Administator security

[Guest]

I wonder if I am missing something in how the new security is designed in
Vista. When I installed Vista it asked for my logon on name and set me up as
an administator account. It asked no questions about the type of account or
if any other users were to be added. When I trigger an event that requires
admin level permissions I get the dialog box that asks for confirmation, but
no request for a password. I just click continue and proceeed. How is this
more secure than XP? Or am I missing something?

Kent

 

[Jimmy Brush]

Hello,

In Windows Vista, even though your account is an administrator, the programs
you run are only given "standard user" permissions, unless you approve them
via the permission dialog to have admin power.

This is more secure in XP, because most applications running on your
computer can't change system-level settings if they are compromised or
poorly designed. And, the only applications that CAN potentially hurt your
system are the ones that you explicitly authorize...

So, if you see a prompt asking for permission when you are browsing the
internet or writing in your word processor, you can reason that you weren't
changing a system settings and click cancel, preventing an unknown program
from gaining admin permission on your computer.

In Windows XP, any program that could somehow get itself started could
completely take control of your system. In Windows Vista, you are in control
of what programs can hurt your system.

 

[Jimmy Brush]

This is more secure in XP

Should read: "This is more secure THAN XP"

 

[Mark D. VandenBerg]

Hello,

In Windows Vista, even though your account is an administrator, the
programs you run are only given "standard user" permissions, unless you
approve them via the permission dialog to have admin power.

This is more secure in XP, because most applications running on your
computer can't change system-level settings if they are compromised or
poorly designed. And, the only applications that CAN potentially hurt your
system are the ones that you explicitly authorize...

So, if you see a prompt asking for permission when you are browsing the
internet or writing in your word processor, you can reason that you
weren't changing a system settings and click cancel, preventing an unknown
program from gaining admin permission on your computer.

In Windows XP, any program that could somehow get itself started could
completely take control of your system. In Windows Vista, you are in
control of what programs can hurt your system.


--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/

I agree with everything you have written about UAC, Jimmy, and you know I am
a proponent of UAC and that I also understand (somewhat) its advantages over
XP.

After several months of reading posts by users unable to retain a product
key, users who are under the impression that Microsoft writes drivers and
users that can't burn (or recognize) an .iso, is Microsoft being wise in a
practical sense by putting this control in the hands of the average user?
As an example, when Joanna Rutkowska was asked at Black Hat how she was able
to circumvent UAC, she replied that she merely clicked "OK." Or is it a
matter of this being better than it was? Should Microsoft have gone
farther? Am I over-analyzing?

 

[Jimmy Brush]

Hello Mark,

You bring up an excellent point, as always.

And I would say that regardless of how the average user uses UAC, the system
is still much more secure than in XP - even if the user always clicks
Continue.

Why? Because the majority of the system runs as a standard user when UAC is
turned on (explorer.exe, etc). And, Internet Explorer Protected Mode is
enabled with UAC on. These things will protect the user from automated
attacks - such as worms - because if a worm burrows into these processes,
they won't be able to do admin stuff. Of course, the worms can throw in
shellcode that will ask the user to elevate a new process as admin, but this
will be much more difficult to write, as it will have to drop an EXE onto
the system, or abuse a pre-existing EXE.

But, that still brings us back to the original question ... will users use
UAC the way it was intended - to protect them from running applications that
they did not start or do not want on their system? And if so, how does the
user know what is good vs what is bad?

Obviosuly I can't answer these questions definatively. But I do think it
will work and be successful - here's why.

Users are VERY aware that their computer gets filled up with "trash". Now,
some users are more proactive about it than others (by buying security
software or getting their computer cleaned by a geek), but I would say that
even the lazy-est of computer users know that when they are on the internet
their computer collects junk that slows down their computer and throws
advertisements.

With UAC, users are no longer in the dark about this "filling up with trash"
process... It is now very simple to explain to users that "When you click
Continue, your computer fills up with junk and you have to spend money to
clean it out". I am hoping that this doesn't even have to be explained - as
it should be ovious to the user after a while that clicking Continue does
bad things.

From a psychological viewpoint, UAC throws in a rewards/punishment system to
the mix.

When they click Continue when a malware asks to be installed, they are
punished by being forced to put up with the malware and eventually having
the computer cleaned.

When they click Cancel, they are rewarded by stopping the malware from
getting started.

BUT ... how does the user know when to click Continue and when to click
Cancel? This part takes some training - but I think it will be very simple
for most users to grasp, many just intuitively.

Basically, if you're opening something that you want to be able to trash
your computer, steal your credit card numbers, and send embarassing pictures
of you at last years octoberfest to your contact list, click Continue;
otherwise, click Cancel.

As for taking UAC "to the next level" ... Fundamentally, UAC relies on the
user to give the system a yes or no response. There is no way around this...
the system cannot determine what programs should have admin or shouln't have
admin, because the system sees all programs as equal.

This is why UAC works so well with antispyware solutions and antivirus
solutions -- they fill gaps in each others' protections. Traditional
security software stops known baddies but doesn't get them all. UAC helps
the user stop unknown baddies while relying on traditional security software
to automatically stop the known baddies so as not to bother the user with
them.

However, I do hope that in a future version, Windows will be able to tell
the difference between the user starting a program and a program starting a
program. This will allow the system to make much more informed decisions as
to when to ask the user for permission -- for example, a program could be
"blessed" to always run as admin, but only if the system determines the user
is explicitly starting that program; if not, the system would throw a
prompt.

 

[Jimmy Brush]

I never really wrapped up my thoughts ...

In conclusion, then, it is anybody's guess how successful UAC will be with
training users when to click Continue and when to click Cancel. I'm sure
Microsoft has been watching user reactions to it very closely and will
continue to fine-tune it after Vista is released.

It is definately something Microsoft MUST watch closely, and tweak very
often, because getting users to be able to intuitively understand its value
and learn how to use it is of paramount importance.

 

[Mark D. VandenBerg]

So, UAC is better than anything previously offered by Microsoft in an
operating system. On this we can agree. Is it enough? We don't yet know,
but I will be cynical and say it is not, and that users will click away with
abandon. I'l return to my "Blue Pill" example and purport that Joanna is
correct in her assesment that social engineering, Pavlovian that it is, has
conditioned the average user to merely click without thought. Rootkits are
the next threat, and with virtual machines so prevalent, they are here, now.
Ones done well will be undetectable, and with a user programmed to click,
they will be installed.

AI has shown promise in other fields. Can the properties of AI be adapted
to recognize "good vs. evil?" Not today. When does Vienna ship?

 

[Jimmy Brush]

Can the properties of AI be adapted

to recognize "good vs. evil?"

Good and evil are labels assigned by human brains to abstract concepts.

If my computer started doing this, I would be very, very afraid.

lol