More Ways To Surf SafelyMarch 8, 2008 – 6:09 PM
In the last newsletter, I suggested creating a limited user account on your computer and using that to surf the internet. As a limited user, it becomes very difficult for malware to attack the browser and install itself. As it turns out, there is an even simpler way to do this.
Several people wrote to mention a program written by a Microsoft programmer called DropMyRights. This program allows you to use your computer as an administrator while opening programs with limited rights. It is a much easier way to surf the web than what I described last time.
You install the program, then move the .exe file to another folder, “c:/lowrights” for example. Then you right-click on your desktop and create a new shortcut. To create a shortcut that loads Internet Explorer with limited rights, this is what you would put as the location: c:/lowrights/dropmyrights.exe “c:/program files/internet explorer/iexplore.exe”. (Change to back slashes instead)
When you launch Internet Explorer with that shortcut, the DropMyRights program will give it the same permissions as a limited user. You cannot install or run ActiveX and most of the methods used to install malware will fail. I tested this out on a couple of very nasty web sites and absolutely nothing happened.
You still see the prompts asking permission to install ActiveX controls. However, nothing happens even if you say yes. You can test this out at SpywareInfo. We have a page that will load an ActiveX spyware scanner designed by X-Block and it is perfectly safe. The page is at http://www.spywareinfo.com/xscan.php . If you ever have a legitimate need to install an ActiveX control, you can simply launch Internet Explorer with the normal shortcut.
This also works with any other program on the computer. Just create a shortcut to the program, with dropmyrights.exe in front of the program’s location and it will launch that program with limited rights. That means you can do this with your email or instant messenger programs.
A few people mentioned a similar program, also written by Microsoft programmers. This one does the exact opposite of DropMyRights. MakeMeAdmin lets you log in as a limited user, but launch certain programs with administrator rights. It is similar to the Windows “Run As” function. The difference is that this program gives administrator-level rights to your limited account just before launching a program.
Of the two programs, it probably is safer to use MakeMeAdmin while logged in as a limited user. That way you cannot accidently launch Internet Explorer or your email program with full rights. Both of these programs give you a very elegant way to avoid much of the risk associated with the internet. If you (or a family member) are constantly fighting a spyware infection, this may be the solution to the problem.