Solved How to check if a program is working?

[Callender]

Opera Launcher.exe?

I know little of the desktop version of Opera. Is it possible to launch it via opera.exe or does Launcher.exe need to be used?

I've just tried setting UAC to maximum and everything still works so that's not the issue.

 

[Callender]

Malware bypass UAC - is it possible?

That article is written for people who have Windows XP. For Vista and later there's UAC. With UAC enabled it will disable administrator permissions for all programs you start. If the program requires to be run as admin then you'll get an UAC prompt. So if you never get an UAC prompt it means the programs is running as standard user. If you get a UAC prompt and you answer Yes, only then will the program have admin rights.

Think of it like this: UAC enabled = admin rights disabled (until UAC prompts and you answer Yes)

A browser shouldn't run as admin at all. If a browser requires that, then I wouldn't use it.

To be clear, I'm talking about an account type of administrator. Not the hidden/built-in administrator account.

Point taken but as far as I can work out if I can run browsers on the "least privilege" principle when using an admin level account then it seems like a good idea. Here's a more recent example of a trojan that can apparently attempt to bypass UAC.

Avast blog » Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 2

I don't pretend to understand the entire article but do understand that browsers and browser plugins may have undisclosed weaknesses at some point.

I'm not running any browser as admin (other than briefly for test purposes). As far as I can work out if malware gains access via a browser it's granted the same access rights as the current user. (Admin Level in my case). In theory that level of access if malware is ever encountered is reduced to Standard User level.

Okay so maybe it will never happen. But what harm is there in attempting to boost security? I accept that maybe this approach is overkill!

 

[lehnerus2000]

You could try adapting/converting these Firefox instructions:

Enable Protected Mode for Firefox
=================================

You can enable Protected Mode for Firefox with these steps:

1 - In order to change the Integrity Level for Firefox, execute:

icacls firefox.exe /setintegritylevel low
​

2 - You also have to change this for some folders in order to make them writable for Firefox by executing

icacls [foldername] /setintegritylevel (oi) (ci) low
​

Do this for the following folders:

• C:\Users\Name\AppData\Local\Mozilla\Firefox
• C:\Users\Name\AppData\Roaming\Mozilla\Firefox
• C:\Users\Name\AppData\Local\Temp

3 - Create a special download folder and apply step 2 for this folder.

You should definitely create a backup HDD/SSD image before messing around with "icacls".

I can't vouch for these instructions; use at your own risk.

 

[UsernameIssues]

I know little of the desktop version of Opera. Is it possible to launch it via opera.exe or does Launcher.exe need to be used?

I've just tried setting UAC to maximum and everything still works so that's not the issue.

I don't use Opera. I just installed it in a VM for this thread. I did not see any thing about a launcher. That would seem to be a portable app thing.

 

[Callender]

Opera Launcher

I know little of the desktop version of Opera. Is it possible to launch it via opera.exe or does Launcher.exe need to be used?

I've just tried setting UAC to maximum and everything still works so that's not the issue.

I don't use Opera. I just installed it in a VM for this thread. I did not see any thing about a launcher. That would seem to be a portable app thing.

I spotted the command line in your command prompt window in your attachment here:

http://www.sevenforums.com/attachme...38441-how-check-if-program-working-opera3.png

I thought it looked wrong!

 

[UsernameIssues]

Wow! How unobservant of me. I copy/pasted that from the shortcut without ever reading it.

But the installed version still crashes when using this:



It is not a big deal. You have it working for you and this thread now clarifies that we are not talking about the installed version.

You might want to spend more time understanding the info in post #3. It looks like StripMyRights strips away some of the protections put in place by the OS...

Privilege Constants (Windows)

...or maybe I'm just reading MSDN wrong.

 

[Tookeri]

Point taken but as far as I can work out if I can run browsers on the "least privilege" principle when using an admin level account then it seems like a good idea. Here's a more recent example of a trojan that can apparently attempt to bypass UAC.

Avast blog » Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 2

I don't fully understand the article either, it could've been more clear, but I think if you have UAC set to maximum and your OS is updated so there's no known vulnerability to exploit, you should be safe. The "problem" with Windows 7 is that the default UAC level is not the maximum one.

Here's a quote from the author of DropMyRights after Vista was released that I think explains this:

It's been a long time since I looked at DropMyRights, a little tool I wrote forever ago to lower a user's privilege level on versions of Windows prior to Windows Vista.
...
Remember, this tool is not needed on Windows Vista or Windows Server 2008, because by default users are not administrators.

from Update on DropMyRights - Michael Howard's Web Log - Site Home - MSDN Blogs

 

[Callender]

UAC Maximum Level

I don't fully understand the article either, it could've been more clear, but I think if you have UAC set to maximum and your OS is updated so there's no known vulnerability to exploit, you should be safe. The "problem" with Windows 7 is that the default UAC level is not the maximum one.

Thanks! I hadn't noticed until yesterday that UAC was set to default rather than maximum.

 

[LMiller7]

Going to the screenshots in post #3:
There are no practical differences between the two. Just different ways of accomplishing essentially the same thing. In the first image a security token is used with some specific rights disabled. In the second image a security token was created that never had these rights.

DropMyRights and StripMyRights were designed for XP that didn't have UAC and an Admin account had elevated rights by default. This is not good for security. These programs create a new security token with limited rights and uses it to run the specified program.

In Vista and later with UAC enabled the default security token has the rights equivalent to that of a limited user. In this case using DropMyRights or StripMyRights does nothing useful. UAC provides better security because the limited token is used by default for all programs. DropMyRights and StripMyRights only work in the specific cases where they have been configured.

Edit: When UAC is disabled you have essentially the same situation as XP. In this case DropMyRights or StripMyRights can be used to advantage. I have done this in Windows 7.

 

[Tookeri]

That's what I've been trying to say, thanks! This was perhaps better explained

 

[Callender]

Command Line

Wow! How unobservant of me. I copy/pasted that from the shortcut without ever reading it.

But the installed version still crashes when using this:

View attachment 338564

It is not a big deal. You have it working for you and this thread now clarifies that we are not talking about the installed version.

You might want to spend more time understanding the info in post #3. It looks like StripMyRights strips away some of the protections put in place by the OS...

Privilege Constants (Windows)

...or maybe I'm just reading MSDN wrong.

Thanks - and thanks to eveyone else also! Your explanations are much appreciated.

Command line that works should be:

From a modified shortcut
C:\Windows\System32\StripMyRights.exe /L N "C:\Program Files(x86)\Opera\\25.0.1614.63\Opera.exe"

From an Elevated Command Prompt:
Change directory to C:
StripMyRights.exe /L N "C:\Program Files(x86)\Opera\\25.0.1614.63\Opera.exe"

I'm still struggling to understand the following:

With StripMyRights disabled and using an Administrator Level Account I am able to save files to protected system folders.

With StripMyRights enabled and using an Administrator Level Account there's no way that I am able to save files to protected system folders.

So if it stripped rights that are enabled by default and as a result removed the ability for files to gain access to system folders (or possibly command line tools) then surely that must be a good thing?

I'm obviously missing something here. LMiller7's Post #29 looks promising.

 

[Callender]

I think I understand finally!

Okay so here's what I think I understand:

A trojan attempts to download a file to system 32 and execute it.

What happens (when using an Admin Level Account) is:

A UAC Window pops up preventing the download unless the prompt to allow is accepted by the user. Even if the user accepts the download it can't execute without another UAC prompt.

Is this correct?

I've also tried giving reps to all those who have helped but no luck there I'm afraid.

With StripMyRights:

A trojan attempts to download a file to system 32 and execute it.

What happens (when using an Admin Level Account) is:

A UAC Window pops up preventing the download unless the prompt to allow is accepted by the user. The user accepts the download it and saves the file. This action will be blocked and will fail.

 

[Callender]

Alternative solution

So I've remembered that I've already installed other software that prompts me to allow or block any executable if the file signature isn't in the trusted certificate list. I suppose that makes StrioMyRights redundant - whether it's effective or not!