Browsing the web and reading e-mails safely as an administrator

How it works

When working with internet (browsing, reading e-mails), there are many dangers for normal users. Because of security holes in internet applications, it is possible to get various e-garbage, such as dialers, viruses, spyware, ad-ware etc. This risk is greater because users normally work under a strong user account (with administrator privileges). In such case, nothing prevents e.g. ActiveX components from installation or changes in the operating system.

A strict use of of a normal user account seems to be a solution. However, such work becomes very annoying - many applications require administrator privileges (e.g. some games), under normal account is not possible to use some features and do system settings or develop programs.

The operating system supports the "Run as ..." feature, which can be used for launching web browser or mail client, under a restricted account, Such work with applications is very unhandy - the user must remember not to launch the application "normal way", and must fill username and password on every launch. It is also very time consuming to launch web browser this way when clicking a HTTP link or e-mail address. The user rather gives up and risks an e-garbage than doing this way.

Fortunately, the Windows XP and Windows 2003 contain a built-in mechanism allowing users to run an application using their account, but with limited privileges. User's profile stays the same, so you still have access to your settings, internet cache and another data. Limited privileges will make sure that the application will not perform any actions that are only allowed for administrators.

WinSafer Application

WinSafer's main window

The WinSafer application provides a GUI so an user can easily configure the selected applications, so they will run with restricted privileges. There are four ways how to configure the application:

Limits of WinSafer

The WinSafer application is not almighty. It cannot prevent all kinds of applications from the web to get into the PC. To run properly, WinSafer also requires Windows and Program Files directory to be on NTFS and with proper permissions. These prerequisities are checked when WinSafer starts.

These are applications which will be prevented from installing to your PC

These applications cannot be prevented from installing by WinSafer: