As Windows XP Windows Security Updates finish on April 8, 2014, it is important to add additional security measures in order to compensate. For any operating system that has already lost its Windows Security Updates (or is about to), it is important to add additional security measures in order to compensate. The steps below were chosen to help keep new viruses from being able to activate in your computer system – prevention being better than cure. For XP, running as a “limited user” is an option but this is unpopular with many users because it can be very restrictive.
Drop My Rights (DMR)
Drop My Rights, created by a Microsoft employee, is a neat alternative to running as a limited user and uses no resources. It is important that XP users should install this (or a very close alternative) right now if they value their security. When DMR is invoked, the limits on the user are almost unnoticeable because it is applied only to selected programs such as your browser. The protection comes about because viruses and malware also have limited rights; hence their affect is minimized.
I have broken down all that follows into very small steps for those that might need this detail. Do not therefore be put off by the length of this Howto. Setting up DMR can be done quite quickly and requires no deep computer knowledge.
Installing the DMR program
First download the program by searching (Google) with the string “Drop My Rights XP”.
As always, avoid any unwanted Toolbars, Downloaders or other programs that some websites might be pushing. At the time of writing this link was directly to the file this webpage.
The download file name should be “dropmyrights.msi” (164KB). It is completely free of charge; so do not accept anything else. I prefer to save the file to the desktop and then double click it to start the install.
The actual install usually defaults to “My Documents > MSDN > dropmyrights”. Find the file there named “DropMyRights.exe” (56KB) which is part of a package of a few very small files. This particular file is the only one you need. You will be making one or more shortcuts to it later so it is not in a very convenient place. To assist in this, copy the file DropMyRights.exe straight to the root of your system disk (usually the C drive but make certain of this). This part of the job is now completed, so go to Control Panel > Add-Remove Programs and uninstall the program. The originally downloaded msi file can be deleted if you wish.
Creating the Shortcuts
Browsers, such as Internet Explorer (IE), are particularly vulnerable to “nasties” so I will use IE in the following example. All we are doing is creating another icon with a modified target, in order to run IE much more safely via the DMR program. The first step is to make a copy of your usual IE icon and put it on the desktop. This will need a new name – anything will do, so “IE (DMR)”, for example, would be quite sufficient (without the quotes).
Right click this new shortcut, go to Properties (Shortcut tab) and look at the Target line. It should be this – all quotes included:
“C:\Program Files\Internet Explorer\iexplore.exe”.
To make IE (or any other program) work via DMR we add “C:\ DropMyRights.exe” to the start of the target line, followed by a single space character. It should therefore look like this when finished:
“C:\ DropMyRights.exe” “C:\Program Files\Internet Explorer\iexplore.exe”.
If your system hard disk is some other letter, use that instead of C in the above targets.
There is one last thing to do. Underneath the Target box is another one named “Start in”. Highlight and delete all that is in there, then replace it with just your system drive letter followed by a colon. This will simply be C:\ if your system drive is C. Set the shortcut to run Minimized to avoid a DOS box popping up. Apply/OK your way out and this special icon should now be used for IE, except for a few rare instances – given later under the heading “The Downside”. Keep your normal IE icon available for these exceptions.
A better Icon (optional)
Some folk dislike the rather dull icon that appears after setting up IE DMR and would prefer the normal IE blue one. This is easy to do. Right click your original IE icon, go to Properties > Shortcut tab and select the Change Icon button. At the top there is a box called “Look for icons in this file” containing the target for the IE “icon” itself. We are now going to copy contents of this field then paste it into your new IE DMR “icon”. The path should already be highlighted, so press the two keys Ctrl+C which will copy it to the XP Clipbook. Close the Windows then go to your new IE DMR icon. In the equivalent place (Properties > Shortcut tab > Change Icon button) press the keys Ctrl+V which will Paste it in. Apply/OK all Windows and the new icon should change to the familiar one.
Further potential for DMR
The same shortcut techniques can be applied to any other program. This includes alternative browsers such as Firefox, onboard Email such as Windows Mail or Outlook Express, Windows Media Player (WMP), Excel, and so forth. Remember that for WMP your rights will only be dropped if is first started via the icon, rather than automatically from a website. Similarly, going online using active web links in “offline documents or emails” will not be using the DMR icon, so you will do have the advantage of its protection unless your default browser or onboard email program is first started with the icon.
The Downside
Having used DMR for some years, the following are the only situations I have run into where you will be required to use your original browser icon. It’s worth noting these exceptions because DMR works 99% of the time; hence it is quite easy to forget that you are using it:
1. Some Microsoft file downloads including their “manual” Windows updates. Windows automatic updates are unaffected.
2. Changing some browser settings, such as the “default browser” in: Internet Explorer > Tools > Internet Options”.
3. Working with IE8 Content Advisor.
4. Deleting Addons in Firefox – could apply to other browsers too.
5. Updating Firefox from Help/About.
6. Installing Flash directly from Adobe’s website. Their automatic updates and “file” downloads are unaffected.
See also the Howto “Making XP Secure 2 – Third Party Programs“