Browsing the Web and Reading E-mail Safely as an Administrator
We all know that it’s a bad idea to surf the Web on a network server. In fact, it’s not a good idea to surf the Web on any computer where you are logged on as Administrator. A lot of malware causes harm because the user browses the Web while he/she is logged on as an Administrator. Michael Howard has written a tool called “DropMyRights“, which should solve this problem. DropMyRights is a very simple application to help users who must run as an administrator run applications in a much-safer context than that of a non-administrator. It does this by taking the current user’s token, removing various privileges and SIDs from the token, and then using that token to start another process, such as Internet Explorer or Outlook. This tool works just as well with Mozilla’s Firefox, Eudora, or Lotus Notes e-mail.
Simply copy DropMyRights.exe to a folder. Then for each application you want to run in lower privilege, follow the steps described in this article.