One week, Apple distributes patches to its Quicktime software to plug critical vulnerabilities, another week WinAmp, another week: who knows? They are all the result of programming flaws that enable criminals to do disturbing things with our computers. We cannot trust the software applications that run on our computers!

Microsoft enabled Windows to help reduce the damage a compromised application can do. However, at least a third of computers interacting with the Internet are running with admin rights. Each application launched by the end-user inherits these admin rights. So, any application running on such a machine can alter anything, can do anything. These machines should not run with admin rights. But, if they must, they demand security software to guard the applications.

On the other hand, machines running without admin rights limit what applications can do. This prevents some but not all harms that matter to businesses and consumers. Compromised software applications can still be used to steal information and install persistent malicious software into user-space (‘My Documents’, ‘Desktop’, etc.).

So, what can these malicious executables do from user-space? They can steal information, alter registry settings so they automatically run when Windows launches, and they can attack other applications or other computers. BTW, the Conficker worm attempts to crack the admin credentials for its host so it can implant something deeper and more invisible into its host. There are other vectors.  {More on this point in a post on Limited user accounts versus drive-by download attacks}

Any application that runs on our computers can do us harm. The applications we use must be guarded and unknown executables from user-space should be suppressed. We cannot trust the software on our computers.

AppGuard and AppGuard Enterprise Plus Place Your Software Applications Under Guard

AppGuard and AppGuard Enterprise Plus effectively place a forcefield around software applications to prevent them from doing harm.  They also prevent drive-by download attacks by snuffing out unknown software application launches from user-space (desktop, My Documents, extra hard drives, etc.).  And, they prevent USB malware from attacking your computers.  Without the limitations of signature-based technologies, folk can read our white paper on how AppGuard and AppGuard Enterprise Plus provide advanced zero-day computer protection.  Alternatives are much more difficult to set up and maintain, disruptive to end-users, and slow down computers.

Posted: Friday, January 23rd, 2009 - Endpoint Security
RSS 2.0 - Comment - Trackback