PPRuNe Forums - View Single Post - EMET - a hidden Windows jewel!
Thread: EMET - a hidden Windows jewel!
View Single Post
Old 27th December 2013 | 22:47
  #3 (permalink)  
Mac the Knife

Plastic PPRuNer
25 Anniversary
 
Joined: Sep 2000
Posts: 1,902
Likes: 0
From: Rochechouart, France
Mix: I know all about Run-As - Run-As is particularly nasty.

The problem with run-as is that a user needs the administrator password since this option is to run a program as administrator and not to briefly elevate a user's rights to administrator. This is a major security risk since more people then have the administrator password. NOT a good idea! With sudowin the limited user does not need the administrator password, since sudowin relies on the users password (and sudowin rules) to elevate the command. And importantly, unlike the run-as command, Sudo for Windows preserves the user's profile and ownership of created objects.

I cannot see how sudowin broadens my attack surface - rather the reverse, particularly it is thoughtfully written and very security tunable with little effort. You should actually read https://www.sans.org/reading-room/wh...s-sudowin-1726 before reacting (yes, I know you're busy, though not too busy to react!)

But anyway, what do you think of Microsofts own EMET ???

[Which was really what my post was about}



Sorry, I shouldn't have made that joking reference to XP, I know that it's bad for your blood-pressure!

What people should really do is switch to Red Hat or Mint and then run XP in a secure VM image if they have to.

Mac the Knife is offline  
Reply
0