How to Browse the Internet and Read E-mail More Securely, or CYA: Cover Your Access
Estimated time to complete: 12 minutes
Browsing the Internet is a little like walking alone at night—you never know what might be lurking there ready to attack. According to the SANS (SysAdmin, Audit, Network, Security) Institute, Internet provider addresses are targeted by attacks every 10 to 50 minutes. If you are browsing the Internet with an administrator’s account, your computer is at an even higher risk since most malicious code is designed to infiltrate your computer by using the total access of the administrator’s account against you.
To limit administrator account exposure when e-mailing or browsing the World Wide Web, Microsoft provides a tool for Windows users called DropMyRights. This tool allows you to protect browsers and email applications against malicious Web sites and e-mail attachments by dropping unnecessary privileges. You can use this tool to constrain administrator privileges for applications like Internet Explorer, Firefox, Outlook or Thunderbird
Before You Proceed:
Understand Administrator Privileges
If you’re the owner and sole user of a computer, you’re the administrator. An administrator account has full access to the computer, and complete control over how the computer is set up and what software to load. The administrator account can also be used to set up accounts with limited privileges for other users. Maintaining a secure computer is an important part of using an administrator account, since access to the administrator account means access to the entire system.
If you log into your computer as a user with limited privileges—not as an administrator— then your access is already constrained and you are effectively adhering to the advice presented in this document.
Windows XP and Vista
DropMyRights is designed to be used for administrator accounts only on Windows XP machines. You do not need to use DropMyRights if you are already running Windows Vista.
Step 1 – Install DropMyRights
in the address field of your browser.
Step 2 – Create a DropMyRights Shortcut for Internet Explorer
Note: The first address is the location of the DropMyRights file on your C:\ drive. The second address points to the application you want to run with reduced privileges, in this case, your Internet browser.
Step 3 – Change the Shortcut Icon
Step 4 – Create a DropMyRights Shortcut for Other Applications
You can also create a DropMyRights shortcut for Outlook Express or any other application by following Step 2 again. However, instead of pointing DropMyRights at Internet Explorer (by specifying "C:\Program Files\Internet Explorer\IEXPLORE.EXE"), point it at the new application using one of the default paths listed below:
"C:\Program Files\DropMyRights\DropMyRights.exe" "C:\Program Files\Outlook Express\msimn.exe"
Note: When creating a DropMyRights shortcut for other applications, remember to nclude the path to the DropMyRights.exe application in the shortcut definition.
Double-click on the newly created shortcuts to browse the Web and read e-mail more securely. If you have problems with a trusted site, click on your old browser icon.
For More Information
Read Microsoft’s explanation of DropMyRights at http://msdn2.microsoft.com/en-us/library/ms972827.aspx.
For more information about computer administrator and limited accounts, visit Microsoft's description at http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ua_c_account_types.mspx?mfr=true
January 17, 2013