UAC whitelist

Is there a way to grant an applicatoin the right to execute now and forever
more? An app that I use 3,4,10,15 times a day triggers an UAC prompt. I
understand that the app should be written in a different manner so that it
does not need Admin rights. Until it is re-written, I do not want to be
prompted __EVERY__ time i launch it. Is this possible?

Since I think I already know the answer (but I am wrong far more than I
would like to admit which is why i am posting), Why not???

and to answer the first 3 arguments against: 1) I don't care that the app
should be written differently. It is not written differently now, and I need
to run it now. 2) It's not really a security hole to whitelist an app(s) -
UAC is still running. Firewall is still running. User is still a least
priveledge account, etc. 3) i haven't thought far enough to have 3 counter
arguments.

Can someone explain to MS the value in grannular configuration? 'Configure
UAC' should have a few more options than Turn On / Off.

Thanks for all of your help and feedback.

Matt

Unfortunately, there is no way to have a specific app silently elevate while
leaving UAC enabled for all other administrative apps. I do feel your pain
here -- I bounce off the elevation prompt many times a day. I just learned
to quick hit ALT+C whenever it's coming up. There's plenty of websites that
give instructions on how to turn UAC off, if it's really ruining your day.

Although it doesn't seem like that's a security hole, it actually can be.
Security is a 'weakest link' game. If a program has a "golden ticket" to run
elevated, then the system's security is only as strong as that app is -- and
most apps aren't written in such a way as to be strong against subversion by
other apps. Suppose mmc.exe (the Microsoft Management Console - open the
Start menu, right-click on 'Computer' and choose 'Manage') were automatically
quietly elevated every time. Then a bad guy would just have to figure out
how to run it from the command line; or to ask it to open a malformed .mmc
file that causes it to crash exploitably.


"anySmarterIdrunLinux" wrote:

> Is there a way to grant an applicatoin the right to execute now and forever
> more? An app that I use 3,4,10,15 times a day triggers an UAC prompt. I
> understand that the app should be written in a different manner so that it
> does not need Admin rights. Until it is re-written, I do not want to be
> prompted __EVERY__ time i launch it. Is this possible?
>
> Since I think I already know the answer (but I am wrong far more than I
> would like to admit which is why i am posting), Why not???
>
> and to answer the first 3 arguments against: 1) I don't care that the app
> should be written differently. It is not written differently now, and I need
> to run it now. 2) It's not really a security hole to whitelist an app(s) -
> UAC is still running. Firewall is still running. User is still a least
> priveledge account, etc. 3) i haven't thought far enough to have 3 counter
> arguments.
>
> Can someone explain to MS the value in grannular configuration? 'Configure
> UAC' should have a few more options than Turn On / Off.
>
> Thanks for all of your help and feedback.
>
> Matt

> If a program has a "golden ticket" to run elevated,
> then the system's security is only as strong as that app is
> and most apps aren't written in such a way as to be strong against
> subversion by
> other apps. Suppose mmc.exe (the Microsoft Management Console - open the
> Start menu, right-click on 'Computer' and choose 'Manage') were
> automatically
> quietly elevated every time. Then a bad guy would just have to figure out
> how to run it from the command line; or to ask it to open a malformed .mmc
> file that causes it to crash exploitably.

Do you think that the prompt for elevation is a more secure way to avoid a
bad guy program running?
What prevents a "bad guy" program to patch a "normal" program, then asking
for running the "normal" program in an elevated mode ?
If an integrity check was done and failed, then prompting the user to
require a specific action would be meaningfull.
I don't see UAC doing a crc check or whatever mechanism to be assured that
the "normal"program had not been patched by a bad guy. actually an user can
accept to run in an elevated mode a program that is supposed to be a "safe"
one ?
A white list, associated to a crc check (or whatever mechanism to check
integrity) is, in my mind the way to acchieve this goal without endless
prompting the user for anything.

Regards

--
Olivier

Thanks for the reply. I understand your comment about the dangers of
'whitelisting' an application, but have to disagree in pricipal. A user that
keeps a .txt file on the desktop called 'passwords.txt' might also try to
whitelist system control programs, scripts, etc. You can't help them anyway.
But a 3rd party app, that is not on every computer, cannot be manipulated if
the system itself has not already been comprimised.

"Jeff Smith [MSFT]" wrote:

> Unfortunately, there is no way to have a specific app silently elevate while
> leaving UAC enabled for all other administrative apps. I do feel your pain
> here -- I bounce off the elevation prompt many times a day. I just learned
> to quick hit ALT+C whenever it's coming up. There's plenty of websites that
> give instructions on how to turn UAC off, if it's really ruining your day.
>
> Although it doesn't seem like that's a security hole, it actually can be.
> Security is a 'weakest link' game. If a program has a "golden ticket" to run
> elevated, then the system's security is only as strong as that app is -- and
> most apps aren't written in such a way as to be strong against subversion by
> other apps. Suppose mmc.exe (the Microsoft Management Console - open the
> Start menu, right-click on 'Computer' and choose 'Manage') were automatically
> quietly elevated every time. Then a bad guy would just have to figure out
> how to run it from the command line; or to ask it to open a malformed .mmc
> file that causes it to crash exploitably.
>
>
> "anySmarterIdrunLinux" wrote:
>
> > Is there a way to grant an applicatoin the right to execute now and forever
> > more? An app that I use 3,4,10,15 times a day triggers an UAC prompt. I
> > understand that the app should be written in a different manner so that it
> > does not need Admin rights. Until it is re-written, I do not want to be
> > prompted __EVERY__ time i launch it. Is this possible?
> >
> > Since I think I already know the answer (but I am wrong far more than I
> > would like to admit which is why i am posting), Why not???
> >
> > and to answer the first 3 arguments against: 1) I don't care that the app
> > should be written differently. It is not written differently now, and I need
> > to run it now. 2) It's not really a security hole to whitelist an app(s) -
> > UAC is still running. Firewall is still running. User is still a least
> > priveledge account, etc. 3) i haven't thought far enough to have 3 counter
> > arguments.
> >
> > Can someone explain to MS the value in grannular configuration? 'Configure
> > UAC' should have a few more options than Turn On / Off.
> >
> > Thanks for all of your help and feedback.
> >
> > Matt

Thanks for the reply. I understand your comment about the dangers of
'whitelisting' an application, but have to disagree in pricipal. A user that
keeps a .txt file on the desktop called 'passwords.txt' might also try to
whitelist system control programs, scripts, etc. You can't help them anyway.
But a 3rd party app, that is not on every computer, cannot be manipulated if
the system itself has not already been comprimised.

"Jeff Smith [MSFT]" wrote:

> Unfortunately, there is no way to have a specific app silently elevate while
> leaving UAC enabled for all other administrative apps. I do feel your pain
> here -- I bounce off the elevation prompt many times a day. I just learned
> to quick hit ALT+C whenever it's coming up. There's plenty of websites that
> give instructions on how to turn UAC off, if it's really ruining your day.
>
> Although it doesn't seem like that's a security hole, it actually can be.
> Security is a 'weakest link' game. If a program has a "golden ticket" to run
> elevated, then the system's security is only as strong as that app is -- and
> most apps aren't written in such a way as to be strong against subversion by
> other apps. Suppose mmc.exe (the Microsoft Management Console - open the
> Start menu, right-click on 'Computer' and choose 'Manage') were automatically
> quietly elevated every time. Then a bad guy would just have to figure out
> how to run it from the command line; or to ask it to open a malformed .mmc
> file that causes it to crash exploitably.
>
>
> "anySmarterIdrunLinux" wrote:
>
> > Is there a way to grant an applicatoin the right to execute now and forever
> > more? An app that I use 3,4,10,15 times a day triggers an UAC prompt. I
> > understand that the app should be written in a different manner so that it
> > does not need Admin rights. Until it is re-written, I do not want to be
> > prompted __EVERY__ time i launch it. Is this possible?
> >
> > Since I think I already know the answer (but I am wrong far more than I
> > would like to admit which is why i am posting), Why not???
> >
> > and to answer the first 3 arguments against: 1) I don't care that the app
> > should be written differently. It is not written differently now, and I need
> > to run it now. 2) It's not really a security hole to whitelist an app(s) -
> > UAC is still running. Firewall is still running. User is still a least
> > priveledge account, etc. 3) i haven't thought far enough to have 3 counter
> > arguments.
> >
> > Can someone explain to MS the value in grannular configuration? 'Configure
> > UAC' should have a few more options than Turn On / Off.
> >
> > Thanks for all of your help and feedback.
> >
> > Matt

Thanks for the reply Jeff. But i have to disagree in pricipal. _MAYBE_ you
could make an argument for not allowing core MS utilities from being
'whitelisted', but if an admin is that lazy, then I say let them go. you
can't stop them from saving 'passwords.txt' on their desktop either.

But we're talking about 3rd party applications - not standard packages. In
order for a non-standard application to be comprimised, the system would
already have been comprimised. So all we're left with is a PITA.

As mentioned by Olivier - combine a whitelist with a CRC check - MS are you
listening? SP2 maybe???

thx again

"Jeff Smith [MSFT]" wrote:

> Unfortunately, there is no way to have a specific app silently elevate while
> leaving UAC enabled for all other administrative apps. I do feel your pain
> here -- I bounce off the elevation prompt many times a day. I just learned
> to quick hit ALT+C whenever it's coming up. There's plenty of websites that
> give instructions on how to turn UAC off, if it's really ruining your day.
>
> Although it doesn't seem like that's a security hole, it actually can be.
> Security is a 'weakest link' game. If a program has a "golden ticket" to run
> elevated, then the system's security is only as strong as that app is -- and
> most apps aren't written in such a way as to be strong against subversion by
> other apps. Suppose mmc.exe (the Microsoft Management Console - open the
> Start menu, right-click on 'Computer' and choose 'Manage') were automatically
> quietly elevated every time. Then a bad guy would just have to figure out
> how to run it from the command line; or to ask it to open a malformed .mmc
> file that causes it to crash exploitably.
>
>
> "anySmarterIdrunLinux" wrote:
>
> > Is there a way to grant an applicatoin the right to execute now and forever
> > more? An app that I use 3,4,10,15 times a day triggers an UAC prompt. I
> > understand that the app should be written in a different manner so that it
> > does not need Admin rights. Until it is re-written, I do not want to be
> > prompted __EVERY__ time i launch it. Is this possible?
> >
> > Since I think I already know the answer (but I am wrong far more than I
> > would like to admit which is why i am posting), Why not???
> >
> > and to answer the first 3 arguments against: 1) I don't care that the app
> > should be written differently. It is not written differently now, and I need
> > to run it now. 2) It's not really a security hole to whitelist an app(s) -
> > UAC is still running. Firewall is still running. User is still a least
> > priveledge account, etc. 3) i haven't thought far enough to have 3 counter
> > arguments.
> >
> > Can someone explain to MS the value in grannular configuration? 'Configure
> > UAC' should have a few more options than Turn On / Off.
> >
> > Thanks for all of your help and feedback.
> >
> > Matt

I guess Vista helps in more ways than i knew. Sorry for the duplicate posts...

"anySmarterIdrunLinux" wrote:

> Thanks for the reply Jeff. But i have to disagree in pricipal. _MAYBE_ you
> could make an argument for not allowing core MS utilities from being
> 'whitelisted', but if an admin is that lazy, then I say let them go. you
> can't stop them from saving 'passwords.txt' on their desktop either.
>
> But we're talking about 3rd party applications - not standard packages. In
> order for a non-standard application to be comprimised, the system would
> already have been comprimised. So all we're left with is a PITA.
>
> As mentioned by Olivier - combine a whitelist with a CRC check - MS are you
> listening? SP2 maybe???
>
> thx again
>
> "Jeff Smith [MSFT]" wrote:
>
> > Unfortunately, there is no way to have a specific app silently elevate while
> > leaving UAC enabled for all other administrative apps. I do feel your pain
> > here -- I bounce off the elevation prompt many times a day. I just learned
> > to quick hit ALT+C whenever it's coming up. There's plenty of websites that
> > give instructions on how to turn UAC off, if it's really ruining your day.
> >
> > Although it doesn't seem like that's a security hole, it actually can be.
> > Security is a 'weakest link' game. If a program has a "golden ticket" to run
> > elevated, then the system's security is only as strong as that app is -- and
> > most apps aren't written in such a way as to be strong against subversion by
> > other apps. Suppose mmc.exe (the Microsoft Management Console - open the
> > Start menu, right-click on 'Computer' and choose 'Manage') were automatically
> > quietly elevated every time. Then a bad guy would just have to figure out
> > how to run it from the command line; or to ask it to open a malformed .mmc
> > file that causes it to crash exploitably.
> >
> >
> > "anySmarterIdrunLinux" wrote:
> >
> > > Is there a way to grant an applicatoin the right to execute now and forever
> > > more? An app that I use 3,4,10,15 times a day triggers an UAC prompt. I
> > > understand that the app should be written in a different manner so that it
> > > does not need Admin rights. Until it is re-written, I do not want to be
> > > prompted __EVERY__ time i launch it. Is this possible?
> > >
> > > Since I think I already know the answer (but I am wrong far more than I
> > > would like to admit which is why i am posting), Why not???
> > >
> > > and to answer the first 3 arguments against: 1) I don't care that the app
> > > should be written differently. It is not written differently now, and I need
> > > to run it now. 2) It's not really a security hole to whitelist an app(s) -
> > > UAC is still running. Firewall is still running. User is still a least
> > > priveledge account, etc. 3) i haven't thought far enough to have 3 counter
> > > arguments.
> > >
> > > Can someone explain to MS the value in grannular configuration? 'Configure
> > > UAC' should have a few more options than Turn On / Off.
> > >
> > > Thanks for all of your help and feedback.
> > >
> > > Matt