Prompts, prompts, and more prompts...jeez

Discussion in 'Windows Vista Administration' started by alex, Feb 1, 2007.

  1. alex

    Kerry Brown Guest

    UAC allows you to run as an administrator for backwards compatibility. In
    Linux or OS X this isn't possible. A task either has full superuser
    privileges or it doesn't. UAC gives a task two security tokens, Linux and OS
    X one. This has both good and bad points. Personally I think it is mostly
    bad points but in the interest of backwards compatibilty I can see why it
    was done. It improves security greatly over XP while still allowing the
    majority of old programs to run with little or no changes. It allows
    programmers to catch up before the next OS comes out which will be even more
    secure :)
    I've always been against software firewalls. They are an easy attack vector
    as by definition they must have very low level access to the system. This
    situation is better in Vista because of the reduced ability of a low
    privilege task to affect higher privileged tasks but I still see it as an
    attack vector.
    I am sure that zero day attacks that work around UAC will eventually happen.
    There is no doubt in my mind Vista is much more secure than XP could ever be
    made through updates or service packs. How much more secure only time will
    tell.
     
    Kerry Brown, Feb 27, 2007
    #61
    1. Advertisements

  2. Adam

    I didn't say that there were not holes, and I do not need lecturing on the
    early design of Windows.. I was merely remarking that many users bring on
    problems themselves..


    --


    Mike Hall
    MS MVP Windows Shell/User
    http://msmvps.com/blogs/mikehall/
     
    Mike Hall - MS MVP Windows Shell/User, Feb 27, 2007
    #62
    1. Advertisements

  3. alex

    Kerry Brown Guest


    In Linux or OS X or any other OS what would happen if someone downloaded a
    program that said it needed to run as superuser, root, or whatever to
    install, the user ran the program as root, and the program turned out to be
    malware? There is no protection against a social engineering attack other
    than user education. I know you really don't like Vista but this is a stupid
    argument. Pick on areas where real flaws exist if you want to criticise
    something.
     
    Kerry Brown, Feb 27, 2007
    #63
  4. You really don't understand UAC, but that's alright, get educated in a
    new thread I just started called:

    Giving UAC a second chance or why putting a silk dress on a sow its
    still a pig.
     
    Adam Albright, Feb 27, 2007
    #64
  5. True, some users do, and the flip side is many "security" issues are
    directly traceable to the shortcoming of the design of Windows going
    all the way back to the early days.

    Only fair to present BOTH sides of the UAC story, which seems to be
    something no MVP seems willing to do openly in these newsgroups
    probably out of fear of losing their cherrished MVP status, so it
    seems with rare exception MVP's are cheer leaders for UAC and don't
    really explain the pitfalls.

    I'm not lecturing anybody, I'm simply detailing what I learn about UAC
    as I go. So far, ain't been pretty. See seperate thread I started.
    Comments welcome.
     
    Adam Albright, Feb 27, 2007
    #65
  6. alex

    ceece Guest

    If you've just arrived to this "help" board, plan to be here awhile. I read
    this post below by JD and thought.. "Yes, this is what I need to learn about
    and the bulk of my questions and problems".... so are the following 53 posts
    following in this thread helpful? hmmm... They are long and windy and most do
    not clean up and remove previous posts like they should to leave only what
    they are replying to. I have stayed away from newsgroups like this for a long
    time because I seem to be very good at stirring up testostorone among male
    web techs and I apologize for that. If you read on, you will LOL. The
    testostorone is bouncing off the wall in this section. The name calling isn't
    too funny, but a sentence or two in all of that is helpful. You will learn
    more about security and/or lack of, and it may provoke more fear and concerns
    for you. I did come back and noticed there are 17 pages to sort through. OH
    brother indeed! If someone, anyone will reply to my questions, I will be
    extremely greatful? I did search for UAC in the help section on my computer
    and it's not there. Someone in this thread posted the need for an instruction
    sheet ---YES, please .. for the average joe! Some simple, basic information
    would be nice... I'll keep looking, but until then:
    1. Does UAC mean "user admin. control"?
    2. How do I turn it off only temporarily to say... play an online game like
    slingo? or would I even need to? (i'm guessing since it doesn't work)
    3. I would like to be able to adjust the settings so that when I drop/drag
    files from say a flash drive to my hard drive that the two or three popups
    wouldn't keep asking me.. "am i sure I want to do this". I can't even drop a
    shortcut on my desktop without the idiot notes. Where is the UAC located that
    I can see the options?
    4. I "think" I understood from somewhere in the 53 replies that if I DO turn
    off the UAC, then I'm at the same level of security as I am on my
    XP---correct? or no?

    and one more.. kinda OT
    --- I have FoxTor (add-on) tool for Mozilla browser. It's an anomymous web
    browsing tool. I cannot get it to work. ANd/or do you think Mozilla is a more
    secure browser?
    If anyone would please remove everything they are not replying to or
    answering---that would be Wonderful! I look forward to reading the replies
    and also surfing this board some more for helpful information. So far I've
    noticed it takes a good while to surf through the mud.
    Thank you! Ceece
     
    ceece, Feb 28, 2007
    #66
  7. Typing 'UAC' in the search box of Vista's Help and Support will bring up a
    window that answers all of your questions re UAC (User Application
    Control)..

    Being constantly asked if you 'are sure that you really do' want to carry
    out an action is frustrating for sure, but when you come across an
    application that does not ask, and just deletes or sets in motion something
    from which turning back is impossible, then you get to feel real
    frustration.. finding a happy medium somewhere in between is difficult, as
    we all have different tolerance levels..

    I have made the executive choice to turn it off, and anybody esle, other
    than in corporations where the guy in charge does not feel that all of users
    are fit to make their own executive decisions, can do the same and take the
    consequences just as I may have to..

    Re Mozilla, I don't use it, have never had the desire to use it, as IE has
    performed well enough for me..

    Mike Hall
    MS MVP Windows Shell/User
    http://msmvps.com/blogs/mikehall/
     
    Mike Hall - MS MVP Windows Shell/User, Feb 28, 2007
    #67
  8. alex

    Kerry Brown Guest

    Answered inline

    User Account Control
    There are some group policies that control how UAC behaves.

    http://technet2.microsoft.com/Windo...8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true
    Vista without UAC enabled is a little more secure than XP because the file
    system is locked down with NTFS permissions but yes disabling UAC and
    running with an administrator account gives very similar security to XP -
    almost none.
    In Vista I think IE7 is more secure than Mozilla based browsers because of
    IE's protected mode.

    http://www.microsoft.com/windows/products/windowsvista/features/details/ie7protectedmode.mspx
     
    Kerry Brown, Feb 28, 2007
    #68
  9. Hurricane Andrew, Feb 28, 2007
    #69
  10. alex

    WaltC Guest

    So, what's the problem? That's why Microsoft included an "off" toggle for
    the feature. Right? If you don't like it--you can turn it off. Problem
    "solv-ed" as Clusoe would have said...;) If you want the extra security that
    UAC provides--for instance, the protected mode support available under Vista
    IE7--you can put up with the minor annoynances that UAC presents. It's the
    user's choice--which is exactly what Microsoft intends it to be. I have some
    experience, and using the Vista betas I turned UAC off. But in running the
    retail versions of Vista I have decided that I'd rather have it on--and now
    that I've gotten used to it, it just doesn't bother me any more. I'd rather
    have that extra little security buffer than not.

    I get really tired of "average joe" posts written by people who think they
    know all there is to know about average joe. They don't, they just enjoy
    thinking they do as it helps them to feel like an "above-average joe" for
    saying it...;) People usually err when talking about Microsoft OSes by
    failing to appreciate that the "default settings" are not the only settings
    available. But in this case it is doubly ironic as many of the very same
    people who have traditionally decried Windows for its lack of security are
    now complaining about UAC simply because UAC assumes that the operator of
    the computer may be more intelligent than the computer itself. Basically,
    it seems to me that critics of features like UAC are simply being critical
    of choices being provided for the end users of operating systems in general.
    I think Microsoft is right--give people choices and don't assume that
    "average joe" doesn't want them. If I'm going to err, I'd rather err in that
    direction.
     
    WaltC, Mar 1, 2007
    #70
  11. alex

    ceece Guest

    Kerry Brown - You are WONDERfuL! THANK YOU!
    I am most definitely worse than the average Joe. Since I know "some" about
    building websites and have had NO security problems or viruses with windows
    95, then upgraded to XP and now I have both XP and Vista. I do know just
    enough to make me a dangerous joe and could really mess something up. I don't
    even know how to work this newsgroup or I'd change the subject line and move
    your email up to the top, so everyone could be spared all the wind and
    sassyness. I left the links you provided below and bookmarked them and edited
    out my wind with the questions. I also must not have been using the help
    feature correctly either. Older folks don't like change, once they get so
    used to things the way they were. Sounds like Vista IS worth the extra popups
    and it just takes time to get used to it. Thank you again SO much! ~ ceece

    ------ANd/or do you think Mozilla is a
     
    ceece, Mar 2, 2007
    #71
  12. alex

    Kerry Brown Guest

    You're welcome. As you have seen by this thread and many others, UAC is a
    controversial new feature with some people holding very strong opinions on
    it's use. All anyone can do is read all the opinions, take it all (even
    mine) with a grain of salt and make up your own mind.
     
    Kerry Brown, Mar 2, 2007
    #72
  13. alex

    Puppy Breath Guest

    MS knows home users are going to turn off UAC. But what are you gonna do?
    Leave it turned off so the security professionals can be up in arms about MS
    at least making an effort to protect the average Joe?

    The security professionals have an argument for everything that's tough to
    counter:

    Some people drive without seat belts. But that's no reason for car
    manufacturers to stop putting seat belts in cars.
     
    Puppy Breath, Mar 11, 2007
    #73
  14. Most wouldn't, but the "I_AM_A_VIRUS.EXE" PoC showed that there are
    indeed folks who will "open" such things. Why? Perhaps "I don't
    believe it" reverse-SE, disgruntled users on work PCs, etc.

    The problem is that quite often the consequences of doing things are
    not obvious (or even visible), and Windows was always written to
    assume good intentions, as in "scripts are usually safe".
    Jeez, you are so blind you can't tell when we're attacking dumb-ass
    Microsoft design decisions. Do you even read what you reply to?
    That's not the main problem.

    When you install sware, you know you are giving it traction to not
    only run code, but... well, to install software, DUH.

    However, the same consequences could arise when you:
    - visit a web site
    - read "message text"
    - open an MS Office "document"
    - simply connect to the Internet (RPC etc.)

    That's bad design, when content can pretend to offer the low risk of
    "reading data" but actually execute the higher risk of running code.

    This is before you factor in code insanity, i.e. that code written to
    safely view data may in fact run it as raw code due to unchecked
    buffers or whatever. The take-home lesson there is that all content
    handling can be dangerous and therefore should be avoided until the
    user has initiated that process. That lesson has not been taken home.

    It's taken years from MS to slowly retreat from the excesses of IE 4's
    "all the wotrld's a web page" model, MS Office's auto-running of
    macros in "data" files, and Outbreak taking orders to spam.
    Any program. Yes, if you source Windows in the form of a ?tainted
    download, or conterfeit CD, then what you're installing may be a
    little more than just Windows alone ;-)
    Current Windows is based on NT, and NT was written to be a network
    chew-toy. It was intended that some big-boss system administrator
    would be able to fiddle with PCs through the networjk, overriding any
    wishes the user might have had on the subject.

    When that design is chucked into broadband consumerland, guess what
    happens? Anything that can spoof "sysadmin" status has all that
    lovely remote admin access to play with.

    XP was the first NT to be mass-sold into consumerland. It was also
    the first version of Windows to be open to pure network worms that
    attack within minutes of connecting to the Internet, without running
    any apps at all - and there were two majot outbreaks of that (Lovesan
    et al through RPC, Sasser et al through LSASS).

    And now in Vista, we find the RPC service cannot be set not to restart
    the whole damn PC whenever it falls in its ass. Where's the logic in
    that? The only logic I can see is that corporate sysadmins want
    access to the system at all times, even if the user kills RPC and thus
    potentially blocks remote access. And because the same basic code
    base is used across all Vistas, us home users have to have the same
    "solution" for this as crafted for corporate needs.

    MS still doesn't "get" it that consumers have needs that are too
    different from pro-IT that you cannot simply use the same design as-is
    for both. It's not enough to rip out the geekiest bits and dab on a
    coat of "easy to use" paint, and call that "Home".
    IMO, this isn't where the problems come from. If anything, I'd expect
    *NIX to have even deeper and more tortuous legacy roots. Only Apple
    have slashed and burned compatibility, mainly when changing
    processors, and I'm not sure how relevant that is, either.

    In fact, I'd say the greatist risks in a new Windows are not from
    legacy carry-over, but new 1.0 feature sets added for the first time.
    If you're going to initiate a discussion topic, you need to be a bit
    more specific. For example, when you say "Windows", where are you
    joining the evolutionary path - Windows 1.0, Windows 3.0 or 3.1,
    Windows 95? You'd expect *NIX to have the strongest Internet
    heritage, given that it was invented by a telecommunications
    enterprise with communications as a major goal.

    In fact, I'd say the version of Windows that had the best by-design
    safety would have been Windows 95. This predated web browsers that
    ran active content, HTML email clients that autoran scripts, HTML and
    scripting embraced as internal technologies, deep integration of the
    web browser, RPC and other remote-facing "services", ActiveX opening
    up DDE/OLE to Internet access, etc.
    The sequence was a bit different.

    Even before Windows shipped with networking capabilities, viruses were
    a clear and present danger with diskette swapping and BBS downloads as
    the vectors. Destructive payloads were more common than today.

    Then malware simply used by-design opportunites that Microsoft handed
    out on a plate - MS Office macro viruses, scripts that used Outbreak's
    by-design functionality, and HTML scripts within email "message text".

    Quite late in the Win9x era, we saw a move to the discovery and use of
    exploitable code defects. The first spectacular examples were SQL
    Slammer (Sapphire) and perhaps Code Red, which swept through servers
    like wildfire. Still, at this point, Win9x users were not at risk
    unless they'd installed something that dropped a SQL engine on the PC.

    When XP waved RPC, LSASS etc. at the Internet, mass exploits of
    defects in these services followed fairly swiftly. From that moment
    on, the search has been for exploitable code defects, rather than
    simply using by-design opportunities that are beginning to wane.
    I make a distinction between "security" and "safety".

    When you need some folks or contexts to use risky functionalities and
    others not, then you need "security" to mediate access to these
    things. But when you do NOT need any folks or contexts to have access
    to risky things, then you simply need to rip these out altogether.

    A piss-weak strategy is to rely on "security" to act as a zero-pass
    band-aid instead of building in "safety". Would you feel safer if
    nuclear weapons were never invented, or if anyone could pick up a
    phone and command a strike, blocked by the 100%-foolproof security of
    needing an impossible-to-guess 3072-character string?

    NT was indeed designed as a secure OS, unlike Win9x - from the user
    accounts and domain logon down to NTFS, it's designed to secure access
    to everything - but, alas, also open everything to remote access,
    "protected" by this security. And XP has suffered far more
    devastating mass drive-by attacks than Win9x as a result.

    On writing the OS from scratch, I remember it was claimed in the NT 4
    era that the whole code base had been re-written to root out all
    unchecked buffers. Er... right. As long as folks write in C, we will
    prolly have unchecked buffers are similar exploitable defects, and
    this underlying factor prolly applies equally to *NIX and MacOS.
    Interesting you mention that - as they have indeed come closer to
    doing just that with XP SP2 and even more so with Vista.
    Actually, UAC is the temporary tip of a far larger iceberg of safer
    re-design. It is there to bridge between today's apps and the safer
    (or "more secure", if you prefer) native design of Vista.

    UAC isn't going to be developed further; it more likely to fall away
    as development embraces the new Vista practices. What happened to
    Share.exe between Win95 and Win98 is what will happen to UAC... in a
    few years' time, apps that throw up UAC prompts today will not run.

    Hopefully, Vista64 will be that more secure platform - with DEP,
    signed drivers etc. as the norm. It's the only clean-slate
    opportunity MS is likely to get in the next 5-10 years, so I hope they
    don't squander it by allowing today's practices to continue.
    Prolly similar to what they did when Win95 was in (protracted) beta.

    In both cases, the current OS had core reasons why it HAD to be
    redeveloped. Win3.yuk was dying every few hours because the 64k
    global heaps were being overrrun with modern multitasking needs. XP
    is being shot to pieces because most of its security depends on
    limited account rights, and no-one developing consumer software has
    given a damn about writing for use with less than admin rights.

    In both cases, MS responded by building a relatively clean-slate OS
    designed to impliment a new software standard, with concessions added
    so that current software will still work.

    In 1995, the new standard was 32-bit code, as supported by the
    minority NT OS of the time. In 2006, the "new" standard was pretty
    much the same one they advocated for XP, i.e. develop code so that it
    can run in limited user accounts, sign your drivers, etc.

    The original Win95 moved everything from 16-bit to 32-bit heaps, thus
    killing the resource heap crisis for once and for all. At the API
    level, they hid this detail, so that existing sware would still
    work... then they discovered many apps broke API rules and wrote
    directly to the heaps, and thus would crash with the new OS. So they
    moved some items back to the old legacy 16-bit heaps, and I suspect
    the extended public beta period was mainly needed to test which items
    had to be moved and which could stay in the 320bit heaps.

    The original Vista was prolly written to run properly-developed
    programs, with UAC as a tide-over for everything else. In its earlier
    forms, UAC was even less tolerable than it is today. The extended
    beta may have been required to polish it up, and if late changes were
    still being made, it may explain why so many vendors are still not
    Vista-ready today (e.g. HP printer drivers, QuickBooks, etc.)

    IOW, simply developing for Vista from 2004 doesn't ensure you'll be
    Vista-ready in 2006, if the OS changes late in the beta process so
    that your development work is invalidated.

    That's what 2007 smells like, to me.

    I think MS's approach is sound, because the pain of today's sware and
    UAC will fade with time. If the new platform we move to was deeply
    compromised for the benefit of today's legacyware, then we'd carry
    that pain forward for the next 5+ years.

    As it was, the need to compromise Win9x for Win16 heap-fiddlers had a
    crippling effect on Win9x in the long term. Let's hope we aren't in
    for the same thing with Vista.


    Saws are too hard to use.
    Be easier to use!
     
    cquirke (MVP Windows shell/user), Mar 11, 2007
    #74
  15. Right now I'm reading the dumbass comments of some cross posting Bozo
    that just now is responding to what I wrote over two weeks ago, but
    first deleted my comments so I have no idea what he's yapping about.
    Happy?

    As usual I'm waiting on Windows to finish a task that doesn't require
    my direct monitoring, so I have time to play with the kiddies that
    post here that love to pretend they know what they're talking about.
    Trust me, always laughs for real experienced users like myself to
    Oh, well then I'll wait breathless for you to tell us what the main
    problem is then.
    DUH? As in you're too fu..ing dumb to know what you're talking about?
    I'm not impressed with your made up terms. If your use of 'sware' is
    suppose to mean spyware you rarely are ASKED if you want to install
    it. Hint: That's why its called spyware dummy.
    Really? oh wow, I bet nobody knew that! Thanks so much for repeating
    the obvious.
    You're full of a brown substance that comes out a certain oraphous on
    your backside. People are NOT aware of what they're installing half
    the time. Hint: That's how trojans get "installed", worms, a virus,
    malware of all kinds.

    Sorry kid, you're just rehashing what I said. While I'm sure I could
    come up with witty comments on the rest of the garbage you said, I'm
    sure I find something more interesting. Bye-bye loser.
     
    Adam Albright, Mar 11, 2007
    #75
  16. you know what's really funny is these guys went to all the time and effort
    to write this post, however in two seconds could have turned of UAC
    (hehehehe, is it really worth the bitching effort...)
     
    Nathan Sheppard, Mar 15, 2007
    #76
  17. Well, I turned it off. Got tired of having to confirm 4 times when I wanted
    to create a new start menu group. I have no problems with it being on for
    something's, but Microsoft should have allowed you to choose what it nags
    you about and what it doesn't. I really don't see how anything bad could
    happen by creating a start menu group, or directory, etc. I think Microsoft
    went too far with this.

    As for it being for business people, well it is the consumers that spread
    most of the viruses and stuff. Consumers are often dumber than the computers
    they use. They have no problem opening an e-mail attachment from someone
    they don't know. They have no problem giving personal information and
    passwords to any site that asks for it. While business aren't perfect, they
    are better than they dumb consumers.

    =(8)
     
    Jack Splat =\(8\), Mar 15, 2007
    #77
  18. alex

    Jimmy Brush Guest

    Truth is, there are two modes when using your computer with UAC mode.
    "restricted" mode and "unrestricted" mode.

    The line has to be drawn somewhere between "restricted" and "unrestricted".

    Creating a directory in certain parts of your system or creating a start
    menu group for all users is "restricted", because this change could affect
    other users on your computer or your computer itself.

    UAC steps in whenever a program wants to switch from "unrestricted" to
    "restricted" - and it asks *you* if this change is OK.

    UAC tells you "hey, this program here wants complete access to your computer
    .... are you OK with allowing this program to continue? Did you actually
    start this program? Do you trust that it will use this power to do what you
    think it will do? Because it could use this power for evil."

    This is important ... because even though you are "ONLY" trying to say
    delete a directory, the program that you are using is about to be given
    "unrestricted" access to your computer in order to do that - which means it
    could do much, much, MUCH more damaging things to your computer than just
    delete said directory ... it could render your computer useless.

    so ... why can't you choose what the computer nags about and what it does?

    Well, you actually CAN to some extent ... you can change the security on
    things such as files so that any program, not just administrative programs,
    can access them.

    But, it is important to ask yourself ... are you OK with any program that
    runs on your computer having that kind of access to your computer?

    UAC protects you by allowing you to choose which programs have unrestricted
    access to your computer, and preventing all other programs from having this
    kind of access.


    --
    - JB
    Microsoft MVP - Windows Shell/User

    Windows Vista Support Faq
    http://www.jimmah.com/vista/
     
    Jimmy Brush, Mar 19, 2007
    #78


  19. But that isn't why Microsoft added UAC at least not according to them. They
    added it so that it was harder for any malicious programs to do something
    bad. Again, it shouldn't have been an all or nothing features. It is just
    Microsoft once again trying to control what we do with our computer and how
    we do it. Until they allow me to decide what is and isn't monitored UAC can
    go to hell right along with Microsoft and their poorly implemented grandiose
    ideas.

    =(8)
     
    Jack Splat =\(8\), Mar 20, 2007
    #79
  20. On Sun, 18 Mar 2007 21:25:22 -0400, "Jimmy Brush"

    Well, I could re-witre the shortcut to WinWord.exe to point to my
    malware code, which could then chain into WinWord.exe as if nothing
    has happened. Or I could seed the StartUp group wiht malware, and
    thus get to run whenever Windows runs.

    Now that Vista gropes the Start Menu early in the match-finding
    process (as invoked by typing in Search field), the significance of
    this is if anything increased.

    So yes, it seems entirely appropriate to defend these, especially the
    system-wide (All Users) forms of these.


    Saws are too hard to use.
    Be easier to use!
     
    cquirke (MVP Windows shell/user), Mar 20, 2007
    #80
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.