QUOTE(eliminsterone @ Jul 18 2007, 10:13 PM) [snapback]10556147[/snapback]
I pm'ed you about this a few days after i posted this but i would like to say thanks again ^.^ It's solved a few problems i had such as not being able to edit my .ini file which in turn allowed me to tweak my setting's to significantly reduce my lockup's (and get the game to a playable level when combined with the travel agency mod)
The problem with internet hackery badness has set up a requirement for people to become more knowledgeable about computer security. Filesystem security (and indeed, Registry security as well) are becoming essential for IT people, and reccomended skills to acquire for power users. Home users would also profit from this knowledge, but are less likely to seek it out on their own.
Benefits of good strong FS security:
Viruses that like to drop stuff into hidden folders in critical filesystem areas cannot without proper filesystem access. By using a limited user account with limited FS access to these critical areas essentially cripple the scripts and programs that try to install this malicious malware. Additionally, for the savvy-- it keeps other users from seeing your stuff. VERY useful for hiding your PR0N collection from your wife/gir
lfriend, etc. (Simply unallow read and browse from her user account, and BLAMMO-- she cant even SEE the folder your PR0N is in, let alone access it!)
Benefits of strong registry security:
(Use REGEDT32.exe on NT4 and windows2000-- Use regedit.exe on XP and greater
to set registry ACLs. Just be VERY careful what you are doing, and DONT set an ACL for the administrator. Always leave the administrator free to fix things if you make a terrible mistake!)
Illicit "Browser Plugins" (Like CoolWebSearch) cannot install without access to certain registry keys. By revoking access to these areas within your limited user account, you suddenly gain a measure of innate immunity to infection from these kinds of things. Sadly, these areas are wide open by default, and require you to go in and manually set the Registry Security ACLs to allow/unallow (NEVER REVOKE! It cannot be overridden!) for the required levels of protection.
After I get a computer fully set up, Registry areas I usually lock down with ACLs include:
Browser plugin registry keys. (Too many to list)
HKEY_LOCALMACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN (<-This is where several illicit programs like to put an entry to make windows execute them automatically on bootup, making them difficult to remove. Locking this area down prevents them from creating such entries, and makes it much easier to clean them up should they install anyway, as they wont automagically execute on the next bootup.
HKEY_LOCALMACHINE\CURRENTCONTROLSET\SERVICES (<- This is where hidden system services have their settings stored. Restricting modification/add access to this area prevents the silent installation of malicious system services.)
Once you have fully immunized your limited user account, you use it for your normal day-to-day computing activities, and use the Administrator Account to install/remove software, or to configure system services and the like. This GREATLY impacts the ability for spyware and malware to 'appropriate' your computer for their own purulent purposes.
Oh yes-- ALWAYS use a STRONG password for the administrator account! If you just leave the password for "Administrator" as a blank, (like OOOH so many people foolishly do) setting the above ACLs is a lesson in futility, because many malware software programs will attempt to run under the administrator's credentials by guess several common passwords, the most common being *null*--- At LEAST 12 characters, containing numbers, letters, and preferably, symbol characters as well.