Blocking browser vulnerabilities to create information security defense

Currently, information security companies and researchers around the world are trying every means to discover the latest security vulnerabilities of IE, developers of Firefox browser are quietly adding new features and new security to their products-in contrast, Microsoft seems to be "leisurely ". However, the popular Firefox has also exposed some major security vulnerabilities in the past six months, leading to a significant slowdown in its popularity index. Some people have begun to question: is it really necessary to switch to a browser that may be as insecure as Microsoft's IE?
In fact, we can use a simple and unknown method to avoid many vulnerabilities in any browser. This method is to use a tool software developed by Microsoft programmer Michael Howard: "Drop My Rights". The Chinese name is "system permission downloader ". This software was launched last year. Although it is easy to use, it has not won the favor of many users in the context of frequent security vulnerabilities in IE and other browsers. Therefore, before using the specific functions of the software, we need to discuss the importance of this tool in information security. Next, we will test the tool's defense against webpages with malicious code and viruses on a built virtual machine ..

"Minimum permission" Principle

For network administrators, the "minimum permission" principle is very important. The principle of "minimum Permissions" is that common users should run various programs with the minimum permissions that can meet the operational task needs. Generally, this means that in most cases, the system runs as a common user only when absolutely necessary, to use the command line to operate "RunAs" or "MakeMeAdmin" to improve the operation permission. Otherwise, the user can only log out of the normal user status and log on again as a system administrator to perform some necessary installation operations-sometimes, this is even required when installing many plug-ins of the Web browser itself. This is troublesome, so many users prefer to remain in the system administrator's operation status. In this way, the problem arises!

Ordinary desktops in the company are not allowed to run as administrators, which is still the best measure. However, the computer operations of some senior management personnel often become a serious security risk in enterprises with relatively scattered management power. In addition, the behavior of a network administrator surfing the internet as a network administrator is also a security risk. Reducing the operation permissions of various network-based applications can effectively reduce the risks of network information security.

After Microsoft R & D personnel Michael Howard released the "Drop My Rights", he again issued a warning to the majority of computer users: "run the computer as a system administrator, personal computer system security and data security are very dangerous!" Computer users familiar with network security know this, but many people are still doing what they want. If you do not want to reduce the running permissions of all applications at once, a high-Permission user (Power users) can also reduce the permissions of various software for network applications, such as IE, Firefox, instant Messaging Tools (IM), Outlook, Outlook Express, Notes, Thunderbird, etc.

"System permission reductor"

"Drop My Rights" is a tool that can take the running path of other programs as parameters. For example, if you want to run Internet Explorer in a safer way as a system administrator, you can run the following command line:

C: pathodropmyrights.exe "C: Program FilesInternet ‑eristme.exe" C
In this way, IE can run with a relatively low Level C (Level C), that is, "Restricted user identity (Constrained user )". In this case, if any security vulnerability occurs in IE or Firefox, the impact can be greatly controlled. The following are three parameters involved in the tool "system permission drop:

N represents a Normal User)
C Represents a restricted User)
U represents untrusted users (this setting will cause the failure of most network applications)
Next, we will perform some simple tests to see if the Windows system will become more secure after installing the tool software. Currently, information security companies and researchers around the world are trying every means to discover the latest security vulnerabilities of IE, developers of Firefox browser are quietly adding new features and new security to their products-in contrast, Microsoft seems to be "leisurely ". However, the popular Firefox has also exposed some major security vulnerabilities in the past six months, leading to a significant slowdown in its popularity index. Some people have begun to question: is it really necessary to switch to a browser that may be as insecure as Microsoft's IE?

In fact, we can use a simple and unknown method to avoid many vulnerabilities in any browser. This method is to use a tool software developed by Microsoft programmer Michael Howard: "Drop My Rights". The Chinese name is "system permission downloader ". This software was launched last year. Although it is easy to use, it has not won the favor of many users in the context of frequent security vulnerabilities in IE and other browsers. Therefore, before using the specific functions of the software, we need to discuss the importance of this tool in information security. Next, we will test the tool's defense against webpages with malicious code and viruses on a built virtual machine ..

"Minimum permission" Principle

For network administrators, the "minimum permission" principle is very important. The principle of "minimum Permissions" is that common users should run various programs with the minimum permissions that can meet the operational task needs. Generally, this means that in most cases, the system runs as a common user only when absolutely necessary, to use the command line to operate "RunAs" or "MakeMeAdmin" to improve the operation permission. Otherwise, the user can only log out of the normal user status and log on again as a system administrator to perform some necessary installation operations-sometimes, this is even required when installing many plug-ins of the Web browser itself. This is troublesome, so many users prefer to remain in the system administrator's operation status. In this way, the problem arises!

Ordinary desktops in the company are not allowed to run as administrators, which is still the best measure. However, the computer operations of some senior management personnel often become a serious security risk in enterprises with relatively scattered management power. In addition, the behavior of a network administrator surfing the internet as a network administrator is also a security risk. Reducing the operation permissions of various network-based applications can effectively reduce the risks of network information security.

After Microsoft R & D personnel Michael Howard released the "Drop My Rights", he again issued a warning to the majority of computer users: "run the computer as a system administrator, personal computer system security and data security are very dangerous!" Computer users familiar with network security know this, but many people are still doing what they want. If you do not want to reduce the running permissions of all applications at once, a high-Permission user (Power users) can also reduce the permissions of various software for network applications, such as IE, Firefox, instant Messaging Tools (IM), Outlook, Outlook Express, Notes, Thunderbird, etc.

"System permission reductor"

"Drop My Rights" is a tool that can take the running path of other programs as parameters. For example, if you want to run Internet Explorer in a safer way as a system administrator, you can run the following command line:

C: pathodropmyrights.exe "C: Program FilesInternet ‑eristme.exe" C
In this way, IE can run with a relatively low Level C (Level C), that is, "Restricted user identity (Constrained user )". In this case, if any security vulnerability occurs in IE or Firefox, the impact can be greatly controlled. The following are three parameters involved in the tool "system permission drop:

N represents a Normal User)
C Represents a restricted User)
U represents untrusted users (this setting will cause the failure of most network applications)
Next, we will perform some simple tests to see if the Windows system will become more secure after installing the tool software.

Test process

First, we make some preparations, because the test needs to be carried out in a controlled environment. Virtual machines (VMS) released by Microsoft and VMWare can provide us with such a test environment that can restore the origin of the system, so we can quickly restore the system to its previous state. Our test was conducted in a Windows XP environment without installing any system patches. After installation, the Restore point was created immediately.

During the test, we used a free online antivirus website to monitor the virus infection of the system. Therefore, we performed an online scan on the tested computer before performing other operations. As expected, no virus was found. After scanning, we restored the initial state of the system again for the sake of caution.

The first test process is as follows:

Restore Windows to the initial state (completed ).
List A series of websites containing malicious code and advertising software.
Use Internet Explorer to open these URLs for normal browsing.
Observe various exceptions during browsing.
Use the online anti-virus method to re-detect the virus.
Use NotePad to copy these URLs for future use in subsequent tests.
During the browser test, many inexplicable applications were forcibly installed. On the IE operation interface, various buttons and search toolbar were added. Some Windows automatically popped up and disappeared from time to time, there are also a lot of pop-up windows, and the running of virtual machines is also obviously slow! After the online virus detection was started, illegal operations occurred during the scanning process, even though 7 virus infections were detected.

The process of the second test is as follows:

Restore Windows to the initial state (completed ).
Use the malicious URLs in the first test.
Follow the installation instructions to install the "system permission downgrade ". In this test, the "U" parameter is used (that is, the normal permission is lower than the system administrator's permission ).
Enter the website containing malicious code again in IE.
Observe various exceptions during browsing.
Use the online anti-virus method to re-detect the virus.
In the second test, it is worth mentioning that the pop-up window still exists, but does not exist and then disappears automatically, and have not been forcibly installed with inexplicable gadgets. Four viruses were detected after online scanning. Next, we will continue the third test and use the "C" parameter to access a malicious site.

The third test process is as follows:

Restore Windows to the initial state (completed ).
Use the malicious URLs in the first test.
Follow the installation instructions to install the "system permission downgrade ". In this test, the "C" parameter (restricted user identity) is used ).
Enter the preceding content again in IE