How is the security of your Windows operating system organized?
Are you sure that you know what actions are performed by programs on your computers and other devices? For example, can games dig in your documents?
What does an application that is approved to run as administrator have, and why can't it run without issuing these rights?
Let's try to figure it out together.
Many people know that you should not download and run programs from unofficial sources, because can catch a virus. But there are those who sometimes neglect it.
In the article I share my personal opinion and experience . The purpose of the article is to figure out how to ensure safe operation in Windows
UPD. Thank you for bathing in the minuses of the savvy inhabitants of Habr, who have forgotten that there are regular users of the OS , who are not obvious to many things!
UPD_2. Sorry, I added not so much self-irony, so that it was more obvious, like here
I did not think that any program can perform almost any action, even under the supervision of antiviruses, until I reproduced it myself.
Even more unobvious moment for a typical user:
" how to limit the permissible actions of the program , if you want to have more reliable protection than the banal trust in the developer?"
First things first.
# Some lyrics. Without a little background can not do
Most recently, I decided to master python. Having learned the basics, I decided to write an application to automate my routine tasks. I am not a programmer, but PL / pgSQL knowledge helped me quickly.
1. The plot
I was surprised when the program compiled into .exe and .bin started from a flash drive on another computer without any questions, doing everything that is written in it:
- delete files from the "My Documents" folder
- read and replace clipboard
- display information about files in other directories
- access the Internet
- turn off the computer and other “pranks”
For the sake of justice, I tried on Linux - the result is the same.
PS
На Linux редко кто ставит антивирус и прочие средства защиты, т.к. пользователи Linux обычно не качают что-либо из сомнительных источников. Обычно все устанавливается из доверенных репозиториев. Наверное, поэтому он не усыпан вирусами.
But in Windows (8/10) I naively expected some kind of dialogue confirming the launch, the squeal of antivirus and other delights . I used to think that I am safe , because nothing really dangerous happened to my computer.
I tried to run the program on different computers of friends, using the guest record and the new simple user, put different means of protection - the effect is the same.
For some reason, I naively believed that the clipboard is something "sacred", since it often flashes important information, and it seemed to me that I myself regulate the insertion of data.
However, as I understand it, for the OS it is just a program, like PuntoSwitcher, Teamviewer and others, who calmly perform all sorts of actions.
I wondered how to stop unwanted actions of my own program.
2. A little about the program
The console version of the program would be boring to run, so I decided to add an interface.
The main part of the console looked something like this:
While indulging with him - there was an uncomplicated game. I wanted to write a sapper, but # Не судите строго, я лишь учусьimport os
import platform
all_results = ['Start']
commands_dict = {'010 Ваша OS:': 'platform.system()',
'050 Чуть больше подробностей:': 'platform.uname()',
'060 Сварить кофе!': "get_coffee('Cappuccino')",
'150 Еще какая-то команда:': "None",
'270 Список файлов в текущем каталоге:': "os.listdir()"# Прочие команды которые мы хотим протестировать# Сортировка с запасом для встраивания
}
defexec_in_results(command, note):try:
note = note[3:] # Отрезаем первые 3 символа используемые для сортировки словаря
result = eval(command) # Eval is Evil? - Maybeif result isNone:
all_results.append('\n\n!! Нет данных от команды: {0} >>> {1}'.format(command, note))
else:
all_results.append('\n' * 2 + '*' * 30 + note + '\n') # Обрамляю как умею
all_results.append(result)
except Exception as err:
all_results.append('\n\n!!! Прочая ошибка при вызове: {0} >>> {1} ERROR: {2}'.format(command, note, err))
for key_note in sorted(commands_dict.keys()):
exec_in_results(commands_dict[key_note], key_note)
print('\n'.join(str(x) for x in all_results))
Game menu when you first start
The program may seem to be a harmless game, but a few minutes after downloading the file (or another designated event), new functions are activated.
limited to the following list:
Программа:
Из украшательств: окно находится всегда по центру, не дает свернуть/переместить/закрыть себя, т.к. не имеет заголовка, перекрывает все окна. Не реагирует на ALT+F4 (добавил кнопку для выхода).
Бонус: случайно вышла оптическая иллюзия мерцающих кругов между квадратами.
Программа весит около 7 Мб, хотя код на строк 300 (включая множество пустых), потому что используемый мною компилятор (pyinstaller) даже «Hello world» компилирует в 5-Мб exe.
- собирает некоторые данные о компьютере и показывает их в блокноте
- читает и подменяет буфер обмена
- обращается к интернету (просто получает главную страницу известного поисковика)
- открывает браузер с указанными ссылками
- дружит с антивирусами (пока что, проверил на virustotal.com). При скачивании этой программы из интернета, единственный барьер, который я встретил — это SmartScreen, который не любит приложения от неизвестных производителей
- может выключить компьютер даже быстрее, чем это делает кнопка из меню «Пуск»
- удаляет файлы в конкретной папке
Из украшательств: окно находится всегда по центру, не дает свернуть/переместить/закрыть себя, т.к. не имеет заголовка, перекрывает все окна. Не реагирует на ALT+F4 (добавил кнопку для выхода).
Бонус: случайно вышла оптическая иллюзия мерцающих кругов между квадратами.
Программа весит около 7 Мб, хотя код на строк 300 (включая множество пустых), потому что используемый мною компилятор (pyinstaller) даже «Hello world» компилирует в 5-Мб exe.
The menu of the game that we deserve
I made a video for those who are interested in the work of the program.
PS
Если захотите скачать этот файл для эксперимента, то сможете догадаться, где скачать «более безобидную» версию программы (без удаления и выключения).
Но делать этого я не советую, мало ли что там :)
Но делать этого я не советую, мало ли что там :)
I think it makes no sense to throw the source, because The essence is not in this program, it is only as an example.
3. What confuses me?
" I know that I know nothing ."
I am a simple user, convinced that the antiviruses and the system itself will protect me from most of the dubious (in my opinion) program actions. It is unlikely that my application is considered a virus, but it can harm.
I have no complaints about antiviruses, they save from popular threats, phishing sites and other problems.
The main cause of the problems is the actions of the user himself.
Surely there are users who are unaware of how dangerous it can be to download unfamiliar / cracked applications from torrents, file sharing, and other sites.
Especially those that require administrative rights to run. The series "Black Mirror" hints . About Root firmware / phone applications - I will not say anything.
Not all people get along well with the computer, download what they offer, and trustfully click "Continue / Continue" with all settings. Therefore, when my friends ask me to watch a computer that barely moves, I always see a bunch of
Typical Expert Mode
I am a little annoyed by the “permissiveness” of programs , when they register themselves not only in autoload, but also take root in services, registry and task scheduler, slowing down a computer with their incomprehensible processes.
While I tried different antiviruses, one of them spoiled the driver for the network card when I deleted it, and I was left without internet. The system restore point helped.
I do not have paranoia, but I don’t like that when installing the program only 2 options
pop up : -Set (* Install as administrator)
-Cancel
And what if I want (just in case) that the application can only see its folder, not had access to the internet, clipboard, etc.? Where should I click?
The benefit of the camera / microphone restrictions are in the privacy settings.
4. What do you want? It was always the same
Apparently, I have already got used to the fact that on the phone the applications are annoyingly requesting access to data and functions of the system (“allow access to Photo / Camera / Microphone / Geolocation”).
But!
Теперь я задумался, это постоянный доступ в любой момент работы приложения? Или только когда я нажимаю «Записать/Сфотографировать/Отправить файл»?
Надеюсь там все в порядке, но это уже другая тема..
Надеюсь там все в порядке, но это уже другая тема..
But, it is not quite clear to me how it is possible to launch / install an application on a personal computer in a convenient way, setting the framework for what is permitted.
5. Search for a solution
The most important and obvious step will sound naive, because many people know about him, but often neglect it.
Most of the troubles (viruses, miners, crashes, etc.) of Windows due to the fact that many use the account with administrator rights created during installation, thereby launching all programs with excessive rights. I repent, I was one of them for a long time.
UPD. Just look at the result of the survey at the end of the article.
I do not know why so far in Windows this is not such an obvious point
like in linux
A brief instruction for those who understand what they mean, but does not dare to take such a step:
Создайте отдельного пользователя, дайте ему права администратора, а с себя снимите.
Только с паролями не запутайтесь.
При запуске/установке некоторых программ и прочих изменениях в системе будет запрашиваться пароль администратора (а не просто: Да/Нет), появится повод задуматься, для чего программа требует такие права.
От прижившихся приложений не поможет
Только с паролями не запутайтесь.
При запуске/установке некоторых программ и прочих изменениях в системе будет запрашиваться пароль администратора (а не просто: Да/Нет), появится повод задуматься, для чего программа требует такие права.
От прижившихся приложений не поможет
I noticed that some programs at startup want to get administrator rights , but if they fail, they can offer an alternative:
Now the system files are safer, but my program continued to do treacherous things.
I went to the Internet with a similar question (+ IT chat rooms in messengers): “How can I run the EXE program safely / in isolation?” I
also surveyed friends close to IT.
Found the following options:
1) Use a virtual machine
A great option, but not for all cases.
I think that some users may represent a virtual machine somehow.
2) System settings
- Configure security policies, rights to important folders, etc.
- Understand why the program asks for additional rights, and suppress the UAC request.
Of course, Windows is quite flexible in configuration. I
PS While I was looking for information, I often found articles on how to disable UAS so that it does not interfere with its warnings .
3) Do not download suspicious applications. The best way! .
I have doubts now, how can I know that any known application does / does not do what I don’t want?
Fragments of a typical license agreement
Пользователь уведомлен и соглашается с автоматическим обновлением Программы без каких-либо дополнительных уведомлений.
Лицензионное соглашение может изменяться Правообладателем в одностороннем порядке. Изменения в условия настоящей Лицензии публикуется на странице: страница_на_которую вы_вряд_ли_зайдете. Указанные изменения в условиях лицензионного соглашения вступают в силу с даты их публикации,или тогда когда нам будет удобно..
Лицензионное соглашение может изменяться Правообладателем в одностороннем порядке. Изменения в условия настоящей Лицензии публикуется на странице: страница_на_которую вы_вряд_ли_зайдете. Указанные изменения в условиях лицензионного соглашения вступают в силу с даты их публикации,
I do not like it - do not use it, everything is fair.
I will not write that for the update I flew in this way, because I do not want to offend anyone in this publication.
4) Use the program " sandbox "
The most convenient option, in my opinion. I was able to suppress some of the dangerous operations of my program, which is not quite bad. However, this is a third-party and not always free software that requires configuration.
I want something similar built into the OS, with a clear interface.
Total
I do not blame anyone, I do not call for panic: I just wanted to share with you my thoughts about the security of our OS.
It surprises me that any application can be a “Pandora's box”, from which very few people know how to defend themselves (as I observed).
It seems to me very strange, at a time when everyone is trying to protect their information, they use two-factor authentication / SMS, encryption in messengers and other things.
If there is a simple full-time opportunity to organize a safer environment, I will be glad if you tell me how to do it!
Thanks for attention!
How is the security of your Windows operating system organized? What can you advise?
Only registered users can participate in the survey. Sign in , please.