UAC and IE Protected Mode?

Discussion in 'Windows Vista Security' started by Doug Walch, Nov 17, 2006.

  1. Kerry

    I didn't say 'all' MVPs, but I know of some who do not like it..

    I also spend my time removing 'crap' from people's systems, but is UAC going
    to stop others from getting it back? Will UAC stop kids loading Lop.com onto
    their systems alongside Messenger Plus, or from internet Chat afficionados
    getting all kinds of stuff from Smiley Central, Comet Cursors, and free
    online gaming sites?

    I fully agree that there should always have been ways to prevent users
    changing system settings, and UAC steps in to fill the gap..
     
    Mike Hall - MS MVP Windows Shell/User, Nov 19, 2006
    #21
    1. Advertisements

  2. Doug Walch

    Ben Miller Guest

    Mike,

    My comments were not directed to you. They were in response to Milhouse's
    last post suggesting that "Experienced Users" don't accidently or
    maliciously do bad things.

    -Ben
    ______________
    Ben Miller
    CISSP
    GSEC
    Security+
     
    Ben Miller, Nov 19, 2006
    #22
    1. Advertisements

  3. Doug Walch

    Ben Miller Guest

    Nod... apparently we are in the presence of the tip of the educational
    sword :)


    ______________
    Ben Miller
    CISSP
    GSEC
    Security+
     
    Ben Miller, Nov 19, 2006
    #23
  4. Doug Walch

    Kerry Brown Guest

    I know some MVP's don't like it. I sometimes find it exasperating until I
    find out how to do what I want and keep it enabled. It's tough to learn new
    things especially aa I get older :) I think the protection uac provides
    make it worth learning how to live with it. For the most part remembering to
    use Run as administrator when you are doing administrator tasks makes uac
    easy to live with.

    As for kids with Vista, Vista has many tools parents can use to stop their
    children from abusing the computer. It has powerful parental controls. Once
    a few parents buy new computers with Vista and start spreading the word to
    other parents I see this becoming one of the main selling points for Vista
    in the home. I can see many parents wanting to upgrade to Vista just for the
    parental controls.
     
    Kerry Brown, Nov 19, 2006
    #24
  5. You touch on one aspect that's unclear to me: the "admin" account that Vista
    sets up as default. I believe I've read that it's not a "true" admin account
    (the one that is, called "Administrator," is hidden and not accessible by
    the average person), that it's some kind of hybrid. Is that your
    understanding of it?
     
    Milhouse Van Houten, Nov 19, 2006
    #25
  6. Doug Walch

    Kerry Brown Guest

    The account is a "true" administrator account. The confusion is partly
    caused because Vista with uac enabled treats administrator accounts
    differently than previous versions of Windows. When you log on to Windows
    you get a security token. Whenever a process tries to do something the OS
    requests the token of the user that started the process and either allows or
    disallows the operation depending on the token. It's like a security pass
    that allows you access to some areas of a building but not others. In Vista
    with uac enabled an administrator gets two tokens, a standard user and an
    administrator token. Under normal circumstances when the OS requests the
    token the standard user token is presented. If this token doesn't have the
    proper permissions to do the requested operation then you will get a uac
    prompt. If you OK the uac prompt the administrator token is then presented.
    This is a very simplified version of what happens. Jimmy Brush has a good
    write-up on uac here:

    http://www.jimmah.com/vista/security/uac.aspx

    Another thing that confuses many people is that there are additional
    protections built into the file system and the registry that did not exist
    in previous versions of Windows. This doesn't mean that an administrator
    account isn't a "true" administrator. It means that Vista is different from
    previous versions of Windows and administrators will have to learn the new
    way of doing things. Administrator accounts should be used for just what
    they say they are: administration. For everyday use you shouldn't need an
    administrator account but should be using a standard user account. Because
    of the previous culture of everyone using administrator accounts all the
    time programmers have either gotten sloppy or never learned how to program
    for security and eventually you needed to run Windows as an administrator
    just to get anything done. Uac and some of the other security features in
    Vista are an attempt to work around this and allow people to run as an
    administrator but still have decent security.
     
    Kerry Brown, Nov 19, 2006
    #26
  7. Apologies, Ben.. my bad.. personally, I am quite careful and don't need
    constant reminding, but found myself doing a system restore to get back to
    before I installed a bad driver.. it happens..
     
    Mike Hall - MS MVP Windows Shell/User, Nov 19, 2006
    #27
  8. Kerry

    Is it not true that Vista Home versions other than Ultimate will set up with
    a hidden Admin account in much the same way as XP Home did, and that the
    'default user' will be a standard account?
     
    Mike Hall - MS MVP Windows Shell/User, Nov 19, 2006
    #28
  9. Doug Walch

    Ben Miller Guest

    No problem Mike. I'm sure you are very careful and mindful of what it is
    you are doing. But like you said, it happens. Fortunately, in your case it
    was a driver issue.

    -Ben
    ______________
    Ben Miller
    CISSP
    GSEC
    Security+
     
    Ben Miller, Nov 19, 2006
    #29
  10. Doug Walch

    Kerry Brown Guest

    You may be right. I haven't played with any of the Home versions for months.
    Now that the RTM is out I plan to do some testing of the Home versions as
    I'm sure many of my customers will be using them. If it is true that the
    default user is a standard user that would be a bonus as far as I'm
    concerned. Not having an easily accessible administrator account may not be
    the best thing to do at this point though. Because of all the existing
    programs that will have difficulties with this (including many Microsoft
    apps) many people will quickly get frustrated, bad mouth Vista, create an
    administrator user and probably turn uac off for spite. It would be better
    to create two users, an admin and a standard and use help screens and demos
    to educate the user as to their use. I hate to keep using 'nix based OS' as
    an example but Linux and the Mac both do this. Strangely enough they don't
    suffer from many of the same security problems Windows has even though they
    seem to have almost as many exploitable bugs. You also don't hear their
    users complaining about this. Always running as an administrator is a
    Microsoft problem dating back to DOS. It's become part of the Windows
    culture. When NT first came out no one ran as an administrator except when
    needed. Once Microsoft quit making DOS based OS' and there was a mass exodus
    of users to NT based OS' the culture carried over. If it hadn't I don't
    believe malware would be the problem it is today. We also wouldn't need uac,
    virtual registry, and all the other crutches in Vista.

    In one sense you are right that in XP Home there are additional security
    features that are only accessible in safe mode. This doesn't mean that
    administrators aren't true administrators. It means that safe mode works
    differently from normal mode :)
     
    Kerry Brown, Nov 19, 2006
    #30
  11. Bring back the days of the ROM based OS or 3 floppy DOS.. when the only way
    to customize a PC was to scotch tape a Bazooka Joe comic to the outer casing
    and 'GUI' meant thick and sticky.. :)
     
    Mike Hall - MS MVP Windows Shell/User, Nov 19, 2006
    #31
  12. Doug Walch

    Jimmy Brush Guest

    Come on people, face it, very experienced users are not going to fly with
    I disagree. I consider myself an 'experienced user', and I am VERY concerned
    about what programs on my system request admin privileges.

    Personally, I do NOT want notepads running around on my home network or
    domain with permission to format all the hard drives that I have access to.
    I want to CONTROL the privileges that the applications I run have. I want to
    KNOW when I run a program that requests admin permission, so I can DECIDE
    whether it is worthy.

    Disabling UAC takes this control away from me, which makes me angry.
     
    Jimmy Brush, Nov 19, 2006
    #32
  13. Doug Walch

    Jimmy Brush Guest

    UAC is not designed for people who know what they doing, and I don't think
    UAC was designed to implement the security model Windows has wanted for
    years, instead of the XP-era model where all program have admin access.

    This behavior can be taken advantage of by both admins and home users.

    Do you want instances of <insert name of any program that should not need
    admin power> running around on your desktop with permission to format every
    hard drive on your domain? Wouldn't you like to know which programs request
    admin permission and which don't? Personally, I do. If you don't, then I
    agree with your decision to turn it off.

    As for Mac OSX, it may have an easier-to-use implementation, but there is a
    huge trade-off in security. Windows can't afford to break the security
    model - applications would immediately take advantage of this incontinuity,
    rendering any security afforded innefective.
     
    Jimmy Brush, Nov 20, 2006
    #33
  14. Doug Walch

    Kerry Brown Guest

    I don't know why we ever needed anything more than CP/M.

    pip a.new=w.old,y.old,z.old

    :)
     
    Kerry Brown, Nov 20, 2006
    #34
  15. All so clear cut :)

    CASE die% OF
    WHEN 1,2,3 : bet$ = "lose"
    WHEN 4,5,6 : bet$ = "win"
    OTHERWISE bet$ = "cheat"
    ENDCASE
     
    Mike Hall - MS MVP Windows Shell/User, Nov 20, 2006
    #35
  16. Administrators do make mistakes, but 99% of the time its because they
    thought it was the right thing to do at that moment and a continue button
    isn't going to stop them.

    - Kurt
     
    Kurt Harriger, Nov 25, 2006
    #36
  17. Nor I, that is why I wish I could control the permissions for every
    application via SUID, then every program could have a protected mode, why
    should notepad even have access to the registry.

    - Kurt
     
    Kurt Harriger, Nov 25, 2006
    #37
  18. Doug Walch

    Kerry Brown Guest

    I disagree. I manage a few servers remotely. When I'm finished I sometimes
    click Start -> Shutdown by habit. This would be disastrous in most cases as
    I would then have to either phone the site and tell them to turn the server
    back on or go there myself and do it. The warning window that pops up stops
    me from doing this and I log out instead. Warnings (uac) have a purpose.
    They make you think about what you are doing. Anyone that blindly clicks
    continue wouldn't be working for me for long. Good administrators always
    think when a warning pops up.
     
    Kerry Brown, Nov 25, 2006
    #38
  19. I was referring more to intentional mistakes, such as deleting a specific
    file and realizing later you deleted the wrong version of that file, oops,
    hope backup is current. A continue button isn't going to stop someone from
    doing something they are intent on doing, if doing it was a mistake then oh
    well we all make mistakes. Confirmation prompts on potentially dangerous
    task are always good and are not new to vista, even dos prompted before
    deleting a file. But too much of a "good" thing could potentially
    desensitize users, your potentially bad habit could have just as easily
    included one more mouse click. If you weren't already desensitized to the
    potential consequences of shuting down a computer because you do it so often
    out of habit, you wouldn't have clicked shutdown in the first place.

    - Kurt
     
    Kurt Harriger, Nov 25, 2006
    #39
  20. Doug Walch

    Jimmy Brush Guest

    I agree that more discrimination of permissions should be assignable to
    programs. But, a simple SUID solution is not perfect IMHO, as a program with
    less rights could exploit a behavior of an application with more rights via
    SUID in order to escalate its privileges.

    Windows (or any other OS for that matter) can't tell the difference between
    a user wanting to initiate a program / some action vs. a rogue program doing
    the same thing.

    If Windows would have allowed this feature, than it would have had serious
    negative security consequences.
     
    Jimmy Brush, Nov 26, 2006
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.