UAC and IE Protected Mode?

Discussion in 'Windows Vista Security' started by Doug Walch, Nov 17, 2006.

  1. Doug Walch

    Doug Walch Guest

    I'm curious to know whether there is a diffence in IE security vulnerability
    between running Vista with UAC enabled (hence IE is in protected mode,
    versus, running Vista with UAC disabled, with the user NOT in the local
    admins group.

    Thanks
     
    Doug Walch, Nov 17, 2006
    #1
    1. Advertisements

  2. Doug Walch

    Jimmy Brush Guest

    Hello,

    Yes, there is a difference. When UAC is enabled, IE runs in protected mode.
    This mode is much, much more restrictive than the mode IE runs in when
    running under a standard user account.

    When IE is running in protected mode, it cannot save/modify any files on
    your computer (other than temporary internet files), save/modify any
    registry keys (except for certain ones it needs to work), and it cannot talk
    to any other programs on your computer (except for one that is used to ask
    you for permission).

    In protected mode, when IE wants out of this "protection box", it has to go
    through the broker program, which asks you for permission before it
    proceeds. In effect, YOU have to know about and approve IE to allow it to
    touch any file, registry key, program, etc. on your computer.

    In this scenario, if your IE is taken control of by some rogue program, that
    rogue program will be unable to damage anything except a few IE settings,
    because it will be unable to modify your files/settings/programs (unless it
    asks you for permission and you give it the permission).

    When protected mode disabled, IE gets the full power of your user account.
    So in the same situation with protected mode off, a rogue IE will have as
    much access to your computer that you do. If you are running as a standard
    user, then it can access all of your documents and settings that affect your
    user account. If you are an admin, then the rogue IE can do anything it
    wants.
     
    Jimmy Brush, Nov 18, 2006
    #2
    1. Advertisements

  3. Which all brings up an interesting point: is there any way to untie the two?
    Now that the beta is over, I don't want to endure UAC any longer, but I was
    shocked to find that IE's Protected Mode goes along with it, something I
    never expected and which I think is very unfortunate, since many people are
    going to disable UAC yet would never think of disabling Protected Mode.

    Now, this is where someone comes along and says that it's simple to make
    happen with a policy change or similar.
     
    Milhouse Van Houten, Nov 19, 2006
    #3
  4. Doug Walch

    Ben Miller Guest

    Why on Earth would you disable UAC???? Especially for the typical end user.
    This technology will be the "saving grace" of many enterprises, small
    businesses, etc... I would debate your claim that "many people are going to
    disable UAC." From my standpoint, UAC is the best benefits of Vista.

    -Ben

    ______________
    Ben Miller
    CISSP
    GSEC
    Security+
     
    Ben Miller, Nov 19, 2006
    #4
  5. I can only think of two possible reasons for his post. 1) He is a bot
    master and wants to keep people from implementing minimal security. 2)
    Stupidity is the other.

    Why can't people understand that UAC is just a technique that has been in
    Unix for decades?
     
    David J. Craig, Nov 19, 2006
    #5
  6. Come on people, face it, very experienced users are not going to fly with
    it. They just aren't. Further, since they are experienced, they have much
    less of a need for it, since rogue programs aren't running around on their
    systems in the first place.

    (Note that I'm not talking about IE's Protected Mode here, which I have no
    problem with, but system prompts unrelated to IE.)

    I fully agree that everyone else should leave it on.

    As I said in another thread, what I would have preferred is a way for it to
    work where you only see a prompt for elevation when it's a result of
    something that you *didn't* just ask to do yourself. All the annoyances
    would fall away then, and you'd only be alerted when there's some other
    action occurring on the system other than you, say, clicking to go change
    your page file.
     
    Milhouse Van Houten, Nov 19, 2006
    #6
  7. Doug Walch

    Ben Miller Guest

    Oh... so you mean only enact UAC when something bad might happen? OK...
    that makes sense. So, then you would also agree that viri cannot be spread
    via email, right? I opened the app to collect the mail right? So, if I
    initiated the the action, the it _has_ to be good.

    Give me a break.

    -Ben

    ______________
    Ben Miller
    CISSP
    GSEC
    Security+
     
    Ben Miller, Nov 19, 2006
    #7
  8. Experienced users don't run executable email attachments in the first place.
    Of course. That's one of the fundamental ways they go for years (or forever)
    without their systems ever being compromised. There's also a popular
    application out these days called anti-virus, not to mention antispyware
    (which even comes with Vista).

    And of course I'm not talking about just running an email app. You know what
    I'm talking about: Making a change to the system and being asked permisson
    for something you just told the system to do yourself. UAC is not designed
    for people who know what they doing, and I don't think MS ever claimed that
    it was. Experts would leave it enabled, however, if it worked as I suggested
    (though I've never tried it, I believe I've read that OS X tends to work
    more that way--if not entirely that way--and you've never heard an uproar
    over the feature there).

    Next.
     
    Milhouse Van Houten, Nov 19, 2006
    #8
  9. Corporates will make sure that UAC is running, as should home users where
    multiple family units are accessing the computer.. for the rest, it is a
    personal choice.. I have UAC turned off..
     
    Mike Hall - MS MVP Windows Shell/User, Nov 19, 2006
    #9
  10. I keep it on to see what the normal experience is like. I'm afraid a lot of
    users will get too used to clicking Continue and get infected anyway. Just
    like they managed to delete user created OE folders by automatically
    clicking Okay or Yes.
     
    Frank Saunders, MS-MVP OE/WM, Nov 19, 2006
    #10
  11. Doug Walch

    mik Guest

    only stupid people disables the UAC
     
    mik, Nov 19, 2006
    #11
  12. Doug Walch

    mik Guest

    Are you sure you're a MVP? I think you're very stupid!
     
    mik, Nov 19, 2006
    #12
  13. Doug Walch

    Ben Miller Guest

    So you are suggesting that a "seasoned" administrator knows everything there
    is to know about their system and never make mistakes. This is just one
    more block in the road for those click-happy admins. Also, keep in mind
    that UAC utilizes 2 tokens, standard user and admin, only invoking the admin
    token when an administrative task is required. So the malicious code that
    an admin might not normally see is blocked as well. When you are logged
    onto any system with admin privileges, you are opening that entire system
    (and possibly domain) up to multiple vectors of attack. With UAC enabled,
    those malicious packages that are designed to be hidden are no longer.

    I presume that you are on board with McAfee and Symantec complaining about
    Patchguard also? I am interested to hear your response to those morons.

    -Ben

    ______________
    Ben Miller
    CISSP
    GSEC
    Security+
     
    Ben Miller, Nov 19, 2006
    #13
  14. Doug Walch

    Ben Miller Guest

    Boy mik, those last two posts were very eloquent. Grow up kid.

    -Ben
    ______________
    Ben Miller
    CISSP
    GSEC
    Security+
     
    Ben Miller, Nov 19, 2006
    #14
  15. Frank

    Ultimate set me up as Admin.. corporates will set their users as 'standard',
    and I assume that this will take away the ease of just clicking on
    'continue' to make changes or accept anything.. of course, those seeking to
    mislead, will always find a way to bamboozle whatever security is in place..

    For me, it was annoying beyond words, and had to go.. I was intending to
    live with it, but just couldn't.. other MVPs feel the same way about it
    too..
     
    Mike Hall - MS MVP Windows Shell/User, Nov 19, 2006
    #15
  16. You are entitled to your opinion, and I have and reserve the right to ignore
    it..
     
    Mike Hall - MS MVP Windows Shell/User, Nov 19, 2006
    #16
  17. Doug Walch

    Kerry Brown Guest

    Not all MVP's fell the same about it. I feel very strongly that uac is a
    very good thing. Then again I spend a lot of time removing malware from
    customer's computers. It's time Windows users moved on from the attitude
    "it's my computer and I'll damn well do what I want with it". Uac actually
    allows you to do what you want in a much safer way. It will take a while,
    maybe years, but eventually most programs will work with the security model
    in Vista and all these arguments about uac will seem silly. Use Vista as you
    would Linux or OS X or any other secure operating system. Use a standard
    user for every day use. When you need to do administrative tasks use Run as
    administrator. I've been doing this since the September 2005 Longhorn Beta 1
    and it works great. Of course I'm used to OS' that use a good security model
    :)

    Vista sets up the first user created during the install as an admin user.
    All subsequent users are standard users. It is always a good practice to
    have two admin accounts and at least one other standard account for normal
    use. It is a shame that during the install Vista doesn't set up two
    accounts, one admin, one standard, then default to logging on as the
    standard user.
     
    Kerry Brown, Nov 19, 2006
    #17
  18. Ben

    I looked back at what I said and can find no instance of me suggesting that
    seasoned administrators know everything and never make mistakes.. what I did
    say is that I don't personally like it on my home system, it being one of
    five attached to the router, and I have turned UAC off..
     
    Mike Hall - MS MVP Windows Shell/User, Nov 19, 2006
    #18
  19. Apparently grammar and punctuation are taught at the next grade level, as
    well...
     
    Mark D. VandenBerg, Nov 19, 2006
    #19
  20. Apparently grammar and punctuation are taught at the next grade level, as
    well...
     
    Mark D. VandenBerg, Nov 19, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.