Confusion about Vista Features: What UAC Really Is

re: Confusion about Vista Features: What UAC Really Is

pieter — Fri, 06 Apr 2007 20:57:56 GMT

"UAC's purpose is to enable more users to run as a standard user."

so you admit uac is a nagging tool. i tend to agree, and the result will be that users will disable it and gain standard administrator right, which will become the de facto default vista installation.

re: Confusion about Vista Features: What UAC Really Is

Dusan Drndarevic — Sun, 01 Apr 2007 10:06:27 GMT

Short and logical post about UAC and Vista security you can find here : http://www.drdrksa.info/windows-xp-is-safer-then-vista/

re: Confusion about Vista Features: What UAC Really Is

jinishans — Wed, 21 Mar 2007 18:10:53 GMT

I'm using vista for the last few days. I feel, it's more of annoying feature, but, alerts the users before something goes wrong, atleast for time being.

re: Confusion about Vista Features: What UAC Really Is

Alun Jones — Sun, 04 Mar 2007 01:37:14 GMT

Even a re-worded dialog can be a security feature - changing the text, so that the user can more easily tell which is the most secure option to choose.

What's key here is that UAC isn't a security _boundary_. It's not designed to keep processes "inside" - it doesn't even have an "inside" in which it could keep processes.

Sessions are an example of a security boundary, because it provides a delineation between processes. NTFS permissions are an example of a security boundary, because it provides for a delineation between users who can have access, and users who can't.

UAC is a way for users to choose not to be administrator all the time. It's on by default, because it's the right choice for most users.

I've been a restricted user on Windows XP, and I've been a restricted user on Windows Vista, and I like it better on Vista, because I don't have to figure out how to do "runas" on an admin task whenever I need to do one.

re: Confusion about Vista Features: What UAC Really Is

jesper — Sun, 04 Mar 2007 01:13:02 GMT

Mark, I agree with you. I think UAC is a security feature. However, I also think it is dangerous to believe that it will stop future malware. It stops current malware, and does so well as you point out. However, future malware will certainly find a way around it. Does that make it not be a security feature? No. Does that mean UAC is not useful? No.

BTW, I am just putting the finishing touches on a tool for the new Vista Security book that might make testing UAC easier. It allows you to launch any process elevated from a command line, or to launch any process with a low integrity token. For instance, if you want to launch Firefox low (it currently won't work - firefox that is - but let's pretend it does) you would run "elevate -l firefox.exe". I'm doing final testing on the tool now.

re: Confusion about Vista Features: What UAC Really Is

Mark Burnett — Sun, 04 Mar 2007 01:05:16 GMT

Jesper, I disagree, I think that UAC, as a whole, is very much a security feature. It's a first attempt that's bound to need some work, it isn't a sandbox, it isn't an anti-virus or anti-spyware feature, it isn't a firewall, and it can never be a perfect solution without seriously inconveniencing users, but it certainly is a security feature:

1. It makes it very difficult for malware to do admin-level stuff without the user knowing somewhere along the way.

2. It includes features like UIPI and MIC

3. It provides a mechanism for processes to run in a restricted mode

4. It provides file and registry virtualization

5. It facilitates protected mode IE7

Even Symantec, who has been so quick to attack Vista's security found that Vista blocked 96% or more of all malware they tested. Of course they said it the other way--that it still lets 4% through--but that's really not bad for what everyone is now claiming as a non-security feature.

re: Confusion about Vista Features: What UAC Really Is

Chris Quirke — Sat, 03 Mar 2007 20:55:55 GMT

It should be up to the user, but often malware works either by spoofing the user (e.g. exploiting the OS's poor file type discipline and risk UI information) or bypassing the user completely (e.g. exploiting edge-facing code such as RPC, LSASS etc.)

That, IMO, is the problem UAC attempts to address. If it "encourages" sware vendors to write code that also works in non-admin accounts, that's nice - but IMO, account-based rights are in any case the wrong safety model for consumerland.

Even the most limited account has the right to edit, and thus steal or destroy, user data. Sure, it's nice for Microsoft support that they don't have to handle getting the system back from malware ownership, but if the user's data is most important, the battle's lost.

re: Confusion about Vista Features: What UAC Really Is

jesper — Fri, 02 Mar 2007 16:29:51 GMT

So true Larry. You would be mostly impervious to things that compromise your system. That does not of course mean that you would be immune against things that steal your private data, or anything that tries to trick users into giving up information.

I firmly believe that as operating systems and applications get harder to attack we will see more and more attacks on people and the data they have access to.

re: Confusion about Vista Features: What UAC Really Is

Larry Osterman — Fri, 02 Mar 2007 14:30:07 GMT

Don't forget that even in "Best" mode, you're STILL not immune from malware.

It is perfectly possible to write malware (adware or a botnet client) that will install and run all the time on a standard user account without a single elevation prompt. It's just not worth the effort usually.

As long as there are dancing pigs or cool icons for your email, people will still install this stuff.