Please consider adding a limited user or ‘Drop My Rights’ feature to CIS.
Its main use would be for web browser and email clients. It would strip the admin privileges from these programs to help prevent malware started from, or running inside a browser or email client from making critical system changes. Although CIS already tries to prevent these type of operations, this would add another layer of defense for the user. Most users today run as Administrators and this feature would help mitigate the consequences of web browsing as an Admin.
Thanks for a great program!!!
Use an account with limited user privileges by default- if you really want to be more secure.
“Drop my rights” is limited what it capable to do.I believe, it will be the same here.Best protection attitude- block all, allow at minimum what do you need. Simple rule and it is working
For example, if you choose browser running under “Drop my rights”, but using it on account with administrator privileges - a plug-in from adobe( plash player) , still will be executed with administrator privileges. Now, as you can see, adobe flash player very popular application->hackers love this application very much.So, they will get an admin rights trough this application…and then it is possible to do almost everything, even disable your comodo if it their intention.
So, this “Drop my rights” will not protect you, it just bring you a false sense of protection.
Personally, i am working on limited user account about 5 years- don’t feel any inconvenience
Thanks for the reply!!!
I too have been using a Limited Rights account for many years. I’ve added Software Restriction Policy also to close a few more holes.
Unfortunately, most users only run as admin for a variety of reasons. Adding a Drop my Rights feature would give them additional protection. I agree its not as good as a Limited Rights account, but it does provide extra protection, for free. So, if it’s not too difficult to implement, it would improve most XP user’s security.
You can make a custom policy with CIS and then bring the program you want under that “Drop my rights” policy.