Defender, Startup programs, and UAC

[Guest]

Vista Home Premium...

Sorry if my ignorance of Vista security etc. makes these sound like very
dumb questions...

Defender persistently blocks at startup a number of applications* I trust (I
can run them OK manually, but more about that in a moment).

Because there is no "Alert" dialog (just the balloon notification about
blocked items) I cannot add these programs to the Allowed list.

How can one manually add programs to the Allowed List? (I'd be surprised if
simple registry editing would fix it, because I could see that such a way of
recording allowed apps might itself open a security hole.)

* my trusted apps include: RegRun Secure Start, RegRun Watchdog, AVG Free
antivirus.

Regarding UAC, even when I do run these programs manually I get the UAC
dialog; I have set these programs to run as Administrator (as they typically
require) but I still always get the dialog. Is there no way to say "I trust
this app - Admin set the permissions" and ideally, query it if it only if it
has changed?

Finally, some of my other trusted apps (Steganos Safe for example) have
auto-updaters - they to also cause a UAC dialog every time I run the main
program... how can this behaviour be prevented?

May wealth and happiness rain on you if you can resolve these issues!

Thanks - Julian

 

[Guest]

Because there is no "Alert" dialog (just the balloon notification about

blocked items) I cannot add these programs to the Allowed list.

How can one manually add programs to the Allowed List? (I'd be surprised if
simple registry editing would fix it, because I could see that such a way of
recording allowed apps might itself open a security hole.)

Click the balloon itself, or if you miss it, click the Defender icon. It
will give you an option to permit the apps then.

Regarding UAC, even when I do run these programs manually I get the UAC
dialog; I have set these programs to run as Administrator (as they typically
require) but I still always get the dialog. Is there no way to say "I trust
this app - Admin set the permissions" and ideally, query it if it only if it
has changed?

No. If you set the programs to run as administrator you just told the OS
that you want to get the UAC dialog and elevate them each time they run. If
you unset that switch and they still prompt then the programs are written to
be elevated and you will get the UAC dialog each time. You need to unset the
switch. If any programs still prompt they are either not designed for Vista,
or not designed to auto-start, or poorly designed, or some combination
thereof.

 

[Guest]

Finally, some of my other trusted apps (Steganos Safe for example) have

auto-updaters - they to also cause a UAC dialog every time I run the main
program... how can this behaviour be prevented?

Forgot this one.

The only ways to prevent it is for the application to be refactored into a
service that does the updating without prompting, or using the Windows
Installer, which does not require elevation for signed patches/installers.
This is something the vendor needs to do.

 

[Guest]

Thanks Jesper - very helpful...

I also found this link on the Microsoft Vista Forums website under the topic
"Living with UAC" (http://thevistaforums.com/index.php?showtopic=10056) - I
think it is also relevant and of interest to potentially very wide audience
as it explains the how and why of an installation method to minimise UAC
issues

http://www.techwrighter.com/index.php?option=com_content&task=view&id=68&Itemid=27

But again - many thanks

Julian

 

[Guest]

I also found this link on the Microsoft Vista Forums website under the topic

"Living with UAC" (http://thevistaforums.com/index.php?showtopic=10056) - I

I wouldn't put too much stock in that. The part about "Run as administrator"
is wrong, and the rest of the thread is about how to disable either all of
UAC or one important component of it.

http://www.techwrighter.com/index.php?option=com_content&task=view&id=68&Itemid=27

This one is much better, but it misunderstands the job of UAC. The purpose
is not to warn you when something bad is about to happen. The purpose is:
http://msinfluentials.com/blogs/jes...-about-vista-features-what-uac-really-is.aspx

 

[Guest]

The 'Warn you when something bad is about to happen", Jesper, is merely a
reference to one of the purposes of the feature, from the viewpoint of the
end user. The article isn't intended to be a technical dissertation on UAC,
but instead merely an accurate guide to a technique which will make life with
UAC more comfortable for the end user.

When the technique is followed UAC prompts will be kept to a minimum, and
when one appears the end-user will, indeed, be 'warned' if it is not in
response to something the end-user has initiated and is aware of.

But thanks for the compliment paid to the article!

Cheers,
Terry

 

[Guest]

The 'Warn you when something bad is about to happen", Jesper, is merely a

reference to one of the purposes of the feature, from the viewpoint of the
end user. The article isn't intended to be a technical dissertation on UAC,
but instead merely an accurate guide to a technique which will make life with
UAC more comfortable for the end user.

Understand, but the problem is that UAC is not only not capable of warning
you when anything bad is about to happen, it was not designed to do that. The
primary design purpose of UAC was to enable more people to run as a
non-admin. The misconception that it was is what has lead to the vast
majority of the criticism about UAC. In fact, that misconception is what
Apple capitalized on in their ludicrous commercials poking fun at UAC (in
spite of the fact that (a) Mac OS X has exactly the same feature, (b) except
that in Mac OS X it is disabled by default, like all their security, and (c)
Vista has process separation to make driving the UI harder, which Mac OS X
does not).

As long as people are told that UAC is a protection layer from bad code the
user chose to execute people will not only fail to act with the proper amount
of care but they will also become extremely dismayed when the bad guys figure
out how to circumvent UAC and attack their computers. At that point it is
likely that a lot of bad things could happen, starting with disabling UAC,
which will disable the protections that it DOES afford. It will also mean
that we will never end up in a truly bifurcated world as software developers,
lazy as we are, will never start writing code designed to run as a non-admin.

When the technique is followed UAC prompts will be kept to a minimum, and
when one appears the end-user will, indeed, be 'warned' if it is not in
response to something the end-user has initiated and is aware of.

I agree that you can keep the prompts to a minimum, and that doing so is
valuable. Your technique works well for installers that UAC does not
auto-detect.

 

[bazad]

Understand, but the problem is that UAC is not only not capable of warning
you when anything bad is about to happen, it was not designed to do that.
The
primary design purpose of UAC was to enable more people to run as a
non-admin. The misconception that it was is what has lead to the vast
majority of the criticism about UAC. In fact, that misconception is what
Apple capitalized on in their ludicrous commercials poking fun at UAC (in
spite of the fact that (a) Mac OS X has exactly the same feature, (b)
except
that in Mac OS X it is disabled by default, like all their security, and
(c)
Vista has process separation to make driving the UI harder, which Mac OS X
does not).

I have Mac OS X machine and I can tell you for sure that I get prompted only
once during multiple OS upgrades or any other installations. I am running
as non-admin which is a default configuration. So, I am not sure were you
are coming from with Apple has the feature disabled. As far as I am
concerned Apple feature does the same and annoy me a lot less. Apple add
is completely justified.

 

[frogliver]

(SNIP)

"This one is much better, but it misunderstands the job of UAC. The purpose
is not to warn you when something bad is about to happen. The purpose is:
http://msinfluentials.com/blogs/jes...-about-vista-features-what-uac-really-is.aspx"
Jesper,
Would you please clarify how to accomplish each of the following from your
blog:

Good: Run in admin-approval mode
Better: Run as standard user and elevate to separate admin account
Best: Run as standard user and switch user to a separate admin account
instead of using UAC to elevate

My desktop runs XP SP1 and I have installed just about every malware tool I
can get my hands on. Whenever I do something that causes an alert(s) 1) I
pay attention because I see what anti-malware program is alerting 2) it
usually gives me options, usually details 3) usually I become used to the
kinds of alerts from different tools and can easily click on an appropriate
intention, and often there is no action required as it is just an alert. I
know what to expect.

My laptop has Vista. UAC just keeps bugging me about unexpected things and I
just offhandedly click "continue" as I'll bet most people do. So I am in the
process of installing the anti-malware I am used to so my laptop becomes
transparent to me as is my desktop, I can then turn off UAC, and I can then
focus on doing some work.

My question: Why couldn't MS have learned from some of the bread-and-butter
security apps and modeled UAC after them, or offer a package of them (fat
chance), or some such trustworthy approach, instead of conforming to their
proprietary policies without consideration for any intelligence on the part
of many of their users, i.e. offering intelligent options.? Any system that
requires four separate clicks to get online is written by somebody who
thinks I have all day to hang around the PC waiting to make the next click.
How could I expect that dufass to write UAC so I could use it and trust it
for protection (it is not a security app, but when it asks me to consider
whether or not I have made a safe choice by asking if I wish to continue it
pretends to be one).

Unlike many others I won't change my laptop to XP, I will just change the
security methods to operate the same way.

frogman

 

[Guest]

I have Mac OS X machine and I can tell you for sure that I get prompted only

once during multiple OS upgrades or any other installations. I am running
as non-admin which is a default configuration. So, I am not sure were you
are coming from with Apple has the feature disabled. As far as I am
concerned Apple feature does the same and annoy me a lot less. Apple add
is completely justified.

On my Mac I had to enable the prompting. For example, I could manage user
accounts by simply clicking on the little lock icon in the control panel. It
did not prompt me for anything.

There is no desktop separation between the prompts and the users desktop on
the Mac either. That means that a malicious program can trivially automate
the elevation process, or read the password you type.

 

[Jimmy Brush]

(it is not a security app, but when it asks me to consider whether or not
I have made a safe choice by asking if I wish to continue it pretends to
be one).

UAC is a security device.

The reason UAC is a security device is because programs that DO NOT prompt
DO NOT have full control over your computer.

UAC DOES NOT prompt for every program. It only prompts for programs that
want complete and utter control over your computer.

It is asking you if you intend for the program it displays to have complete
control over your computer.

This protects you from 1) programs that would take control over your
computer wtihout your knowledge and 2) programs that would start trusted
system utilities and use them to take control of or harm your computer
("Hey, I didn't start format.exe, why is it running!")

UAC doesn't care what you are doing with the program, or whether it is safe
or not, UAC only cares that *you* started the program and intend for it to
have full control over your computer.

UAC puts you in control.

The only thing it does is to make sure that YOU KNOW that the program will
have COMPLETE control of your computer while its running.


--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/

 

[Jimmy Brush]

Hello Jesper,

I agree with you that what UAC accomplishes is to put users running as an
administrator into approximately the same "security state" as they would be
in if they were running as a standard user and launching programs using
admin credentials from inside that standard user account.

UAC certaintly is not designed to stop malware or warn users when something
bad is about to happen.

In fact, I see only one reason that UAC currently has to be visible to the
user at all (via prompt), but it is an important one: it ascertains user
intent.

It makes sure that the user wants a program to run with admin privs, in the
same way that a user running as a standard user has to show intent in order
to launch a program with admin power (in that case, by entering the admin
password).

Since seperation of privilege is impossible if applications can authorize
themselves to run with higher privileges or control higher-privileged
applications, Windows must somehow ascertain user intent in order to achieve
this seperation of privilege.

I would like to ask you why running inside a standard user account and
elevating from within it is more secure than running in a UAC-protected
administrator account.

From what I understand, a standard user running an admin program on their
desktop exposes the exact same attack surface that running an admin-level
program inside a UAC-protected admin account would.

I would also like to ask how you think UAC will evolve as Windows matures?
What happens after users are running as standard users all the time?

I think at an abstract level the UAC design is what can take us to the next
paradigm in OS security. Which is ... focusing on how privileges assigned to
a user are used by applications in a GUI environment.

If the user that is using the computer needs X privileges to do their work,
I think it is silly for them to have to have two accounts (one with X
privilege and one with <X privilege) and switch between the two in order to
have a secure environment, and I hope UAC will evolve to make this
uneccesary.

In fact, I think this is almost an absurd workaround to the real problem:
how can the system allow the user to do something while at the same time
keeping an application from doing that something of its own accord.

It seems to me that blocking myself from doing something in order to keep
programs from doing that something is a poor solution at best.

I see UAC as a start to solving this problem: That from the pool of
privileges users are assigned, applications can only use those privileges
that the user intends for them to use.

I think that the UAC model, a method of privilege seperation within the same
user account with user intent controlling the discrimination of privilege,
is very exciting stuff.

If the OS had some sort of User Intent framework built into it (as UAC does
in a very primitive [and most would say annoying] form right now), where it
could discern between privilege use that it KNOWS the user intended to
happen vs. privilege use that the program is doing in the background or
without user knowledge, then the OS would be able to do some really cool
things.

--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/

 

[Ronnie Vernon MVP]

Julian

This was the first time I looked at thevistaforums.com and I can tell you
I'm not impressed. A lot of mis-information and downright wrong information
seems to be posted there and goes unchallenged.

One of the messages in the thread that you referenced had this tidbit.

<quote>
The one thing that I do recommend to disable, is the secure desktop. It
makes the prompts a lot faster, and more seamless. You can do that in your
Local Security Policy.

Start > gpedit > Elevate

This will bring up the Registry Editor, and move to this path:
</quote>

Huh? typing in the name for Group Policy Editor will bring up the Registry
Editor?

 

[Guest]

Therefore, a poisoning
attack where you run a malicious app as a standard user and it poisons the
environment for a privileged app is less likely to succeed. You would expose
the same attack surface using currently running applications, but not using
an app that ran weeks ago.

Excellent point ... I hadn't thought about that.

I'm not sure, to be honest. I really hope it moves toward making it easier
to use multiple desktops.

Fascinating thought as well.

I'd also hope to see a lot of applications opting in for this. Currently,
the state of software quality is really poor. To be frank about it, Microsoft
builds far higher quality than most other organizations. If running as a
standard user becomes more commonplace and people start demanding it, we may
see software developers actually becoming engineers, and think about how to
engineer what it is they are doing. I've said many times that I think too
large a proportion of software developers fall into the category of "software
construction workers," not software engineers. There is precious little
engineering going into what they do - something I blame on the educational
system BTW. If they have to think about people running as standard user it
might force some engineering thought into the process. There are many
exceptionally smart software engineers out there, but the overall quality
needs drastic improvement.

I think software developers tend to take the shortest and least painful
solution to a problem in order to get their app to work, regardless of
whether it is correct or not (the "who cares if it doesn't fit in with the
way MS architected windows, it works doesnt it?" attitude). I think MS needs
to make the correct solutions to common problems less painful than the
incorrect solutions, and I think UAC accomplishes this very well, at least in
some aspects.

Yes. Better barriers between applications are necessary. A logical place for
Windows to go is to permit better separation and access control between
applications.

Agreed - Applications should only be able to talk with other applications in
a way that Windows knows about and can enforce policy on.

There is no reason why one application automatically should be
able to control another simply because they are on the same desktop.
Absolutely!

It would
be logical to direct the energy in the next version of Windows toward better
separation. That, in turn, would require fundamental architectural changes in
the OS though, not to mention the changes required in user behavior.

I agree - I think that all forms of IPC should be marshalled or handled in
some way by the OS, so that the OS can enforce privilege seperation/policy.

Is it possible to enforce 100% privilege seperation while still allowing two
different privileged processes to communciate with each other? Well, MS has
spent a good amount of time doing this protecting the Windows API, system
services processes, and user->kernel mode transition from privilege
escalation. Perhaps there could be some way for MS to generalize what they
have learned from doing this and enforce this somehow at an
application->application level, with the cooperation of software developers
(through IPC API's)? Ideally, this would result in a fundamental
architectural changes in Windows and the way Windows programs are written,
but little change requried in the way users actually interact with programs.

Finally, I sincerely hope we will see users empowered to make more and
better decisions. There is a large contingent of security professionals that
believe that all security decisions should be shielded from the user. The
unspoken rationale for that is that users are not only not interested in
security, they are too unintelligent to be taught how to do it properly. Only
by relying on Big Brother
Symantec/McAfee/Defender/Whatevertechnologyyouinserthere will they be
properly protected. I fail to see how technology can ultimately protect
people from attacks targeting people. I wrote a lot about that a while ago:
http://www.microsoft.com/technet/technetmag/issues/2006/07/SecurityWatch/default.aspx

UAC is already forcing users to make security decisions, and we are already
seeing technology vendors working on solutions to, again, prevent users from
making decisions.

WOW, I couldn't agree with you more here!

It seems everyone is of the position that either "Users are too stupid to
know 1+1 so they can't possibly be trusted with their own system" or "It is
impossible to implement good security without making the computer completely
unusable, so why bother".

I disagree with both of these statements.

The problem isn't that users are too stupid to make decisions ... it is that
they are UNABLE to make decisions at all! They are not given the information
or control they need to because 1) they have no way of knowing for sure what
a program is doing or 2) they have no way of knowing for sure how they they
should use/interact with programs, BECAUSE they don't have any assurances as
to what such interaction will end up doing

They rely on automated systems to weed out "known baddies" and such, but
that is a nevereding and always loosing battle.

The problem isn't that "bad" programs exist; the problem is that Users have
no way of trusting that when a program says it will do something, that that
is what it is going to do. If the system could ensure that what the user is
wanting to happen was what was actually happening, then these types of
problem programs would be solved in a much more effective and nicer way.

Heck, if you stuck even a very technical and knowledge person [like a
software engineer] in front of a computer, threw a program on a screen, and
asked them what would happen if they clicked on a button ... they wouldn't be
able to answer with any certainty! Because the program can do whatever it
wants, can lie, cheat, steal, etc, with impunity.

This is the problem, IMHO. There is no transparency from the user's
perspective [regardless of skill level] as to what the heck is going on when
they do things.

I don't see security as a technical problem requring complicated code to
solve that is above the users head - I see it as a design problem, that if
designed correctly, will come accross to the user in a completely natural and
usable way.

I think it really is as simple as finding some way to enforce that 'If it
says delete than that is what it is going to do, and if it says look at the
dancing bears, then that is what it is going to do [and nothing else, unless
it tells me about it]'.

At least then things would be "as good as they get" - As you say, you can't
stop a user from performing some action that they want to do [even if they
are being tricked into doing it]. This can only be done thru
informing/training users.

But I don't see this as the big problem today - I see the problem as users
know what they WANT to do, but they have no way of telling the computer this
in such a way that it understands what they are wanting to do and enforcing
that this is the only thing that is going to happen.

I really appreciate the time you spend here, and I have learned a great deal
from your posts.

Thank you,

- JB

 

[Guest]

I think software developers tend to take the shortest and least painful

solution to a problem in order to get their app to work, regardless of
whether it is correct or not (the "who cares if it doesn't fit in with the
way MS architected windows, it works doesnt it?" attitude). I think MS needs
to make the correct solutions to common problems less painful than the
incorrect solutions, and I think UAC accomplishes this very well, at least in
some aspects.

Absolutely right on several points, and yet, does not go far enough.
Software developers, if I am to generalize grossly (I am one, part time
anyway, after all) have two major flaws. First, we are lazy. If there is a
bad way to do something that takes three minutes, and a proper way to do it
that takes five, we take the bad approach. That tendency is overriden only by
arrogance. We are, when it all comes down to it, the pinnacle of evolution;
the smartest creatures in creation, and far, far, more intelligent than the
losers at Microsoft. What do they know anyway? They couldn't possibly
understand how to do it right, or they would have my job! Therefore, there is
no reason to follow the directions and if my choice is to write my own
algorithm, or read documentation and find out how to use the built-in one,
I'll write my own. It will be faster, better, cooler, smarter, and my
insidiously exciting!

Granted, this is a gross generalization, but stereotyping is fun, and it is
not without a shade of truth. I see these tendencies almost every day. I've
seen web programmers who know nothing more than perl and PHP argue about how
thread schedulers should work. This arrogance, which exists in all developers
to some extent, is detrimental to security in so many ways. It also harms
quality, both on its own according and because insecure code is low quality
code.

I agree - I think that all forms of IPC should be marshalled or handled in
some way by the OS, so that the OS can enforce privilege seperation/policy.

That would mean breaking up shared memory! It would mean breaking the entire
session and window management constructs in Windows. Doing so is certainly
possible, but it would take some serious effort and determination on
Microsoft's part to do.

Perhaps there could be some way for MS to generalize what they
have learned from doing this and enforce this somehow at an
application->application level, with the cooperation of software developers
(through IPC API's)? Ideally, this would result in a fundamental
architectural changes in Windows and the way Windows programs are written,
but little change requried in the way users actually interact with programs.

That's a good ideal. The part about architectural changes is true, but the
way users interact will probably be impacted as well. The problem is all
about legacy and legacy code. Microsoft took some liberties in X64 because
there was no legacy. In my opinion, they did not quite go far enough.

WOW, I couldn't agree with you more here!

You seem to be one of the few!

The problem isn't that users are too stupid to make decisions ... it is that
they are UNABLE to make decisions at all! They are not given the information
or control they need to because 1) they have no way of knowing for sure what
a program is doing or 2) they have no way of knowing for sure how they they
should use/interact with programs, BECAUSE they don't have any assurances as
to what such interaction will end up doing

Add ot that the fact that software is really bad at discerning intent, both
from other software and users. It is really hard to analyze a 10-instruction
program and at each instruction be able to predict what the next instruction
will be doing. To understand what the ultimate intent of the program is any
technology needs to be able to see the rest of the actions. Human beings are
FAR better at discerning intent than software is. We have extensive
experience in it, and much more contextual knowledge than what software can
ever have. Without the ability to discern intent software will never be able
to make proper security decisions in a majority of situations.

Heck, if you stuck even a very technical and knowledge person [like a
software engineer] in front of a computer, threw a program on a screen, and
asked them what would happen if they clicked on a button ... they wouldn't be
able to answer with any certainty! Because the program can do whatever it
wants, can lie, cheat, steal, etc, with impunity.

There is your problem with intent. Imagine a completely unrealistic
situation where a user can communicate intent to a computer and the computer
can make allow/deny decisions based on that intent? "I really wanted to
listen to my music, but if the program tries to pull out all my passwords and
e-mail them to Russia, I would like you to stop it." That's the panacea.

This is the problem, IMHO. There is no transparency from the user's
perspective [regardless of skill level] as to what the heck is going on when
they do things.

The intrusion prevention systems attempt to provide such transparency, but
they are extremely bad at it because of the lack of context as I mentioned
earlier. I have a series of wonderful screenshots in the Windows Vista
Security book where I show one of them reacting to an outbound connection. It
throws a warning about the DNS lookup and the default action is to allow all
further connections from this program. If you do so you won't see the actual
connection attempt.

But I don't see this as the big problem today - I see the problem as users
know what they WANT to do, but they have no way of telling the computer this
in such a way that it understands what they are wanting to do and enforcing
that this is the only thing that is going to happen.

That's where the intent communication comes in.

I really appreciate the time you spend here, and I have learned a great deal
from your posts.

As have I from yours. I think I'm going to noodle on this a bit more and
write an article on it.

 

[Guest]

I would like to ask you why running inside a standard user account and

elevating from within it is more secure than running in a UAC-protected
administrator account.

I actually try to avoid elevating if I can. I dislike having privileged apps
on the same desktop as unprivileged ones. However, the primary reason is
because when you run as a standard user and elevate the elevated apps have a
different user environment than the unelevated ones. Therefore, a poisoning
attack where you run a malicious app as a standard user and it poisons the
environment for a privileged app is less likely to succeed. You would expose
the same attack surface using currently running applications, but not using
an app that ran weeks ago.

I would also like to ask how you think UAC will evolve as Windows matures?
What happens after users are running as standard users all the time?

I'm not sure, to be honest. I really hope it moves toward making it easier
to use multiple desktops. On Unix-based systems, including Mac OS X, you can
swap between interactive desktops using the function keys. The infrastructure
to do that is present in Windows, but it has not been used that way by
Microsoft, save for a fairly poor powertool under NT 4. There is RDP to do
something similar, but it far more complicated to use this way. With a true
multiple desktop implementation we also could get elevated Explorer windows
and a true implementation where a user could be an admin on one desktop and
not on another.

I'd also hope to see a lot of applications opting in for this. Currently,
the state of software quality is really poor. To be frank about it, Microsoft
builds far higher quality than most other organizations. If running as a
standard user becomes more commonplace and people start demanding it, we may
see software developers actually becoming engineers, and think about how to
engineer what it is they are doing. I've said many times that I think too
large a proportion of software developers fall into the category of "software
construction workers," not software engineers. There is precious little
engineering going into what they do - something I blame on the educational
system BTW. If they have to think about people running as standard user it
might force some engineering thought into the process. There are many
exceptionally smart software engineers out there, but the overall quality
needs drastic improvement.

If the user that is using the computer needs X privileges to do their work,
I think it is silly for them to have to have two accounts (one with X
privilege and one with <X privilege) and switch between the two in order to
have a secure environment, and I hope UAC will evolve to make this
uneccesary.

Yes. Better barriers between applications are necessary. A logical place for
Windows to go is to permit better separation and access control between
applications. There is no reason why one application automatically should be
able to control another simply because they are on the same desktop. It would
be logical to direct the energy in the next version of Windows toward better
separation. That, in turn, would require fundamental architectural changes in
the OS though, not to mention the changes required in user behavior.

Finally, I sincerely hope we will see users empowered to make more and
better decisions. There is a large contingent of security professionals that
believe that all security decisions should be shielded from the user. The
unspoken rationale for that is that users are not only not interested in
security, they are too unintelligent to be taught how to do it properly. Only
by relying on Big Brother
Symantec/McAfee/Defender/Whatevertechnologyyouinserthere will they be
properly protected. I fail to see how technology can ultimately protect
people from attacks targeting people. I wrote a lot about that a while ago:
http://www.microsoft.com/technet/technetmag/issues/2006/07/SecurityWatch/default.aspx

UAC is already forcing users to make security decisions, and we are already
seeing technology vendors working on solutions to, again, prevent users from
making decisions.

 

[Guest]

Glad to see that the question prompted such an interesting discussion with
contributions from Jesper and Jimmy B...

I thought however it would be nice to answer the question myself, now that I
have found the un-obvious (no one else mentioned it!) answer.

See knowledgebase article 930367 'Error message when you reach the Windows
Vista Desktop: "Windows has blocked some startup programs"'

It says that Defender is blocking the two apps because they would cause UAC
prompts. Annoyingly, the "resolution" section does not resolve the issue of
not being able to run the apps at startup: it resolves the issue of getting a
warning message, which is not actualy the issue - for me at least.

Not happy with the approach, not happy with the implementation: I would
prefer that (or at least the choice) to have the apps start and to confirm to
the UAC prompts that I wanted them. Failing that, Defender should not have
hidden the reason from me. I have tried so many things to get Defender to
run them, and I now know why it was a complete waste of time. If it had -
somewhere - said it was a UAC issue, whilst I might not have liked the
approach, I would at least have understood that uninstalling, reinstalling,
changing ownership, etc. was not going to resolve the issue.

The message to all vista users is, in summary: if you run Defender under
Vista, do you cannot usefully make apps that require UAC startup items. I'll
restate that for the benefit of Googlers: Apps that require
administrative/admin privilege(s) aka full system access will not
startup/won't start/ doesn't start if using real-time Defender protection
under Vista.

The discussions are great - but how does one get Microsoft to acknowledge
such issues?

Julian