With
the number of hostile websites increasing every day surfing has become a much
more risky activity.
The
good old days of casual and carefree surfing are over. Today a simple act like
clicking on a search engine hit or responding to an ad may take you to hostile
website whose main mission is to infect your PC with spyware, trojans and
worse.
Worse
still, hackers are now regularly attacking and compromising legitimate websites
and then using these sites to infect surfers.
And
don't expect your anti-virus program to save you. Many of these evil sites make
use of specially crafted malware products that your AV program doesn't know
about or cannot see.
Nor
can you hope to be saved by keeping your software up-to-date with the latest
security patches. These hostile sites often exploit new or undocumented flaws
in Windows, your browser or other products to take control of your PC.
The good news
The
good news is that it's possible to protect your PC against hostile sites. There
are actually several different ways but in this article I'm going to discuss
few of the most convenient ways. Happily, they are also the most effective.
Sandboxing
is a technique of protecting your PC by corralling off potentially dangerous
applications such as your browser from the rest of your PC. Sandboxing
your browser means that your browser effectively runs in a virtual PC within
your PC. Anything nasty that happens in this sandbox cannot affect your real
PC.
That
means if you get infected while browsing in the sandbox you can remove the
infection by simply shutting down the sandbox. Any malware files downloaded or
actually running will be deleted and your "real" PC unaffected.
To
run your browser sandboxed you must first run a sandboxing program that creates
the sandbox environment. There are quite a few products available on the
internet.
To
use SandBoxie you must be running Windows 2000 or later including Vista. You
can download it from here, it's only 230KB.
Before
installing SandBoxie I suggest you make a full system backup or create a
Windows restore point from Start / Help and Support / Undo changes with system
restore / Create a restore point. That's because SandBoxie can
create problems on some PCs. You can minimize the risk of problems by shutting
down all your security programs before installing SandBoxie. After installing
SandBoxie you will need to reboot anyway and that will restart all your
security software.
Once
SandBoxie is installed there are various ways to open your browser in a
sandbox. You have to do it manually unless you are running the registered
version where it's possible to setup your browser to automatically run
sandboxed.
My
favorite way of manually opening my browser in a sandbox is to right click the
yellow SandBoxie tray icon and select "Run Sandboxed" then
"Default Browser." I
This
should start your default browser securely locked away in its own
sandbox. SandBoxie indicates to you the browser is sandboxed by putting a
"#" sign before and after your browser window title bar caption.
You
can use your sandboxed browser perfectly normally. In fact apart from the #
signs in the title bar you wouldn't know that it is sandboxed.
But
sandboxed it is. That means that for all practical purposes your real PC cannot
get infected by visiting a hostile website.
When
you have finished browsing shut down your browser and then right click the
yellow SandBoxie tray icon again. This time select "Terminate
Sandboxed Processes."
Once
selected everything that happened while surfing is deleted, including of course
any malware infections and files.
That
also includes of course any bookmarks you created and any files you
deliberately downloaded. If you want to permanently bookmark sites while
browsing in a sandbox I suggest you use an online bookmarking service like Google Bookmarks
or Del.icio.us.
Advanced users can configure Sandboxie to share bookmarks with the
non-sandboxed version of your browser thus making any new bookmarks created
while surfing in the sandbox permanent. Details can be found on the
Sandboxie site.
You
can copy downloaded files from your sandbox to your real PC before you delete
the sandbox contents. That way you permanently keep file you want. You can find
full instructions how at the SandBoxie site here. I do however suggest that before
you move any file out of the sandbox that you actually first install the
downloaded file from within the sandbox. If your security software doesn't
sound any alarms and the programs seems to be behaving as you expect then go
ahead and move it to your real PC and install it again. Remember though to
still delete the contents of the sandbox.
For
a hostile website to install malware on your PC the malware must have access to
full "administrator" rights on your PC. That's not normally a problem
as most Windows users operate with full administrative privileges; its the
default setup for users in all Windows systems prior to Vista.
By
denying malware access to administrator rights you can prevent it from
installing. The easiest way to do this is to use a limited rights Windows user
account rather than one full administrator privileges.
It
sounds like a great idea but there are many practical problems using a limited
user account. For example lots of simple routine tasks like changing the system
clock, plugging in a USB drive, running a defragger and updating software can't
be carried out in a limited user account.
An
alternative approach and more practical is to adopt the converse policy, that
is, to routinely use an administrator account with full rights but reduce the
privileges of your web browser and other risky programs. It's a strategy that
offers fewer inconveniences than running a limited user account at the cost of
a slightly lower level of security.
Several
free tools are available that allow you run your browser and other specified
programs with reduced privileges. Best known is Microsoft's own DropMyRights
which works with Windows XP and above.
Using
DropMyRights is quite easy. In essence you use the program to create a desktop
shortcut to a special version of your browser that operates with limited
privileges. To surf safely you just click the desktop icon. If you want
to use your browser normally with full administrator privileges then just start
your browser the normal way.
The
instructions for installing and using DropMyRights with Internet Explorer on
the author's site are a bit cryptic for beginners so I've created a fuller
version below:
1.
Download DropMyRights from here It's only a tiny 164KB file so it
should download in just a few seconds.
2.
Locate the downloaded file DropMyRights.msi and double click it to start the
install. Accept the EULA and click "Next"
3.
When asked the location of the installation folder cut and paste the following
line into the box and then click "Next" and then "Close."
C:\Program
Files\DropMyRights
4.
Right click on your Desktop and select New / Shortcut
5.
In the first screen of the shortcut wizard cut and paste one of the following
lines into the blank box headed "Type the location of the item:"
Cut
and paste the following line if you use Firefox as your browser:
"C:\Program
Files\DropMyRights\DropMyRights.exe" "C:\Program Files\Mozilla
Firefox\firefox.exe"
Cut
and paste the following line if you use Internet Explorer as your browser:
"C:\Program
Files\DropMyRights\DropMyRights.exe" "C:\program files\internet
explorer\iexplore.exe"
6.
Click "Next" and enter an appropriate name for your Shortcut for
example "Safe Firefox" or "Limited User Internet Explorer"
then click "Finish."
That's
it. You now should have a desktop shortcut that when clicked starts up your
browser with limited rights.
If
it doesn't work then it's possible your browser is not installed in the default
location. If so edit the shortcut settings to point to the correct location for
your browser.
Browsing
with limited rights is not really any different to browsing normally except
that it's way safer. Some operations that require admin rights may not work but
if you run into these problems then you can start your normal browser with full
admin rights to complete whatever operation you were attempting. That's a small
price to pay for avoiding infection.
The
procedure for running your email program, IM client, media player and other
internet based applications using DropMyRights is essentially the same as that
for your browser that I outlined above.
What
differs is the command line you use in step 5.
The
exact command line you use is different for every program but there's an easy
way to work out what that command line is for any program. You do this by using
the shortcut or program icon you use to launch the program.
By
way of example let's look at Outlook Express but the same principle applies to
Outlook, Thunderbird, Windows Media Player and any other program..
1.
First though, you must install DropMyRights. This is covered in steps 1 to 3 above.
If you haven't already done this, do it now.
2
Locate the shortcut or program icon for Outlook Express that you normally use
to run the program. It's probably an icon on your desktop
3.
Copy the Outlook Express Icon by right clicking on the icon and selecting
"Copy" then right clicking again and selecting
"Paste." (Ctrl C followed by Ctrl V works fine too)
A
new icon should appear on you desktop called something along the lines of
"Copy of Outlook Express"
4.
Right click the copied icon and select "Properties. Select the
Shortcut Tab.
5.
In the Target box you will see an entry similar to the following:
"C:\Program
Files\Outlook Express\msimn.exe"
This
is the name and location of the actual Outlook Express program. What we need to
do is prefix this with the command that runs the DropMyRights program.
Here's the command below. Copy it now and in the next step we will paste it.
"C:\Program
Files\DropMyRights\DropMyRights.exe"
6.
Left Click on the very first position in the Target box, just to the left of
the "C:\... and paste the DropMyRights command you copied in the last
step. Make sure there is exactly one space between the line you pasted
and the original contents of the target box. If done correctly your
Target box line should now look like this:
"C:\Program
Files\DropMyRights\DropMyRights.exe" "C:\Program Files\Outlook
Express\msimn.exe"
Note the space between " "
Note the space between " "
7.
Click "Apply" then "OK" and the window should close.
8.
One last step. Rename the copied desktop icon to something like "Safe
Outlook Express" or "Outlook Express - Limited User."
9
That's it. Your copied icon when clicked will now launch Outlook Express with
the restricted rights of a Windows limited user. In the future collect
your mail by using this safe version of Outlook Express and you'll be much
better protected from email borne infections.
This
example uses the icon for Outlook Express but the same approach can be used to
create safe versions of all your applications that use the internet.
