XPost: microsoft.public.windowsxp.general   
   From: mayayana@invalid.nospam   
      
   | So, setting up the limited account was a waste of time, or   
   | should I try to understand how you can DL stuff while running   
   | all your internet apps in Sandboxie, or... ?   
   |   
      I've always worked to avoid multi-logins   
   of any kind, so I had to set up an account to   
   see how it works. The window explains that it   
   won't be able to access most files, but as I   
   thought, there's no way to enforce that on   
   FAT32. Restrictions are functionality in the NTFS   
   file system. (It's often called "permissions", but   
   that's like saying "digital rights management".   
   No one needed any "rights" before restrictions   
   were instigated.)   
      
      On the limited account I went into Windows and   
   System32. I changed some things in the All Users   
   Start Menu. (I should note that I also remove   
   PCHealth in order to eliminate System File Protection   
   (known as Windows File Protection starting with Vista).   
   So I have no limitations on anything.)   
      
     If you want to run restricted in order to reduce the   
   actions that malware can take then I think you'd want   
   to convert to NTFS. (But you may not be able to   
   change back.)   
      
     Getting into the topic of the best online options brings   
   out lots of opinions. I don't enable script/cookies/3rd party   
   images/java/flash/iframes. (Many mega-ads from companies   
   like Doubleclick/Google are put into iframes so that they   
   can bypass 3rd-party cookie blocking. I think the Facebook   
   Like buttons may do the same thing.) Bill in CO says I'm   
   accessing a Stone Age Internet by doing that. :) I think   
   a lot of people feel that way. I go online for research and   
   news, mostly. I *like* static webpages, without cartoons   
   jumping around while I'm trying to read. I don't use webmail   
   and I don't take part in any sort of corporate-sponsored   
   social life. I also don't give credit card info. online. I find   
   what I want online, then call the store. If they don't have   
   a phone# I don't use them. (Not only for security. If there's   
   no phone# I can't call a human if there's a problem. So, no   
   Amazon or NewEgg.)   
      
     A lot of people would find that approach completely   
   unworkable. I find numerous sites with articles. Search   
   works fine. Serious websites mostly work fine. The things   
   that don't work are mostly the sites that depend high   
   interactivity or data mining and, therefore design their pages   
   not to work without script/cookies.   
      
     This topic is never really confronted honestly by any party.   
   Online companies want interaction for sales and data mining.   
   Individuals want to watch entertaining videos while they shop   
   for airfares and tell their friends about their day. Banks and   
   utility companies want online banking and bill-paying to save   
   money. Nobody wants to limit the functionality....but everyone   
   wants security....and no one will admit that it simply can't   
   be done.   
      
     There was an interesting article last week about a woman   
   in Iceland who's shocked that the US gov. was able to force   
   Twitter to release her personal data as part of their investigation   
   into Wikileaks. She's been posting for free on a commercial   
   website but has imagined that she has "rights". I see the   
   same thing with Facebookers. They let a corporation host   
   their social life and spy on them. When Facebook gets caught   
   being sleazy the Facebookers are up in arms, threatening to   
   quit the free service. :)  But in no time they've forgotten   
   all about it.   
      
       I currently run Pale Moon and Firefox. I use Pale Moon for   
   most things. I use Firefox with script enabled if I need to deal   
   with a script-enabled site. I don't have any plugins except   
   DownloadHelper in Firefox.   
      
   | Speaking of Flash - are the latest AV programs (like my ESET   
   | NOD32) capable of finding malware in them, or do they just   
   | skip them, like they skip avi and jpg (and other) files... ?   
   |   
      
     I don't know the details of flash exploits, whether   
   it involves corrupt files or programmatic exploits. The   
   problem with AV is that a lot of exploits are using   
   approaches that are not yet known. It used to be   
   virus definitions required a monthly 1 MB update. Now   
   it's 40 MB every time one boots the computer. Yet   
   there are always new exploits. I don't think AV is good   
   for much other than watching for suspicious disk activity.   
      
      
   | >| You might want to take a look at the one I use. I can post   
   | >| it for you somewhere if you can't find it.   
      
    Thanks. I got a copy at Oldapps. I think you're right about   
   the updates: Basic networking hasn't changed in XP, so it's   
   hard to see why an older firewall wouldn't be up-to-date.   
      
   | >| I appreciate your reply, especially since I was so nasty   
   | >| to you about your utility. Or did you just forget all   
   | >| about that? ;-)   
   | >|   
   | >   
   | >    Not a big deal.   
   |   
   | Thank you, and I apologize. I get a little nuts sometimes.   
   | Short circuits in the old gulliver.   
   |   
      
   Accepted. Thanks.   
      
   | >   
   | >  With FAT32 you can't have a limited account.   
   |   
   | Well, I do have it. I can post a grab of the logon screen for   
   | you.   
   |   
      
     Yes, but, as noted above, it's really only doing what the   
   same thing did in Win9x -- saving Desktop layout, etc. for   
   each person. XP was designed to be a corporate workstation.   
   In that usage it's always on NTFS, and it's designed to   
   cater to the needs of corporate sys. admins. So whether   
   you're on FAT32 or NTFS, the Admin GUI is the same.   
   (Which is actually quite odd. FAT32 was the default for   
   OEM PCs when XP first came out.)   
      
   | This is all very confusing. I have 3 accounts: admin,   
   | Administrator [I believe this is the hidden super acount](both   
   | of these have full control, but only admin shows up in the   
   | logon screen), and internet, which /is/ limited.   
   |   
      
    Yes. There's Admin, default user, you, All Users....   
   The Documents and Settings folder is a ridiculous mess.   
   And that's all before you create users! If you delete   
   any extra accounts and disable Guest you can skip   
   the logon screen altogether. You may as well, unless   
   you have kids using your PC and don't want them   
   changing your wallpaper.   
      
   | XP Home SP3, BTW. I don't know if this makes any difference. I   
   | tried XP Pro but it was too insane for me. Messing with the   
   | group policy sort of did me in... It's not avail. in TweakUI   
   | running under XPHome, and a good thing, too.   
   |   
      
     That's not exactly true. Group Policy is another thing   
   designed for corporate sys. admins. The applet is only   
   installed on Pro, but the settings apply on all XP machines.   
   Remember the IE-MD utility I posted about before? One   
   of the functions in that sets 8 different Registry settings   
   for each single security setting in each IE zone! There's   
   normal HKLM and HKCU, Lockdown HKLM and HKCU, then   
   there's the same 4 under the Software\Policy key. Since   
   the whole thing is designed for corporate use, someone   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)