Linked by Thom Holwerda on Thu 11th Jun 2009 10:00 UTC
Windows Not too long ago, we ran a story informing you of how the auto-elevation feature in Windows 7 is broken in a way that allows malicious programs to silently gain administrative privileges. We wondered if Microsoft was ever going to fix this one before Windows 7 goes final, and even though we're not there yet, a recent article by Mark Russinovich seems to imply pretty strongly that no, Microsoft is not going to fix this.
Order by: Score:
Comment by Morph
by Morph on Thu 11th Jun 2009 10:43 UTC
Morph
Member since:
2007-08-20

From the article, re displaying UAC prompts in 'secure desktop' mode:
"The use of another desktop also has an important application compatibility purpose: while built-in accessibility software, like the On Screen Keyboard, works well on a desktop that's running applications owned by different users, there is third-party software that does not. That software won't work properly when an elevation dialog, which is owned by the local system account, is displayed on the desktop owned by a user."

Am I right in interpreting the 'important application compatibility purpose' as forcing those 3rd parties to update their software?

Reply Score: 2

RE: Comment by Morph
by Morph on Thu 11th Jun 2009 11:00 UTC in reply to "Comment by Morph"
Morph Member since:
2007-08-20

To answer myself: from later in the article: Win7 has a new UAC setting 'do not dim my desktop for UAC prompts'. "The only difference between that and the default mode is that prompts happen on the user's desktop rather than on the secure desktop. The upside of that is that the user can interact with the desktop while a prompt is active, but as I mentioned earlier, the risk is that third-party accessibility software might not work correctly on the prompt dialog."

So, counter-intuitively, having the UAC prompt on a separate desktop does work with old 3rd party software, but having it on the user's desktop may not.

Reply Score: 1

Comment by Kroc
by Kroc on Thu 11th Jun 2009 10:44 UTC
Kroc
Member since:
2005-11-10

Well my job is secure for the next five years.

Reply Score: 5

RE: Comment by Kroc
by daedliusswartz on Thu 11th Jun 2009 21:50 UTC in reply to "Comment by Kroc"
daedliusswartz Member since:
2007-05-28

Please, lets not make this more dramatic than it is. Your job was always safe.

There are always idiots that need help with the "any" key.

Reply Score: 2

Windows: Insecure by default(tm)
by kragil on Thu 11th Jun 2009 10:48 UTC
kragil
Member since:
2006-01-04

I said it once and I`ll say it again.

Mircosoft is just stupid. Any .exe the (normal) user (the vast majority) starts can now in effect install a rootkit and hide itself from any anti-malware measure.

With proper UAC that major security hole wouldn`t be possible.

Epic epic fail.

But it will keep the Windows support industry alive and well. And it will keep malware authors producing windows malware instead of trying other platforms.

There are always to sides to every story.

Reply Score: 8

strcpy Member since:
2009-05-20

Care to explain what is so different with Windows' UAC and Ubuntu's sudo-usage in which only the user password is prompted?

For an outsider observer these two are quite identical in their overall design patterns.

(Please do catch the intended sarcasm also.)

Reply Score: 2

kaiwai Member since:
2005-07-06

Care to explain what is so different with Windows' UAC and Ubuntu's sudo-usage in which only the user password is prompted?

For an outsider observer these two are quite identical in their overall design patterns.

(Please do catch the intended sarcasm also.)


Because in Ubuntu the user is actually a limited user - they are a regular user will full restrictions and the sudoers is a request for elevation.

Windows users are still setup as Administrators (or PowerUsers - which ever the case they get far too many privilages) with UAC merely being a 'stop and consider' sign along the way rather than real privilage seperation. If Microsoft were really serious about security - all users by default would be setup with a Limited User account from the moment the operating system is installed.

Microsoft could have done this, but they chose instead for the half baked half assed approach all for the sake of software compatibility - yet another example of Microsoft failing to grasp security and failing to live up to the promise after Windows XP SP2 was released that they would put security and correctness before compatibility. Well, they've failed to live up to the standards that they set for themselves.

Edited 2009-06-11 13:34 UTC

Reply Score: 2

jonathane Member since:
2009-05-31

Why don't they do this? It wouldn't affect compatibility too much, and when it did, they could actually prompt for elevation. Also, "Standard User" is the default when you add a new account in Windows. I might be preaching to the choir, but it might make more sense to enable administrator account WITH UAC turned on and then create a limited user that prompts for elevation, as it already does in limited user accounts.

Reply Score: 1

kaiwai Member since:
2005-07-06

Why don't they do this? It wouldn't affect compatibility too much, and when it did, they could actually prompt for elevation. Also, "Standard User" is the default when you add a new account in Windows. I might be preaching to the choir, but it might make more sense to enable administrator account WITH UAC turned on and then create a limited user that prompts for elevation, as it already does in limited user accounts.


I'm not to clued in to the exact nature of why they didn't pursue it - I assume that compatibility was a major factor given they hadn't pursued it previously. If all it required was an elevation of privileges that could have been achieved manually simply by right clicking and selecting, "run as administrator".

This goes right back to the fundamentals flaws with Windows, specifically, everything that sits above the kernel. The kernel itself is sound, it is the garbage that sits on top which was a hacked retrofit of a flawed user space. Until Microsoft completely gets rid of the user space and replace with either a user space from another operating system (BSD) or create on from scratch - things will just keep getting worse as Microsoft tries half-assed hacks to work around fundamental design flaws.

Edited 2009-06-11 22:27 UTC

Reply Score: 2

daedliusswartz Member since:
2007-05-28

If Microsoft were really serious about security

That's a pretty bold statement by someone who doesn't work there and hasn't been involved in this decision. I suppose all the millions of dollars spent on re-architecting Windows, changing developer mindset/culture and their development workflow to focus on security, plugging Windows even further, adding new lines of defense, education of users and so on is all a big joke.

In this particular case of UAC default levels I agree with Thom that it should be all the way up. Mine is and I haven't had a single issue, but, the fact that Microsoft do not agree doesn't qualify them to not be taking security seriously.

It's become and will continue to increasingly be a commercial risk for any OS vendor to not take security seriously. It's pretty obvious Microsoft realize this.

Reply Score: 1

kaiwai Member since:
2005-07-06

That's a pretty bold statement by someone who doesn't work there and hasn't been involved in this decision.


Were you involved? if not, what makes your point any more valid? if you were involved then you should hang your head in shame for making such massive ball of crap and subjecting customers to all the misery that comes with Windows.

You've had almost 8 years by the time Windows 7 is released to fix the fundamental flaws with Windows - but you chose backwards compatibility over getting it right.

I suppose all the millions of dollars spent on re-architecting Windows, changing developer mindset/culture and their development workflow to focus on security, plugging Windows even further, adding new lines of defense, education of users and so on is all a big joke.


Re-architecture? it isn't completed yet! they've only just done the kernel plus a a small fraction of the user space. It still doesn't change the fact that moving something left, right, up and down won't fix fundamental design flaws. Win32 never designed to be multi-user, secure, scalable and a clean design - it was a half baked attempt to do the least amount of investment possible.

Then again, giving the likes of Steve Ballmer a $700,000 cash bonus is more important than fixing the product line up - you know, the product. The product is this magical thing that you sell to then bring in cash. If your product line up is crud - all the marketing, all the bonus's to executives isn't going to change that reality.

In this particular case of UAC default levels I agree with Thom that it should be all the way up. Mine is and I haven't had a single issue, but, the fact that Microsoft do not agree doesn't qualify them to not be taking security seriously.

It's become and will continue to increasingly be a commercial risk for any OS vendor to not take security seriously. It's pretty obvious Microsoft realize this.


All operating systems have their flaws but one has to differentiate between design flaw versus code flaw. Something can have a flaw in the code but due to the design the impacts are minimal at best. Both Mac OS X and Windows have design flaws - both have failed to step up to the challenge when required.

Microsoft has a great kernel strapped with a half assed user space, coupled with hacks and work arounds to navigate around the fundamental design flaws that exist, things won't improve. Will they improve the in the future? no they won't because unless they purge the layers of cruft out of Microsoft's management, you're going to continue to have the same insular approaches with little outside ideas coming it - a company rampantly embracing the NIH syndrome.

Edited 2009-06-11 23:01 UTC

Reply Score: 2

kaiwai Member since:
2005-07-06

Here is an interesting link - raising the very issue which I raised:

http://blogs.zdnet.com/hardware/?p=4627

Too bad people are far too in love with UAC instead of seeing it for what it really is - merely a dialogue to slow down a user rather than protecting the system. I hardly call a dialogue protection - its like walking through a group of bullies with a sign saying, 'don't beat me up'.

Reply Score: 2

ba1l Member since:
2007-09-08

It's pretty much security theater by this point. Since it's inconvenient, and the dialogs look scary, that must mean it's secure. Same as the half-assed two-factor authentication most banks use (something you know, and something else you know - which the user probably wrote down on the same post-it note stuck on the side of the monitor).

Actually making it secure - sandboxing everything, and preventing anything except the Windows Installer service from changing any system settings, for example, would ideally be transparent. It's just bloody hard work, and you can't really market it as a feature if nobody ever sees it.

For what it's worth, Windows 7 actually does protect some settings (like file associations) from being modified by anything other than Windows Installer. It just doesn't go nearly far enough.

Reply Score: 2

kaiwai Member since:
2005-07-06

It's pretty much security theater by this point. Since it's inconvenient, and the dialogs look scary, that must mean it's secure. Same as the half-assed two-factor authentication most banks use (something you know, and something else you know - which the user probably wrote down on the same post-it note stuck on the side of the monitor).


Yeah, and the security doesn't get much better in most other organisations either. I'm confused when I hear people complain about 'remembering passwords' and how 'difficult' it is; hell, I can remember 12 phone numbers, my credit card number, bank account number, IRD number and work and income (social welfare) number plus 5 sets of passwords I use. If I can do it - anyone can.

Actually making it secure - sandboxing everything, and preventing anything except the Windows Installer service from changing any system settings, for example, would ideally be transparent. It's just bloody hard work, and you can't really market it as a feature if nobody ever sees it.


Oh, you could market that. "Sandboxing Technology included with Windows; allow you to get on with your work whilst keeping the nasties out". Its hardly rocket science dumbing something down and marketing it to tap into the concerns of end users about nasties that are out there.

For what it's worth, Windows 7 actually does protect some settings (like file associations) from being modified by anything other than Windows Installer. It just doesn't go nearly far enough.


The thing is, security could easily be fixed by making all end users standard users - that is, set them up by default as a limited user and UAC demanding that the end user put in their password before elevating the privileges.

Microsoft could have done this 8 years ago when they released Windows XP, they have done it after the security fiasco that required SP2 to be released. Microsoft have had many opportunities and each time they've failed to take advantage of them.

Reply Score: 2

Laurence Member since:
2007-03-26

Care to explain what is so different with Windows' UAC and Ubuntu's sudo-usage in which only the user password is prompted? For an outsider observer these two are quite identical in their overall design patterns. (Please do catch the intended sarcasm also.)


Ubuntu doesn't auto elevate

(Sorry if you already knew the answer. I wasn't sure whether if, by "sarcasm", you meant your post to be taken ironically or rhetorically).

Reply Score: 2

WereCatf Member since:
2006-02-15

Care to explain what is so different with Windows' UAC and Ubuntu's sudo-usage in which only the user password is prompted?

For an outsider observer these two are quite identical in their overall design patterns.


For a regular user the difference is rather miniscule. I get annoyed by how UAC blocks everything, but to some that might be a good thing. The Ubuntu-way doesn't do that so it's again a double-sided blade.

But the UAC prompt doesn't require passwords, it's just point-and-click and can be bypassed very, very easily. The Ubuntu-way requires you to know the user's password and can't be bypassed; either you know the password and can do what you please or you don't and can't do anything outside of the user's privileges.

Reply Score: 1

Thom_Holwerda Member since:
2005-06-29

But the UAC prompt doesn't require passwords


Common misconception. The UAC dialog DOES require a password, just not when you're running as administrator.

If you're a regular user, you get a a password dialog. If you're an administrator, you get the click-through dialog. Sadly, like Mac OS X, windows insists on making the first (and most of the time, only) account an administrator.

Reply Score: 4

WereCatf Member since:
2006-02-15

Common misconception. The UAC dialog DOES require a password, just not when you're running as administrator.

Ah, didn't know. Haven't used Vista nor Win7 much, just a quick peek into both. Kinda silly to make the default user an administrator.

Reply Score: 3

ringham Member since:
2006-03-23

Did... you even read the article?

"So, how much malware protection do you get when you run in a Windows Vista PA account with UAC enabled? First, remember that for any of this to matter, malware has to get onto the system and start executing in the first place. Windows has many defense-in-depth features, including Data Execution Prevention (DEP), Address Space Load Randomization (ASLR), Protected Mode IE, the IE 8 SmartScreen Filter, and Windows Defender that help prevent malware from getting on the system and running.

As for the case where malware somehow does manage to get on a system, because malware authors (like legitimate developers) have assumed users run with administrative rights, most malware will not function correctly. That alone could be considered a security benefit."

Yes, there is some security risk, but every OS has risks if a program can fool a user. At least Windows has a "hidden" layer of protection.

Reply Score: 4

ba1l Member since:
2007-09-08

Hardly hidden - it's been two years now. Plenty of time for malware authors to adapt.

Yes, there's plenty of stuff malware can do in the context of a regular user account, but it's pretty much impossible for said malware to worm it's way into the system so deeply that it can't be removed. Unless it has admin privileges, in which case it can do whatever it likes, and there's little chance of stopping it. Just like XP.

This basically sounds like Microsoft tried half-assing a security barrier, realised that it doesn't work properly, and then tried to claim that it's not really a security barrier at all.

None of Vista's UAC system makes the slightest bit of sense as anything other than a security barrier. If it's intended to force third-party developers to write applications that don't require admin privileges, why does it have filesystem and registry virtualisation? If it's not intended to prevent software from elevating itself without permission, why does it go to such lengths to protect the UAC dialogs from any kind of tampering?

Of course, even Vista's UAC can be bypassed. It's just a whole lot easier in Windows 7.

I guess they just gave up, punched a huge hole in the security barrier they worked so hard to build, and exempted themselves from having to fix their own software, while still requiring everyone else to fix theirs.

Since it claims to offer absolutely no security at all, why does it keep bombarding me with elevation prompts just because I happen to be using non-Microsoft software? What's the point?

Reply Score: 3

kragil Member since:
2006-01-04

Did... you even read the article?


Yes, and _I_ understood what was wrong with it.


Yes, there is some security risk, but every OS has risks if a program can fool a user. At least Windows has a "hidden" layer of protection.


Some security risk?? The former security salvation UAC is now nothing more than joke by default. Much like your claim that it is hidden.

Reply Score: 3

Karitku Member since:
2006-01-12

Unfortunatly people don't want proper security, look how much Vista got bashing when they actually made things secure. I don't mind this change since I will move UAC to most secure which will protect system again. I admit it's idiotic decision from Microsoft, but only idiots will suffer from it. Kind a like electing George Bush.

Reply Score: 1

ssa2204 Member since:
2006-04-22

.... but only idiots will suffer from it. Kind a like electing George Bush.


Lol, I liked the last part. Bush bashing will NEVER get old, but at least he was a "stimulus" to the comedy industry. Oh, and the shoe throwing industry.

Reply Score: 0

v Microsofts just stupid
by ChrisA on Thu 11th Jun 2009 12:06 UTC
This seems stupid
by deadmeat on Thu 11th Jun 2009 13:13 UTC
deadmeat
Member since:
2006-08-04

To summarise a very long article:

No you're wrong, we were lying/simplifying/spindoctoring/pre-retconning about UAC and security. UAC is actually about making/forcing/encouraging/politely asking 3rd party developers tweak their apps to run as normal users. Microsoft apps don't need to do this because we (and we alone) can be trusted to always let our apps run with administrator priveleges.

No you shouldn't run as an administrator anyway, unless you want older apps, or apps that legitimately require administrative access to work. You should run as a normal user, even though that's not default and you need to be a windows administrator to set it up.

Elevating is never a problem for a real malware, and social engineering works so well that we don't think that having simple backdoors for malicious apps is any less secure.

Micosoft apps need silent elevation so that people don't get jaded and stop reading the warnings. Third party developers (even those that legitimately require admin rights) aren't allowed to silent elevate because it's better to make their users always click dialogs than to allow their apps to silently elevate. IE. Do as we say, not as we do.

We made these changes because instead of developing proper hooks for accessibility, we want to allow third parties to manipulate secure processes with accessibility software.

I seem to remember this guy being smart, honest, forthright and upfront. What happened? Just to squeeze an Apple related quote in here. "This is shit!" - Steve Jobs

Reply Score: 3

RE: This seems stupid
by jeanke on Thu 11th Jun 2009 14:58 UTC in reply to "This seems stupid"
jeanke Member since:
2005-08-26

No you're wrong, we were lying/simplifying/spindoctoring/pre-retconning about UAC and security. UAC is actually about making/forcing/encouraging/politely asking 3rd party developers tweak their apps to run as normal users.


I guess this is indeed really the point. The shield icon is most likely chosen to sell this feature to the world in Vista.

Reply Score: 1

yeah, right!
by eantoranz on Thu 11th Jun 2009 13:20 UTC
eantoranz
Member since:
2005-12-18

While true, these steps require deliberate intent, aren't trivial, and therefore are not something we believe legitimate developers would opt for versus fixing their software to run with standard user rights. In fact, we recommend against any application developer taking a dependency on the elevation behavior in the system and that application developers test their software running in standard user mode.


So a malware developer just out of chance (not will) develops malware and they are famous for following directions, right? How depressing! Well.... I guess that's it for "Windows is Safer than OSX and Linux".

Edited 2009-06-11 13:21 UTC

Reply Score: 4

It is the Microsoft way
by shiva on Thu 11th Jun 2009 15:09 UTC
shiva
Member since:
2007-01-24

It is the Microsoft way of security...

This is also the reason why ignorant and/or lazy users prefer windows. Security implies additional complexity and work and "normal" users don't care about good practices of security.

Microsoft is locked by the legacy of insecurity applications and it will never will change this to not loose its clients.

Because of this I use linux on all my computers and, when I need to run some windows application, I use a virtualized windows on vmware or virtualbox. If it becomes infected by malware it is only need the restore one file (the virtualized C: drive) to reinstall the system.

Edited 2009-06-11 15:12 UTC

Reply Score: 3

RE: It is the Microsoft way
by strcpy on Thu 11th Jun 2009 15:37 UTC in reply to "It is the Microsoft way"
strcpy Member since:
2009-05-20

Quite the contrary.

Often additional complexity implies insecurity.

I find it somewhat funny that MS is still "the laughing stock of security" among the general public, whereas Vista was actually well received in the infosec-community.

When it comes to security, I am equally skeptical about your typical Ubuntu and Windows. And yes, I have actually audited open source code. Not so different, really, except that the dumbest users are using Windows. But even this may change.

Reply Score: 0

RE[2]: It is the Microsoft way
by shiva on Thu 11th Jun 2009 15:55 UTC in reply to "RE: It is the Microsoft way"
shiva Member since:
2007-01-24

I use linux but not Ubuntu nor sudo. I prefer the "Red hat way" of use su - to become root and do the administrative things.

The plague of today's operating systems is to treat users as stupid and not capable of learning some basic things to operate the OS. Before, in CLI times, the user should learn some commands before use the system. Even to drive a car it is necessary take some lessons; why not computers which are much more complex and flexible ?

Edited 2009-06-11 15:56 UTC

Reply Score: 4

RE[3]: It is the Microsoft way
by jonathane on Thu 11th Jun 2009 16:00 UTC in reply to "RE[2]: It is the Microsoft way"
jonathane Member since:
2009-05-31

isn't it more secure to add yourself to sudo for the privileges you need and not elevate yourself to root every time you need to do something?

i use fedora too and beesu, which i think is superior to ubuntu's gksudo.

Reply Score: 2

RE[4]: It is the Microsoft way
by shiva on Thu 11th Jun 2009 20:19 UTC in reply to "RE[3]: It is the Microsoft way"
shiva Member since:
2007-01-24

No. Imagine if you forget your desktop unlocked when you leave your room.

The intruder would not can do administrative tasks because su - would ask the root password. But with sudo he could do everything.

Reply Score: 2

RE[5]: It is the Microsoft way
by MamiyaOtaru on Thu 11th Jun 2009 20:41 UTC in reply to "RE[4]: It is the Microsoft way"
MamiyaOtaru Member since:
2005-11-11

assuming he knows your password? wat?

Reply Score: 2

RE[5]: It is the Microsoft way
by AnyoneEB on Fri 12th Jun 2009 01:25 UTC in reply to "RE[4]: It is the Microsoft way"
AnyoneEB Member since:
2008-10-26

sudo asks for the user's password and does not ask for it again until for 5 minutes after the most recent sudo command by default. You can change that using the rootpw (set to ask for root password instead of user password) and timestamp_timeout (set to 0 to always ask for password) options in the sudoers file. See man sudoers or http://www.sudo.ws/sudo/man/sudoers.html for more information.

Also, sudo -k and -K options "kill" the record of sudo being used recently so the next sudo command will ask for a password. See man sudo or http://www.sudo.ws/sudo/man/sudo.html for more information.

Reply Score: 3

Yamin
Member since:
2006-01-10

Microsoft is not stupid. Anyone engineer can design things in 'nice' way. It is much harder to design things for the way your customers need and use them over time.

It is one of their reasons they are successful.

Does it make things 'messy' sometimes? Of course it does. Sure not building and enforcing proper rights management into Windows since its inception has caused issues today. However, at the time, they provided the average user with an optimal experience.

Even look to Word as an example. Sure it might have been classically better to use a text file format. Yet, back in the day, speed was an issue. The binary blob format of old MS Word documents was way faster to open. These were the days of the 386 running at 20 MHZ. I'm not suggesting they did not exploit it for vendor lockin by any means ;)

They have been known to even tweak the OS to make certain buggy program work. Most engineers do the same thing on a small level... for example... reading a mal-formed configuration document. Sure, it's better if your users properly format things, but if you can make it work and make it easier on your users... why not.

I don't personally like UAC as I don't trust it to actually block things at the lowest level. However, as a developer, I can see its use. Programs will get rewritten slowly but surely. Users hate strange prompts and bugs will be filed.

Reply Score: 3

Leo Davidson Member since:
2009-06-11

Programs will get rewritten slowly but surely.


I'd say most apps that are ever going to be re-worked to use UAC have already been re-worked, FWIW. The UAC *prompts* for COM elevation don't force people to re-write things, either. Those prompts could be disabled for all apps to avoid irritating their users, if the prompts have no security benefit (and there is next to no security benefit from the COM elevation prompts with Win 7's default settings).

(You can still have UAC without the prompts. Apps still have to request admin rights in a way which enables them to elevate under standard user accounts.)

Users hate strange prompts and bugs will be filed.


Sometimes you have to elevate to do what the user has asked. Third party apps cannot help but irritate the user with at least one prompt in that case. On the other hand, Microsoft have given themselves a backdoor so that their own bundled software doesn't have to irritate users with the prompts.

This is especially annoying when you realise that the reason UAC on Vista annoyed people was because Microsoft's software promtped people too often. (And showed stupid prompts-about-prompts.) Microsoft's apps, the cause of the irritation, was given a free pass to elevate in the same stupid way -- with no object caching -- that it did on Vista while third party developers are told the irritating system is there to make them (but not Microsoft) write their apps properly. It's a joke.

To add to the joke, if you use Microsoft's apps under a standard user account you'll still be bombarded with prompts, and you'll still have to type a password for every single one of them.

Microsoft could have improved things for everyone, admin and standard user alike, without reducing the security of the UAC prompts, if they had bothered to properly refactor their own apps. (Especially Explorer and the Control Panels.) Instead took the easy backdoor route, made the remaining prompts pointless, made it more tempting to use admin instead of standard user, made third-party apps suffer for pure security theatre, and insulted third-party developers by telling them they should do something that Microsoft themselves cannot be bothered to do.

I like Windows 7 overall but not the changes to UAC.

At this point in time we should've been talking about how to make UAC:

- more secure (closing holes, not opening ones you could drive a tank through)
- more informative (so that you're given an admin-code-generated description of the command that is about to be executed, not just the name of the binary that will execute it)
- and less annoying (by having fewer prompts and eliminating the stupid prompts-about-prompts).

We should have been debating whether Windows was ready to make standard user the default for all consumers (clearly not if consumers couldn't stand Vista's UAC prompts, because Windows 7 still prompts the **** out of standard users and makes them type passwords every time to boot).

Instead we're stuck explaining the level of stupidity and hypocrisy in Microsoft's changes to UAC, and debating with people over whether elevation and consent are useful concepts at all (because what they've seen of them so far is so badly implemented they don't realise they could work so much better).

Edited 2009-06-11 18:56 UTC

Reply Score: 2

who cares?
by nbensa on Thu 11th Jun 2009 17:41 UTC
nbensa
Member since:
2005-08-29

it's windows! do you want it secure? for what?

if you make windows secure, you'll break thousand of applications.

Reply Score: 1

v Code 18"
by werfu on Thu 11th Jun 2009 19:32 UTC
RE: Code 18"
by WereCatf on Thu 11th Jun 2009 21:21 UTC in reply to "Code 18""
WereCatf Member since:
2006-02-15

What happen when you start synaptics under ubuntu? You get a password prompt. Now, what would happen if it can happen I can write a small script that put itself somewhere in your path where you have the rights to write, and that it look exactly as the gtksudo prompt? After you entered it, I can simply call synaptics with your password and you'll never know I'll be doing nasty things behind your back

Not possible. You don't have write permissions to /usr/bin (or wherever gtksudo is installed) and that's where libgtksudo executes it from. It doesn't execute from path as that'd be stupid.

Reply Score: 2

RE[2]: Code 18"
by werfu on Fri 12th Jun 2009 13:00 UTC in reply to "RE: Code 18""
werfu Member since:
2005-09-15

I know that be stupid, but what would be stopping me from changing the Synaptics menu entry in your menu and avoiding directly the libgtksudo? I was exposing the fact that most threat come from user actions, not from vulnerabilities.

Reply Score: 1

RE[3]: Code 18"
by leech on Fri 12th Jun 2009 22:58 UTC in reply to "RE[2]: Code 18""
leech Member since:
2006-01-10

Except that you couldn't do that without the user knowing, because nothing is set with execute rights unless the user set it themselves. Ah Unix Security 101.

Reply Score: 2

And again about money?
by corbintechboy on Thu 11th Jun 2009 21:17 UTC
corbintechboy
Member since:
2006-05-02

Really this comes as no surprise. I would almost rate it as a conflict of interest.

MS introduces Livecare in order to help ward off the bad guys. Of course it costs money. Then ooops we left a hole open. After all if they made a secure OS how many software vendors would go under?

Just a big LOL typical MS bs. Let's move on, nothing new here!

Reply Score: 2

Microsoft is too chicken to do what's right.
by MollyC on Thu 11th Jun 2009 22:16 UTC
MollyC
Member since:
2006-07-04

Vista's UAC is just fine, but the tech media, predisposed to bash Microsoft, aided by misleading Apple ads (which that same tech media cheered, even as they admitted were gross exaggerations), led the public to believe that UAC is some horrible nuisance. This is bull. I've never been annoyed by it at all. But Microsoft, tired of the bashing, caved to the anti-Vista propaganda, and tweaked UAC to be useless. IMO, they should have just stuck with UAC the way it was. I blame Microsoft for lack of conviction to stay with what works (and this is evidence that they are a second-rate company) but I also blame the tech media, Apple, the tech sites, and anti-Microsoft posters to such sites (and yes, that included many posters to this site, sadly) for spreading lies about Vista's UAC (then complaining when those lies are "addressed").

The one saving grace is that Mark Russinovich is a brilliant guy. If he sees no issue here, then maybe there really isn't an issue. However, I found his dismissal of the alleged flaws of the new system in this article unconvincing: "Well, malware can infect the system through prompted elevation as well." Yeah, but at least there is a prompt in those cases; under the new system malware can cause elevations unprompted. I think he needs to give a more detailed explanation of why he maintains that the new system doesn't suffer any real problems.

Edited 2009-06-11 22:19 UTC

Reply Score: 1

Thom_Holwerda Member since:
2005-06-29

Vista's UAC is just fine, but the tech media, predisposed to bash Microsoft, aided by misleading Apple ads (which that same tech media cheered, even as they admitted were gross exaggerations), led the public to believe that UAC is some horrible nuisance.


Well, to shove a feather up my own butt here, I've always gone against the flow when it comes to UAC. UAC simply was never has horrible as the world made it out to be, and I've personally always been diligent and patient in explaining this to people.

Too bad Microsoft is weak, and gave in to the whiners.

Reply Score: 2

vikramsharma Member since:
2005-07-06

You are absolutely right, UAC was probably the best feature, also Microsoft should force the user to create and login to a standard user account the first time he/she installs the system. UAC should not require a password each time too, I should be able to say which Software I think is safe to install (example apps from Microsoft are safe to install) or can it be done now also I am not informed.

Reply Score: 2

App & source code released
by Leo Davidson on Fri 12th Jun 2009 14:32 UTC
Leo Davidson
Member since:
2009-06-11

I've released the proof-of-concept application and source code behind this whole thing:

http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

MS say it's a non-issue so I guess they won't mind.

Reply Score: 1