Barring users from running exe.

degarb · Posted: Mon Jan 10, 2011 16:51 pm Post subject: Barring users from running exe.

I have a main computer, that is used by wife, preteen and I.

Cannot run users, since scripts I need to keep isp alive (pixel dependent) and sound card scripts won't run with user. Nor do they work under wine or vbox under linux. Abandoning my scripts would cost into the thousands a year of loss. However, not ready for machine upgrade. And vbox with crunchbang is too slow, and constant antivirus is reason I own this machine. It became too bogged down by todays av when run constantly. Had to give up the machine, and now I own it. Runs very fast and great now.

I have them using Opera and Chrome (FF is a not as responsive here) but I worry about them opening attachments, installing exes, Occidentally opening the bogus av repair popups, trying to install codecs to watch videos, ecards. Generally, the naive things they might do even when using FF, Opera, etc. I need a "sudo" for opening any exe (doc via msword) downloaded off net. I don't trust AV to detect wild malware anyway, since anyone can brew up malware in 5 minutes, encrypt and no amount of av will detect because they are as clueless as the user as to internal source routines.
_________________
Thnx. But really, adulation isn't required.
.
R-ights, I-nfrastructure, D-efense, S-afetynet 4 helpless: R.I.D.S--the limit of legislation. Not to grow, control, and maintain power.

degarb · Posted: Thu Jan 13, 2011 1:39 am Post subject:

I tried sandboxie, but looked more like for one person and not family.

Highly recommend the sandbox http://www.trustware.com/ bufferzonepro. It is free too, for limited time. It fits the bill, it appears. And running it now with zero performance hit. Looks like it should work. Even installs programs in a sandbox. Which is great for new guys who love to test sw.

Got threatfire running with no hit either on performance. But looks less essential.
_________________
Thnx. But really, adulation isn't required.
.
R-ights, I-nfrastructure, D-efense, S-afetynet 4 helpless: R.I.D.S--the limit of legislation. Not to grow, control, and maintain power.

digger · ๑۞๑ Joined: 29 Mar 2001 Posts: 2656

I'd highly skeptical of any kind of sandbox that isn't a full blown VM. If your users don't have good habits, something will break out of the sandbox eventually.

degarb wrote:

Cannot run users, since scripts I need to keep isp alive (pixel dependent) and sound card scripts won't run with user.

Are you talking admin vs limited users in XP? There must be a solution.

Surun is pretty handy, like sudo for windows:
http://www.dedoimedo.com/computers/surun.html

Other ideas: the builtin runas command and the task scheduler can run things as other users, or you set up things to run as a service, as any user, depending on your needs.

degarb · Posted: Thu Jan 20, 2011 9:01 am Post subject:

I need to keep one macro up to monitor isp, renew lease, and reset on outage. Problem is it needs exact pixel color, etc to reset modem (no luck figuring telmet on wcg200). Also, a program I use to record c2c each night must open a browser, send keys to it, and record off sound card. Running multi users, I had headache with that. Also, myproxy.com.ua I have had nothing but problem with getting it to work with user accounts (this program can speed up internet to useful level on dialup, and make thing finish loading faster on cable).

surun is interesting. I am testing threatfire and immunet now I can say bufferzone pro and threatfire have zero impact on this 8 year old system. I take pcmags review of immunet with grain of sand since the effectiveness should increase monthly.
_________________
Thnx. But really, adulation isn't required.
.
R-ights, I-nfrastructure, D-efense, S-afetynet 4 helpless: R.I.D.S--the limit of legislation. Not to grow, control, and maintain power.