Avoid spyware by running applications with SetSAFER

Everybody who’s ever tried it knows the problem. Life as a regular user on Windows is a pain: who wants to switch users just to install software, sometimes even to run it? However running software as a non-admin increases security. It’s impossible for spyware to install itself into the system when it is not allowed to.

Using SetSAFER, a program created by Microsoft employee Michael Howard we can run just any applications as a regular or limited user, while still using an administrator account. After testing for side effects, which I explain below, I recommend you give this a try. I no longer have to run a realtime spyware scanner, and now just schedule routine scans.

As one of the articles Michael has written on the subject is not available anymore I’ll quote the nonadmin site for an complete explanation of the program:

SetSAFER is a policy-setting tool written by Michael Howard that can force applications to always run with lower privileges. You can download it and read about it in his MSDN article “Browsing the Web and Reading E-mail Safely as an Administrator, Part 2”.

For example, you could mark you favourite  browser to always run as a user, regardless of whether it starts by invoking an URL on the desktop, a link in email, a newly spawned browser and so on.

SetSAFER uses the SetSAFER.xml file to configure the applications that should be run with lower privileges. You can edit this with any text editor such as notepad to add applications and even folders. My configuration can be found below. This way I run my browsers, e-mail software and messengers without worrying about spyware:

<?xml version="1.0" encoding="UTF-8"?>
<app comment="Internet Explorer" path="c:\program files\internet explorer" user="true" />
<app comment="Mozilla Firefox" path="c:\program files\mozilla firefox" user="true" />
<app comment="Opera 9.5 Alpha" path="c:\program files\opera 9.5 alpha\opera.exe" user="true" />
<app comment="Outlook" path="c:\program files\microsoft office\office12\outlook.exe " user="false" />
<app comment="Outlook Express" path="c:\program files\outlook express" user="true" />
<app comment="Windows Messenger" path="c:\program files\messenger" user="true" />
<app comment="Windows Live Messenger" path="c:\program files\windows live\messenger" user="true" />

Side Effects

Some applications are not built to run in a mixed privileges environment and seem to cause issues when run like this. However, this is not SetSAFERs fault as it just uses the built-in windows policy settings!

Google Desktop and Google Toolbar for Internet Explorer monitor the browser history for pages that are visited and add them to their database. I assume this is not allowed as a regular user. Whatever the reason, it causes the browser to freeze whenever you go to a webpage. I’ve uninstalled Google Toolbar and Google Desktop until I have found a solution. Any help would be appreciated.

The website for Windows Update and Microsoft Update and certain Java applets will not  function if the user is not an administrator. This can be a pain if you want to manually check for updates. The solution: navigate to the installation folder for Internet Explorer (c:\program files\internet explorer ) and copy the iexplore.exe program to another location. The copy will run with full rights.

Finally, any program started from another application inherits the security settings from the parent program. This means that installations run directly from the browser will run with lower privileges. They’ll let you know you do not have enough rights to install it. This is intended and exactly what we want: a secure browsing environment. However, it might prove a slight annoyance at first. Just browse to the file yourself and run it yourself.

Downloads and Resources

October 30, 2007 at 12:28 PM in Windows

No-one knows the value of software but let’s not guess

It’s impossible to know if software is worth the asking price, even if it’s free, if you haven’t used it. Value of software only becomes apparent over time. It takes time to evaluate and learn the software, to manage your information with it, and to fit it in your workflow. Only after that you know how valuable the software is to you. So how much should you pay the next time you hit that buy button?

Well that depends how much the developers are asking for it of course. And they’re guessing as much as you do. They can prize their product out of the market, by being too expensive. Or they might prize it so low that you think it isn’t up to the task.  They might not tell you the price at all and have you call their ‘representatives’. They might give it away for free!

And God help you if an A-list blogger finds out that your premium printer is identical to the cheap printer, with the speed inhibitor turned off. Joel Spolsky

ANY price SOFTWARE bring its own problems

So recently there seems to be a trend to allow customers to set their own price for the latest audio-cd or software package. If you want to pay £1 for it, that’s fine. If you think it deserves £100, that’s ok too. That’s a very brave move on the part of the creators and I have respect for that. It must be hard to hand over the responsibility of valuing your software to people who do have no idea about the value.

As for letting people name the price they pay for the album, he said “It’s fun to make people stop for a few seconds and think about what music is worth, that’s just an interesting question to ask people.”

But I have no idea how much more valuable the latest operating system is before I use it. Especially not if one variety is available for free and another costs me my monthly salary. How much money would you be prepared to pay for an iPhone for example? Other people paid $200 less, are you still happy?

Don’t worry be happy

So it’s almost impossible to value software, and nobody really knows how much it’s worth. This only leaves us with two other options that I have not explored: donationware and software-as-a-service (SAAS). Use the software for an amount of time and decide how much money it’s worth to you. And then just make the most of it.

October 29, 2007 at 2:16 PM in Technology