Linked by Thom Holwerda on Thu 24th Jul 2008 22:04 UTC
Windows As someone who uses Windows Vista practically daily, I've always wondered where all the negativity in the media comes from. Sure, Vista isn't perfect (as if any operating system is), but I just don't see where all the complaints are coming from. It runs just fine on my old (6 years) machine, all my software and hardware is compatible, and it's stable as a rock. Microsoft has been wondering the same thing, and after a little test, they may have found out why people seem to dislike Vista so much.
Thread beginning with comment 324524
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: I Hate Vista
by casuto on Fri 25th Jul 2008 08:14 UTC in reply to "RE[2]: I Hate Vista"
casuto
Member since:
2007-02-27

What is so hard about UAC running an md5 against the exe file in question.


IT'S NOT POSSIBLE!

First example:
1. user executes destroy.exe: UAC prompt, user clicks on "always consent"
2. malware executes destroy.exe, no prompt because the exe is the same.
-> you're pwned!

Second example:
1. user changes a firewall rule: UAC prompt, user clicks on "always consent"
2. malware changes a firewall rule, no prompt because the firewall configurator executable is the same.
-> you're pwned!

Third example:
1. user copies a file in c:\windows using windows explorer: UAC prompt, user clicks on "always consent"
2. malware copy a trojan in c:\windows, no prompt because the copy command executable or the explorer.exe is the same.
-> you're pwned!

Edited 2008-07-25 08:31 UTC

Reply Parent Score: 3

RE[4]: I Hate Vista
by kaiwai on Fri 25th Jul 2008 09:27 in reply to "RE[3]: I Hate Vista"
kaiwai Member since:
2005-07-06

What is so hard about UAC running an md5 against the exe file in question.

IT'S NOT POSSIBLE!

First example:
1. user executes destroy.exe: UAC prompt, user clicks on "always consent"
2. malware executes destroy.exe, no prompt because the exe is the same.
-> you're pwned!


Incorrect. End user loads it once, knows that it is an application he or she wants to use on a constant basis - heck, it could be their very own application they've written.

If you do an md5, compare the result of the stored one to the one done at the execution of the application - if malware has through some way replaced the legitimate file with something bad - the md5 comparison will fail and a warning along the lines of "exe has failed security check, file possibly compromised, excution haulted".

Second example:
1. user changes a firewall rule: UAC prompt, user clicks on "always consent"
2. malware changes a firewall rule, no prompt because the firewall configurator executable is the same.
-> you're pwned!

Third example:
1. user copies a file in c:\windows using windows explorer: UAC prompt, user clicks on "always consent"
2. malware copy a trojan in c:\windows, no prompt because the copy command executable or the explorer.exe is the same.
-> you're pwned!


If you are going to compare, don't be dishonest and quote only the first half; the issue was addressing a specific question; the specific question was a specific executable file. It didnot involve file copying, it didn't involve anything else. It involved running one piece of software and the contious asking whether its ok to run it because it isn't signed.

The issue has NOTHING to do with UAC, because it isn't UAC querying the end user. This security check exists on Windows XP to; if you choose to run something downloaded via the internet from the download window - when one clicks on 'open', one is faced with the same question.

Edited 2008-07-25 09:36 UTC

Reply Parent Score: 7

RE[4]: I Hate Vista
by melkor on Fri 25th Jul 2008 23:20 in reply to "RE[3]: I Hate Vista"
melkor Member since:
2006-12-16

Thank you! You are exactly right on the money. MD5sums are no guarantees that the package is legit. There are a host of reasons why you should not have an option to always remember this application.

Dave

Reply Parent Score: 1

RE[5]: I Hate Vista
by netpython on Mon 28th Jul 2008 13:24 in reply to "RE[4]: I Hate Vista"
netpython Member since:
2005-07-06

That's why OpenSuSE and Fedora also use gpg to verify packages.

Reply Parent Score: 2