Many people are still worried about their own security when talking about Trojan Horse mounting. After all, too many cool people are trying to create Trojan-free Trojans, but I don't want to put these Trojans in my eyes. Why? As I can tell you, a Trojan is downloaded to a local machine and is associated with the Registry. The premise is that a permission problem occurs. In fact, many trojans do not have the permission concept, it depends entirely on the permissions of your system users. If the user who calls a trojan has the permissions, the trojan has the permissions. I think everyone understands this.
Here is a permission dependency issue. For example, a malicious webpage uses a user with administrator permissions to access the webpage immediately, but there is nothing to access with a visitor. This is the so-called permission dependency problem.
Now, you should be clear about the reasons why I am not afraid of website Trojans, that is, using permissions for defense. I suggest you do not use users with administrator permissions when surfing the Internet, however, you can use it easily, but you need to set up two users with administrator permissions, one for installing the program, the other for surfing the internet, and the other for installing the program do not need to set any permissions, however, this user needs to properly set the internet access. The Windows directory (only the windows directory does not include subdirectories) and the system and system32 directories set the Internet access permission only, I think everyone knows what this means, and then the Registry Permissions. Setting Registry Permissions is also a key point,
Note: The registry permission setting of 2000 is different from that of XP/2003. There are also some key values.
HKEY_CLASSES_ROOTexefileshellopencommand
HKEY_CLASSES_ROOTxtfileshellopencommand
HKEY_CLASSES_ROOTinffileshellopencommand
HKEY_CLASSES_ROOTinifileshellopencommand
The above four key values are associated with some common files
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionpoliceradvancedfolderhiddenshowall
This key value is about the hidden attributes of the system.
HKEY_CURRENT_USERSoftwareMicrosoftInternet assumermain
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet assumermain
These two key values are on the default homepage of the system.
Hkey_users.defasoftsoftwarepoliciesmicrosoftinternet assumercontrol Panel
This key value is about making the default homepage button gray unavailable
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx
The above key values are about the self-starting File
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
This key value is about system services. The preceding key values cancel the full control permissions of the user after you have set the system. Only the read permission is granted to the user. This is only part of the key values, which are common and not all of them. If you have any other opinions, please discuss them together.
In fact, I don't know if you haven't noticed it. You can also use permission restrictions to delete some stubborn files, such as files that cannot be deleted in normal and secure modes, however, these files are easily deleted under DOS. The principle is very simple. That is, when the system starts, the file is called by the user or the system, causing the deletion to fail, however, we do not allow any user to access this file. First, all the users accessing this file are deleted, and then the user is given full control permissions to delete the file, some files can be deleted after being deregistered. However, we recommend that you restart them and then delete them.