 |
suDown | sudo for Windows XP |
| keeping low profile | safety and comfort in system administration |
introduction - screenshots - download - forums - demonstration - technical - troubleshooting - contact
 |
Current version: 2.21b (3/feb/2010) |
Demonstration
We would like to demonstrate the advantages of using a low privileged user environment by intentionally infecting
two freshly installed Windows XP SP2 environment with a well-known malware program.
You may have heard about ZCodec,
a potentially harmful program disguised as video compressor software. It can
be downloaded from a seductive but actually fake website which states it is a highly effective codec. But instead it is
a malicious program which downloads the Trojan Ruins.MB to the unsuspecting user's computer which hides itself
from detection by using rootkit techniques, it changes DNS configuration, monitors the user's browsing habits,
launches pop-ups or installs online casino software.
| Test 1: ZCodec malware under an Administrator Account |
Test 2: ZCodec malware under a Sudoer Account |
||
 |
 |
Results
As you could see in Test 1 ZCodec successfully infected the target computer using the ordinary Windows XP
administrative account which is doubtlessly comfortable to use but it doesn't restrict malware software either.
Maybe a good security software could have stopped the infection but even those wouldn't help if their security
databases are outdated or the threat is too recent for them to recognize.
In Test 2 the malware encountered a low privileged environment where by default it didn't have the required
permissions to key operating system areas and it failed to copy its payload onto the target computer. The only
thing it managed to do is to place a void shortcut to a non-existing executable because it had write permissions
to the user's Start menu.
* Windows is a registered trademark of Microsoft Corporation in the United States and other countries.