Privilege Deescalation with Firefox
or, Using Runas to get Limited User Credentials Instead of Administrator Credentials
For those of you regularly running Limited User Accounts on Windows,
good on you for taking the right step towards keeping your machine
from becoming a spam zombie.
Here's a handy trick I use to deescalate the privileges of Firefox
whenever I'm running as Administrator:
Let's say you have two accounts, 'admin' and 'normal':
Using PortableApp's version of Firefox, create a shortcut to the Firefox
Now prepend the following to your shortcut's command line:
runas /user:normal ...
Now when you start the app, it will run using your Limited User
credentials. This will be somewhat annoying, because it will ask
for your password. However, running the App as a Limited User
means that it is sandboxed against accessing or modifying
files belonging to the system or to Administrator users. It cannot
install applications and therefore, your risk of falling victim to
a drive-by browser attack is limited.
(c)2010 Max Vilimpoc