topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:30 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Run apps as non-admin with SetSafer to avoid spyware.  (Read 15604 times)

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Run apps as non-admin with SetSafer to avoid spyware.
« on: October 30, 2007, 07:11 AM »
I thought my blog post on the subject might be useful to everyone at donationcoder.

2007-10-30_121015.pngEverybody who’s ever tried it knows the problem. Life as a regular user on Windows is a pain: who wants to switch users just to install software, sometimes even to run it? However running software as a non-admin increases security. It’s impossible for spyware to install itself into the system when it is not allowed to.

Using SetSAFER, a program created by Microsoft employee Michael Howard we can run just any applications as a regular or limited user, while still using an administrator account. After testing for side effects, which I explain below, I recommend you give this a try. I no longer have to run a realtime spyware scanner, and now just schedule routine scans.

Downloads and Resources
« Last Edit: October 30, 2007, 07:14 AM by justice »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #1 on: October 30, 2007, 07:25 AM »
! thanks for that tip justice  :up:
Tom

Ralf Maximus

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 927
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #2 on: October 30, 2007, 07:33 AM »
This sounds incredibly cool.  This is the way security should work in Windows.

INEVITABLE SNARK: So why didn't Vista adopt this instead of the wacky house-of-mirrors it imposes?

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #3 on: October 30, 2007, 07:48 AM »
I've only tested it on Windows XP, but as it uses policy settings I'm sure it should work on Vista as well. If anyone who knows can let me know then I can add that to the article. :)

PhilB66

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,522
    • View Profile
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #4 on: October 30, 2007, 08:51 AM »
Nice blog justice  :Thmbsup:

There are plenty of 'Run as non Admin' tools listed @ nonadmin, why did you choose SetSafer over the others?

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #5 on: October 30, 2007, 09:06 AM »
There's a few reasons I chose SetSafer. It's easy to add / disable the functionality for a particular program as you can enable / disable a checkbox when yuo run the program. It's also easy to add another program to it, plain xml -- this was important because I want to safely run most of my internet related programs - not just IE. But the main reason for choosing SetSAFER was because the user can just keep running the same shortcuts / programs. Especially handy for family members, this means 'a program that launches IE' can't circumvent the security measure, and it still works with protocol associations etc. This wasn't the case with DropMyRights, which I used before and found cumbersome as it wants you to create new shortcuts.

You can approach it from the other way round using Sudo win -- run everything with lower privileges except for installations (similar to Run As...) etc, which might be safer but more intrusive and technical. Hope that explains things a bit.

PhilB66

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,522
    • View Profile
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #6 on: October 30, 2007, 10:50 AM »
Hope that explains things a bit.

It certainly does, tnx. Will give SetSafer a try.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #7 on: November 19, 2007, 08:26 AM »
A related question to this, I've been running this for a month or so prior to the start of this post, for myself and installed it on others too. I have one naggle you might be able to help with:
Can I disable the "run" button that comes up when clicking on a download in Internet Explorer? Sometimes I noticed people get annoyed cos they can't install the software by running it straight from the browser due to lower privs. Saving the file and running it by itself works of course, but if they couldn't run it at all that would prevent any frustration in the first place. Any ideas?
« Last Edit: November 19, 2007, 08:32 AM by justice »

PhilB66

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,522
    • View Profile
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #8 on: November 19, 2007, 09:26 AM »
I use opera but WinT mods or this thread @ Virtualplastic might give you a lead.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #9 on: December 04, 2007, 05:27 AM »
That's a bit hacky to me it might cause issues with other applications. I was hoping there was a local computer policy for it.

Plasma Man

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 43
    • View Profile
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #10 on: December 04, 2007, 08:32 PM »
Thanks for the tip!

This was also useful too:
http://www.codinghor...archives/000891.html


f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #11 on: December 05, 2007, 02:32 AM »
Hmmm, when dealing with security in firewalls or user/program rights, the safe way to go is whitelisting (non-privileged users with possibility of escalating to admin) rather than blacklisting  (by default trusting apps not in the blacklist). I know its goddurn inconvenient, and Vista doesn't really handle it in the most elegant way (and previous versions it was even more horrible), but it really is the way to go.

I still run my primary account as admin though, shame on me :-[. I guess a thing like SetSafer is better than nothing, but I can't help think that it gives a somewhat false sense of security - and that I should get around to installing SandboxIE or Altiris SVS.

Thanks for telling about SetSafer nonetheless :)
- carpe noctem

nontroppo

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 649
  • spinning top
    • View Profile
    • nontroppo.org
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #12 on: December 05, 2007, 10:49 AM »
This thread, short on details, gives links to sudowin which seems ideal:

https://www.donation...dex.php?topic=7127.0

I agree with f0dder, escalating rights ala sudo is the way to go.

And sandboxie, is great, though I only use it infrequently (I trust Opera, and rarely run unknown apps in Windows anyway)
FARR Wishes: Performance TweaksTask ControlAdaptive History
[url=http://opera.com/]

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: Run apps as non-admin with SetSafer to avoid spyware.
« Reply #13 on: December 06, 2007, 08:17 AM »
I agree with you too in principal. In an ideal world (or linux) you want to run it like that. However for people used to windows working the way it always has - as admin; and for people who think UAC is annoying enough, setsafer will get you at least 80% there with 20% of the frustration. :)