Sudo make me a sandwich.

This old cartoon from XKCD somehow came to my attention the other day (I think it was on Digg or one of the many security blogs I frequent) and it got me to thinking: aside from being very funny, this cartoon's subject is one the easiest ways to prevent problems on any given machine. In short, don't run as Root / Administrator unless you absolutely have to! To do any real damage, malicious code requires that you run it in the context of a powerful user (preferably the system itself, but a high-level user will do in a pinch.) If you're not running as Root / Administrator all the time, and you accidentally / unknowingly invoke malicious code, it's like a lit stick of dynamite that just fizzles out - maybe a bit of sound and color, but little or no damage done.

Does this mean that, when you run as non-Root /Administrator, you have to re-login every time to perform any Root / Administrator tasks? Nope. The Unix command sudo allows you to run any command as a Root-equivalent or other account (assuming, of course, that you know this other account's password:). For Windows, the RunAs command serves the same purpose; conversely, the DropMyRights program from Microsoft allows people running as Administrator to run the most danger-causing programs (web browser, email, chat) as a plain-vanilla user.

There is definitely a challenge in finding a balance between keeping yourself safe and being able to do your work (a challenge that Vista's User Account Control fails, rather hilariously in this Apple ad) but for important systems, running as (mostly) a standard user is a great supplement to the anti-virus, firewall and host intrusion detection systems you should already have in place.

Is Windows Vista a secure operating system?

Windows Vista claims to be a very secure operating system as a result for the new security development process at Microsoft. Well, seems to be they still have flaws and they are new, not legacy ones. Take a look on this interesting link where system privileges can be obtained on a Windows Vista computer if there's physical access to it: http://www.offensive-security.com/movies/vistahack/vistahack.html

Thrice welcome!

Hi there!! Welcome also to the world of insane people who practice information security, such as Manuel and myself (well OK, mostly me.) I'm Pete Hewitt, and I work as a Senior Risk Analyst at a major financial firm. I have a bunch of letters after my last name that may or may not be relevant to information security (GAWN, GCWN, GCFA, GCIH, GWAS, CISSP, CISA, CPA if you must know) and like Manuel am a SANS course author. In fact, Manuel and I have written a SANS "Stay Sharp" course on Web Browser Forensics that we'll be occasionally discussing (*ahem* shamelessly promoting *ahem*), and we'll also be pontificating on forensics and incident response, locking down systems, network monitoring and architecture, and other things that either interest or annoy us (or both) about information security. We of course appreciate any and all responses, good or bad, to our postings.

Welcome!

Hello!!! Welcome to the insane world of computer security :) This will be the place where Peter Hewitt and me will post news for security topics and specially computer forensics :) I'm Manuel Santander, CSO at Empresas Públicas de Medellín (Medellín, Colombia), Fellow teacher at Escuela de Ingeniería de Antioquia and Universidad Pontificia Bolivariana (Medellín, Colombia), SANS Course Author and student for the MSISE Program at SANS Technology Institute (http://www.sans.edu). I hope you find useful the information we post here ;)