With the number of hostile websites increasing every day surfing has become a much more risky activity. In this article Gizmo shows you two different ways to increase your surfing safety. Additionally he explains how to configure all your programs that use the internet, to work more safely.
Nor can you hope to be saved by keeping your software up-to-date with the latest security patches. These hostile sites often exploit new or undocumented flaws in Windows, your browser or other products to take control of your PC.
The good news is that it's possible to protect your PC against hostile sites. There are actually several different ways but in this article I'm going to discuss two of the most convenient ways. Happily, they are also among the most effective.
Sandboxing is a technique of protecting your PC by corralling off potentially dangerous applications such as your browser from the rest of your PC. Sandboxing your browser means that your browser effectively runs in a virtual PC within your PC. Anything nasty that happens in this sandbox cannot affect your real PC.
That means if you get infected while browsing in the sandbox you can remove the infection by simply shutting down the sandbox. Any malware files downloaded or actually running will be deleted and your "real" PC unaffected.
To run your browser sandboxed you must first run a sandboxing program that creates the sandbox environment. There are quite a few products available most of which are covered in a sandbox review I carried out late in 2006.
Before installing SandBoxie I suggest you make a full system backup or create a Windows restore point from Start / Help and Support / Undo changes with system restore / Create a restore point. That's because SandBoxie can create problems on some PCs. You can minimize the risk of problems by shutting down all your security programs before installing SandBoxie. After installing SandBoxie you will need to reboot anyway and that will restart all your security software.
Once SandBoxie is installed there are various ways to open your browser in a sandbox. You have to do it manually unless you are running the registered version where it's possible to setup your browser to automatically run sandboxed.
My favorite way of manually opening my browser in a sandbox is to right click the yellow SandBoxie tray icon and select "Run Sandboxed" then "Default Browser." It should look like this:
This should start your default browser securely locked away in its own sandbox. SandBoxie indicates to you the browser is sandboxed by putting a "#" sign before and after your browser window title bar caption.
You can use your sandboxed browser perfectly normally. In fact apart from the # signs in the title bar you wouldn't know that it is sandboxed.
When you have finished browsing shut down your browser and then right click the yellow SandBoxie tray icon again. This time select "Terminate Sandboxed Processes."
That also includes of course any bookmarks you created and any files you deliberately downloaded. If you want to permanently bookmark sites while browsing in a sandbox I suggest you use an online bookmarking service like Google Bookmarks or Del.icio.us. Advanced users can configure Sandboxie to share bookmarks with the non-sandboxed version of your browser thus making any new bookmarks created while surfing in the sandbox permanent. Details can be found on the Sandboxie site.
You can copy downloaded files from your sandbox to your real PC before you delete the sandbox contents. That way you permanently keep file you want. You can find full instructions how at the SandBoxie site here. I do however suggest that before you move any file out of the sandbox that you actually first install the downloaded file from within the sandbox. If your security software doesn't sound any alarms and the programs seems to be behaving as you expect then go ahead and move it to your real PC and install it again. Remember though to still delete the contents of the sandbox.
For a hostile website to install malware on your PC the malware must have access to full "administrator" rights on your PC. That's not normally a problem as most Windows users operate with full administrative privileges; its the default setup for users in all Windows systems prior to Vista.
By denying malware access to administrator rights you can prevent it from installing. The easiest way to do this is to use a limited rights Windows user account rather than one full administrator privileges.
It sounds like a great idea but there are many practical problems using a limited user account. For example lots of simple routine tasks like changing the system clock, plugging in a USB drive, running a defragger and updating software can't be carried out in a limited user account.
An alternative approach and more practical is to adopt the converse policy, that is, to routinely use an administrator account with full rights but reduce the privileges just of your web browser and other risky programs. It's a strategy that offers fewer inconveniences than running a limited user account at the cost of a slightly lower level of security.
Several free tools are available that allow you run your browser and other specified programs with reduced privileges. Best known is Microsoft's own DropMyRights which works with Windows XP and above.
Using DropMyRights is quite easy. In essence you use the program to create a desktop shortcut to a special version of your browser that operates with limited privileges. To surf safely you just click the desktop icon. If you want to use your browser normally with full administrator privileges then just start your browser the normal way.
3. When asked the location of the installation folder cut and paste the following line into the box and then click "Next" and then "Close."
5. In the first screen of the shortcut wizard cut and paste one of the following lines into the blank box headed "Type the location of the item:"
6. Click "Next" and enter an appropriate name for your Shortcut for example "Safe Firefox" or "Limited User Internet Explorer" then click "Finish."
If it doesn't work then it's possible your browser is not installed in the default location. If so edit the shortcut settings to point to the correct location for your browser.
Browsing with limited rights is not really any different to browsing normally except that it's way safer. Some operations that require admin rights may not work but if you run into these problems then you can start your normal browser with full admin rights to complete whatever operation you were attempting. That's a small price to pay for avoiding infection.
The procedure for running your email program, IM client, media player and other internet based applications using DropMyRights is essentially the same as that for your browser that I outlined in section C above.
The exact command line you use is different for every program but there's an easy way to work out what that command line is for any program. You do this by using the shortcut or program icon you use to launch the program.
By way of example let's look at Outlook Express but the same principle applies to Outlook, Thunderbird, Windows Media Player and any other program..
1. First though, you must install DropMyRights. This is covered in steps 1 to 3 in section C above. If you haven't already done this, do it now.
2 Locate the shortcut or program icon for Outlook Express that you normally use to run the program. It's probably an icon on your desktop that looks like this:
3. Copy the Outlook Express Icon by right clicking on the icon and selecting "Copy" then right clicking again and selecting "Paste." (Ctrl C followed by Ctrl V works fine too)
This is the name and location of the actual Outlook Express program. What we need to do is prefix this with the command that runs the DropMyRights program. Here's the command below. Copy it now and in the next step we will paste it.
Note the space between " "
9 That's it. Your copied icon when clicked will now launch Outlook Express with the restricted rights of a Windows limited user. In the future collect your mail by using this safe version of Outlook Express and you'll be much better protected from email borne infections.
This example uses the icon for Outlook Express but the same approach can be used to create safe versions of all your applications that use the internet.
[node:2490 body collapsed]