11 February, 2009

Add an extra layer of security for Win XP users

Long time readers of my blog know that I am not very fond of Internet Explorer and Outlook Express because of their security vulnerabilities. Due to that, I switched a long time ago to Firefox and Thunderbird. Unfortunately due to my job, I find myself having to use Internet Explorer more and more.

We have a 3rd-party application that we access over the Internet that requires Internet Explore. In addition, I do our web development, which requires that I test everything in Internet Explorer. Also, I have assumed responsibilities for the Webmaster role for the Cascade Blues Association (CBA), which again requires testing in Internet Explorer. It also added another email account to monitor. In order to keep the CBA account separate from my personal and work email accounts, I decided to re-load Outlook Express.

So back to my point. Most users, including me, run Windows XP with Administrative privileges. For most folks it's due to not knowing any better or not knowing how to change. For me, it's a matter of doing too many things all the time that would require me to switch back and forth much too often top be practical. Fortunately, there are some solutions available that will add some security back to XP. Note, users of Windows Vista don't have this issue, as they are not setup by default to run with Administrator rights.

One such option is to run a virtual machine, and have your Internet facing applications, such as web browsers, email, and instant messengers (IM) contained within the virtual machine. It can be cumbersome if you have to save or attach files, sharing them between systems. You can also miss out on the convenient notifications that come along with email and IM clients.

A second option is to use Sandboxie. With Sandboxie, you can run each of your Internet facing apps in their own sandbox or put them all in one. Similar to the virtual machine option, but they are closer to any other desktop application as you wont miss out on the notification features as mentioned with the virtual machines. Some configuration would stil be required to share files from in and out of Sandboxie.

A third option, which I am now using, is Drop My Rights. Drop My Rights comes from Microsoft, and it allows you to run individual programs with lower rights than the rights you have when you are logged in with the Administrator account. It's fairly easy to set up, as you actually launch Drop My Rights, and pass it the location of the actual program you want to run. Simply, you create a new icon on your desktop for each application you want to run under Drop My Rights, and you update the Target with the appropriate parameters. There's an article on Happy Trails Computer Club that explains how to do this, as well as many additional sites that you can find through Google.

Note that virtual machines and Sandboxie offer other security benefits that using Drop My Rights does not. So now you have some alternatives, if you must run Internet Explorer and/or Outlook Express, and you're using Windows XP, consider adding an extra layer of security.

No comments: