can a key logger program steal admin password when you install program from limited user account

Discussion in 'Windows Vista Security' started by someone@somewhere.com, Dec 18, 2010.

  1. Guest

    I have admin and limited user account on my PC. I always run in
    limited user account, except when installing program and doing other
    system maintenance work.

    In limited user account, when I install a program, it will pop up a
    dialog to ask for admin password.

    Suppose that under limited user account, I by mistake downloaded
    virus/trojan, can this virus/trojan/key logger steal the admin
    password when I try to install a program?

    I know that I'll be safe if I switch to admin account to do the
    installation.

    And yes, there is a possibility that the virus will change the program
    I want to install. Let's ignore this possibility for now.

    I am running Win7.

    Thanks.
     
    , Dec 18, 2010
    #1
    1. Advertisements

  2. Re: can a key logger program steal admin password when you installprogram from limited user account

    wrote:
    > I have admin and limited user account on my PC. I always run in
    > limited user account, except when installing program and doing other
    > system maintenance work.
    >
    > In limited user account, when I install a program, it will pop up a
    > dialog to ask for admin password.
    >
    > Suppose that under limited user account, I by mistake downloaded
    > virus/trojan, can this virus/trojan/key logger steal the admin
    > password when I try to install a program?


    How does it work? If it can install a keylogger, it already has admin
    privileges.

    Short answer:

    It should not be able to. The elevation prompt is not in your limited
    user account, but in the "secure desktop" instead (like your logon
    desktop). The system takes a snapshot of your current desktop, darkens
    it, and switches to the secure desktop and displays it there - and then
    displays the credentials prompt.

    However, it might be possible for a compromised limited account to fake
    a secure desktop (darkened desktop) with a fake credentials prompt for you.

    > I know that I'll be safe if I switch to admin account to do the
    > installation.


    If you have a keylogger "installed", how can you assume this?

    > And yes, there is a possibility that the virus will change the program
    > I want to install. Let's ignore this possibility for now.


    You are only concerned about what can see the admin password?

    When you get to the "logon" screen and enter your admin password there,
    it is the same thing as the secure desktop offered up in your limited
    user account - if your keylogger can do one, it can do the other.

    > I am running Win7.


    I assumed Vista (the group names all say vista) - and I also assume Win
    7 is quite similar in this respect.
     
    FromTheRafters, Dec 19, 2010
    #2
    1. Advertisements

  3. Dave Warren Guest

    In message <iejjd8$1fn$-september.org> FromTheRafters
    <> was claimed to have wrote:

    > wrote:
    >> I have admin and limited user account on my PC. I always run in
    >> limited user account, except when installing program and doing other
    >> system maintenance work.
    >>
    >> In limited user account, when I install a program, it will pop up a
    >> dialog to ask for admin password.
    >>
    >> Suppose that under limited user account, I by mistake downloaded
    >> virus/trojan, can this virus/trojan/key logger steal the admin
    >> password when I try to install a program?

    >
    >How does it work? If it can install a keylogger, it already has admin
    >privileges.


    Keyloggers can run as a limited user but will only be able to intercept
    activity that happens within that user's context and won't see what
    happens in other contexts, including UAC elevated applications.

    >Short answer:
    >
    >It should not be able to. The elevation prompt is not in your limited
    >user account, but in the "secure desktop" instead (like your logon
    >desktop). The system takes a snapshot of your current desktop, darkens
    >it, and switches to the secure desktop and displays it there - and then
    >displays the credentials prompt.


    Don't forget the number of folks who set UAC to not use a secure
    desktop, these people may not even have this level of protection.
     
    Dave Warren, Dec 20, 2010
    #3
  4. poutnik Guest

    In article <>, dave-
    says...

    .........
    >
    > Keyloggers can run as a limited user but will only be able to intercept
    > activity that happens within that user's context and won't see what
    > happens in other contexts, including UAC elevated applications.
    >
    > >Short answer:
    > >
    > >It should not be able to. The elevation prompt is not in your limited
    > >user account, but in the "secure desktop" instead (like your logon
    > >desktop). The system takes a snapshot of your current desktop, darkens
    > >it, and switches to the secure desktop and displays it there - and then
    > >displays the credentials prompt.

    >
    > Don't forget the number of folks who set UAC to not use a secure
    > desktop, these people may not even have this level of protection.


    Sofisticated malware can abuse
    security vulnerabilities of various software, including OS,
    related to privilege escalation.

    All OSs, not limited to Windows, and many of applications
    publish often, or time by time security patches,
    addressing privilege escalation threat.

    Some of them are publicly known among hackers for longer time
    before getting fixed.


    --
    Poutnik
     
    poutnik, Dec 20, 2010
    #4
  5. Guest

    On Sun, 19 Dec 2010 18:56:37 -0800, Dave Warren
    <> wrote:

    >Don't forget the number of folks who set UAC to not use a secure
    >desktop, these people may not even have this level of protection.


    How can I check to make sure that UAC is set to use a secure
    desktop? I only found one screen to control UAC setting, and there is
    no mention of secure desktop there. Thanks.
     
    , Feb 20, 2011
    #5
  6. Re: can a key logger program steal admin password when you installprogram from limited user account

    wrote:
    > On Sun, 19 Dec 2010 18:56:37 -0800, Dave Warren
    > <> wrote:
    >
    >> Don't forget the number of folks who set UAC to not use a secure
    >> desktop, these people may not even have this level of protection.

    >
    > How can I check to make sure that UAC is set to use a secure
    > desktop? I only found one screen to control UAC setting, and there is
    > no mention of secure desktop there. Thanks.


    It's in the registry
    (HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/System), or
    could be accessed in security policies (secpol.msc).

    Which OS version are you using again?
     
    FromTheRafters, Feb 21, 2011
    #6
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. ToddAndMargo

    How to set Admin password from an admin user account

    ToddAndMargo, Jan 1, 2009, in forum: Windows Vista General Discussion
    Replies:
    2
    Views:
    697
    Rick Rogers
    Jan 1, 2009
  2. Ian
    Replies:
    1
    Views:
    289
    Robert Aldwinckle
    May 4, 2007
  3. Poutnik
    Replies:
    4
    Views:
    641
    Poutnik
    Oct 6, 2009
  4. Replies:
    5
    Views:
    1,945
    FromTheRafters
    Feb 21, 2011
  5. Replies:
    5
    Views:
    847
    FromTheRafters
    Feb 21, 2011
  6. Replies:
    3
    Views:
    1,407
    Gene E. Bloch
    Feb 21, 2011
  7. Replies:
    2
    Views:
    695
    Gene E. Bloch
    Feb 21, 2011
  8. Replies:
    2
    Views:
    1,454
    Gene E. Bloch
    Feb 21, 2011
Loading...