Star 'Vista's Account Protection: One Click and It's Gone'
Linked by Thom Holwerda on Sat 9th Sep 2006 17:15 UTC, submitted by danwarne
Windows One of Vista's big security features is 'User Account Protection' (or 'User Account Control') which pops up and asks for user authentication before software can make any administrative changes to the system. But the TweakVista utility can turn off UAP in one click. Microsoft says this is UAP working as intended, because when a user runs TweakVista they are asked to authenticate. However, James Bannan at APC Magazine asked Microsoft what's to stop a downloaded 'freeware game' requiring user authentication upon installation and then disabling UAP altogether? Elsewhere, there's a tweaking guide for Vista RC1.
E-mail Print r 0   53 Comment(s) http://osne.ws/c6f
Thread beginning with comment 160838
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: am I
by rayiner on Sat 9th Sep 2006 18:20 UTC in reply to "am I"
rayiner
Member since:
2005-07-06

What about when you run a configuration application? Like a preferences tool? What about when an application needs to set up file associations? Install shared plugins? There is any of a number of reasons an app might need to modify system files.

Reply Parent Bookmark Score: 3

RE[2]: am I
by bytecoder on Sat 9th Sep 2006 18:51 in reply to "RE: am I"
bytecoder Member since:
2005-11-27

Application files aren't system files, at least not the kind I'm talking about. Ever heard of an application directory?

Reply Parent Bookmark Score: 2

RE[3]: am I
by rayiner on Sat 9th Sep 2006 19:42 in reply to "RE[2]: am I"
rayiner Member since:
2005-07-06

Application files aren't system files, but things like media plugin directories and the file association tables usually are.

Reply Parent Bookmark Score: 1

Read more of this thread... >
RE[2]: am I
by CPUGuy on Sat 9th Sep 2006 19:04 in reply to "RE: am I"
CPUGuy Member since:
2005-07-06

All preferences should be stored in the users home directory and NOWHERE else.

Reply Parent Bookmark Score: 2

RE[3]: am I
by rayiner on Sat 9th Sep 2006 19:44 in reply to "RE[2]: am I"
rayiner Member since:
2005-07-06

There are lots of settings that shouldn't be stored in the user's home directory. You usually want things like network settings, global file shares, printers, etc, to be non-user-specific.

Reply Parent Bookmark Score: 4

RE[3]: am I
by bytecoder on Sat 9th Sep 2006 19:49 in reply to "RE[2]: am I"
bytecoder Member since:
2005-11-27

That's not a particularly good idea, either. A home directory is for user files. Besides, that doesn't work well when you want two different version of an application to be stand-alone.

Reply Parent Bookmark Score: 1

RE[3]: am I
by DjLizard on Sat 9th Sep 2006 22:47 in reply to "RE[2]: am I"
DjLizard Member since:
2006-06-28

A lot of the per-user settings are stored in the HKEY_CURRENT_USER hive, which is in the user's home directory (as ntuser.dat).

Reply Parent Bookmark Score: 2

RE[2]: am I
by netpython on Sat 9th Sep 2006 19:22 in reply to "RE: am I"
netpython Member since:
2005-07-06

Install shared plugins? There is any of a number of reasons an app might need to modify system files.

You can never trust any application.What if a rogue program exploits a vulnerability in UAP since almost any piece of software has holes.It's way better to have an extra (MAC) barrier a la SELinux AppArmor instead of the common DAC (file permissions).

There is any of a number of reasons an app might need to modify system files.

Some files just don't have to be accessed or in very rare circumstances.An installer normally doesn't need to add users exept with special permissions.

The prime is you don't grant users permissions but software.In this case admin privileges.Which is something to not take with a grain of salt in my humble opinion.

Reply Parent Bookmark Score: 1