Let’s Keep You Safe
Have I got a neat trick for you this week! It’s a little program from Microsoft itself that was designed to help users stay safe while they’re online. As I have pointed out before, the most secure way to run any Windows application is under a restricted user format during your normal day to day use. I’ve also suggested that you should bump up to the administrator rights for any special procedures you need to perform. This keeps you safe in a couple of ways. For instance, if you don’t have administrative rights, you can’t create files in the system32 folder and you can’t stop certain things yourself, such as your firewall. This is a security hole, due to the fact that if you do happen to get infected, the virus is likely to take the privileges of the current user and if that user has administrator rights, then the virus does too.
The easiest way to stop this, as I stated earlier, is too simply run in a restricted users account. This can seem like a little bit of a hassle if you’re someone who’s always tinkering with your system (adding and removing programs and such), but it’s not that difficult. (I have another article for those of you who like to do that kind of thing next week too, so keep your eyes open!) Taking this into consideration for this week’s security article, I have a simple tool from Microsoft that will help protect you from yourself by allowing you to surf the Web with restricted rights.
Drop My Rights is a lightweight application that, when installed, allows you to open up your Web facing programs, such as Internet Explorer, Outlook Express and any instant messaging programs, using less restrictive rights than the logged in user. This will stop things like worms and Trojans from installing files and performing in the before mentioned directories. Instead, they will just be using the rights of the current user.
Drop My Files is easy to install, but the set up can be a little strange, so I’ll walk you through it and try to explain what’s going on.
Simply copy DropMyRights.exe to a folder. Then, for each application you want to run in the lower privilege, follow the steps below.
Create a Shortcut
Create a shortcut and enter DropMyRights.exe as the target executable, followed by the path to the application you want to execute in lower privilege.
Note: This is the part that I wanted to expand on. In order for the shortcut to work, you must put the path of the DropMyRights executable, followed by the executable file for the program you wish to associate Drop My Rights with.
For instance, the path on my PC to the DropMyRights.exe is: C:\warez\dropmyrights.exe.
The path to my Internet Explorer is: C:\program files\internet explorer\iexplore.exe.
Enclose both paths with their own set of opening and closing quotes in the target path window of the shortcut creation wizard and it should look like this:
Updating the Shortcut Name
Next, update the name of the shortcut to represent the executable target, but not Drop My Rights. I usually put the word “safer” after the application name to denote that this application will run in a safer security context. “Non-admin” is another common addition.
After this is complete, you are going to have two icons for the programs you have elected to use this procedure on. One will be the normal unrestricted icon and the other will be the icon to launch the program in the restricted rights mode. This is why it is important to change the icon or indicate the difference in the icon’s name.
Now, since you hardly ever need administrative rights for surfing the Web, you shouldn’t notice much of difference, if any, in your online experience. Drop My Rights works with a slew of Internet facing applications other than the Microsoft applications, such as Mozilla Firefox, Eudora and the Lotus Notes e-mail program.
You can download Drop My Rights here and you should be able to find more information on the whole process there as well.
Until next week, stay safe out there!
~ Chad Stelnicki