said by rchandra:Sorry, I apologize. Grand stupidity on my part, it looked like a screen shot. I don't spend as much time on BBR as I used to, and I hadn't seen that feature before.
Also, so sorry that you're so displeased; but I'm going to ignore your advice not to counsel people on running computers more securely. We'll just have to disagree I guess on outlook; I don't have the defeatist attitude that no matter what, I'll be p0wned, and therefore you at least seem to be implying don't even try because it's hopeless.
Oh, and I was reading along on that page to which you linked. It's basically saying, in part, what I was advocating, albeit for a different environment: don't run as the superuser (which is close to being in the Administrators group in Windows, but not quite...you need the well-known SID for SYSTEM in your security token to be truly superuser on Windows).
As for the complaints about having to log in as admin anyway, yes, that should be done, PITA that it is. A good percentage of installers with which I have personal experience run great under sudowin or runas...the most notable exception for me being that MS updates will mysteriously fail, even if I run runas /user:someadmin iexplore. It's as the author states though: it's the stupidity of the software (in some cases, installer) authors. If at all possible, one should not patronize products whose installers are wonky like that, and moreover those which will not run properly without special privileges.
If you happen to have a thorough enough understanding, go mucking about with things like procmon, regedit, and setacl, and only make the bare minimum of files and registry entries more permissive. For me, it's been well worth the initial effort. I've had my %USERPROFILE% corrupted a couple of times by malware, but because the user under which I was running had very limited rights to anything else, that's all I had to do: recreate a few personal things but the rest of the system was fine.
Same thing goes when I'm running in a Linux environment: I've had some damage done in my home directory, but it was relatively easy to fix because of the limited rights I have around my systems, and for keeping a couple of backups around.
Sorry if that sounded hostile, but from your first couple of sentences and the general atmosphere of DSLR, it made me feel uneasy.
. The latter seemed lots more difficult. I was an IVR programmer who was thus forced to use AID (and its bundled Borland database dependency). All I can think is, Avaya must have wrote it or contracted to have it written back in the Win98 days when there basically was no security.