2

I am operating in a guest account of Windows 7.

Could an attacker that got onto my PC through malware I installed, install a video program that records everything I do and send the result back to his server without knowing my admin password in the first place?

The reason why I am asking this is that for some actions, i.e. system backups, it does not seem enough sometimes to copy and paste the password from KeePassX, but I need to show the password unencrypted first in KeePassX and copy and paste it that way.

TildalWave
  • 10,801
  • 11
  • 45
  • 84
Fidel Hogsed
  • 91
  • 3
  • 2
    Your first problem is "malware I installed"... if he's already compromised your system, he can (probably) exfiltrate the decrypted keepass file. Which would be a wonderful, hivalue, easy-to-find target. Keyloggers and stuff that sniffs the clipboard (where copy/paste data is stored) are standard, so screen capture isn't even strictly necessary. – Clockwork-Muse Aug 16 '14 at 02:08
  • 2
    Once malware is installed, all bets are off. The attacker can do whatever they want. Reformat the HD. – Jeff-Inventor ChromeOS Aug 16 '14 at 05:17
  • SO the guest accunt does not give any extra protection? – Fidel Hogsed Aug 16 '14 at 18:27

2 Answers2

2

That something is installed under guest account does not mean it operates under those priveledges, the priveledges of the program are checked on startup by the user, it could still run in the background (i.e. the keylogger).

And even so, if you install it yourself, there is a high chance you installed it as the Administrator, mostly when a program is installed, its installed for all users (if the users are local).

Best course of action is te delete any programs that seem off from your PC using the build-in software removal tool, or something like CCleaner.

Also, make sure after removal, or if you cant find anything off, you scan your system with a good malware scanner like Malwarebytes, or your own preferred AV/AW, after you made sure it's up to date ofcourse.

Lighty
  • 2,368
  • 1
  • 23
  • 36
0

Guest account shouldn't be able to run binaries outside a whitelist, to prevent potential problems in case the user download a specifically crafted software exploiting a privilege escalation flaw, resulting in the control of the machine (and can now proceed to install a malware system wide)

Zulgrib
  • 121
  • 4