users did not have admin
privileges?  Are there any good studies or analysis out there?  I've
looked around a bit, and I have found some minor articles.  I wanted
to see what your thoughts were.

Thanks.
C