UAC=U Are Compromised/Vista Hacked at Black Hat

[Chad Harris]

Vista hacked at Black Hat
http://news.com.com/Vista+hacked+at+Black+Hat/2100-7349_3-6102458.html?tag=nl

Vista hacked at Black Hat

By Joris Evers
http://news.com.com/Vista+hacked+at+Black+Hat/2100-7349_3-6102458.html

Story last modified Fri Aug 04 15:26:35 PDT 2006






LAS VEGAS--While Microsoft talked up Windows Vista security at Black Hat, a
researcher in another room demonstrated how to hack the operating system.
Joanna Rutkowska, a Polish researcher at Singapore-based Coseinc, showed
that it is possible to bypass security measures in Vista that should prevent
unsigned code from running.

And in a second part of her talk, Rutkowska explained how it is possible to
use virtualization technology to make malicious code undetectable, in the
same way a rootkit does. She code-named this malicious software Blue Pill.

"Microsoft is investigating solutions for the final release of Windows Vista
to help protect against the attacks demonstrated," a representative for the
software maker said. "In addition, we are working with our hardware partners
to investigate ways to help prevent the virtualization attack used by the
Blue Pill."

At Black Hat, Microsoft gave out copies of an early Vista release for
attendees to test. The software maker is still soliciting feedback on the
successor to Windows XP, which is slated to be broadly available in January.

Rutkowska's presentation filled a large ballroom at Caesars Palace to
capacity, even though it was during the last time slot on the final day of
the annual Black Hat security confab here. She used an early test version of
Vista for her research work.

As one of the security measures in Vista, Microsoft is adding a mechanism to
block unsigned driver software to run on the 64-bit version of the operating
system. However, Rutkowska found a way to bypass the shield and get her code
to run. Malicious drivers could pose a serious threat because they run at a
low level in the operating system, security experts have said.

"The fact that this mechanism was bypassed does not mean that Vista is
completely insecure. It's just not as secure as advertised," Rutkowska said.
"It's very difficult to implement a 100 percent-efficient kernel
protection."

To stage the attack, however, Vista needs to be running in administrator
mode, Rutkowska acknowledged. That means her attack would be foiled by
Microsoft's User Account Control, a Vista feature that runs a PC with fewer
user privileges. UAC is a key Microsoft effort to prevent malicious code
from being able to do as much damage as on a PC running in administrator
mode, a typical setting on Windows XP.

"I just hit accept," Rutkowska replied to a question from the audience about
how she bypassed UAC. Because of the many security pop-ups in Windows, many
users will do the same without realizing what they are allowing, she said.

In other a.. The widening world of Wikimedia
b.. Copyright tussles for Google
c.. Vista's close-up at Black Hat
d.. News.com Extra: The best tech gear that you can't buy here
e.. Video: Electric car hits 130 mph
Microsoft has touted Vista as its most secure version of Windows yet. It is
the first operating system client to go through the company's Security
Development Lifecycle, a process to vet code and stamp out flaws before a
product ships.

"Windows Vista has many layers of defense, including the firewall, running
as a standard user, Internet Explorer Protected Mode, /NX support, and ASLR,
which help prevent arbitrary code from running with administrative
privileges," the Microsoft representative noted.

After the presentation on bypassing the driver shield, Rutkowska presented a
way to create the stealthy malicious software she code-named Blue Pill. The
technique uses Pacifica, a Secure Virtual Machine, from chipmaker Advanced
Micro Devices, to go undetected.

Blue Pill could serve as a backdoor for attackers, Rutkowska said. While it
was developed on Vista and AMD's technology, it should also work on other
operating systems and hardware platforms. "Some people suggested that my
work is sponsored by Intel, as I focused on AMD virtualization technology
only," she said, adding that is untrue.

 

[Alan Simpson]

To non-technical folks reading this, let me just say that Chad got it
backwards in the Subject line to his post. This particular hack requires
that the intruder have system-administrator privileges to turn off
driver-signing requirements. Therefore the following subject line would be
far more accurate and truthful:



UAC = U Are Not Compromised

 

[Jason]

Very nice Alan. Thanks for sharing

To non-technical folks reading this, let me just say that Chad got it
backwards in the Subject line to his post. This particular hack requires
that the intruder have system-administrator privileges to turn off
driver-signing requirements. Therefore the following subject line would be
far more accurate and truthful:



UAC = U Are Not Compromised

 

[Jeff]

Hi,
Maybe I read it wrong;but;
To stage the attack, however, Vista needs to be running in administrator

mode, Rutkowska acknowledged. That means her attack would be foiled by
Microsoft's User Account Control, a Vista feature that runs a PC with fewer
user privileges. UAC is a key Microsoft effort to prevent malicious code
from being able to do as much damage as on a PC running in administrator
mode, a typical setting on Windows XP.

"I just hit accept," Rutkowska replied to a question from the audience about
how she bypassed UAC.

O.K.
What part of UAC protected it? Sure ya gotta be runnin as admin;which is still default when you initially set up Vista; and to show this point;go to UAC setup in control panel; where;if you follow it; it will show that; the person's privelege is admin,at least in 5384.
Which then follows her next comment;that has been conviently snipped in this thread;read above;
"I just hit accept," Rutkowska replied to a question from the audience about

how she bypassed UAC.

So back to the original point;hacked;easily!!
Jeff
Very nice Alan. Thanks for sharing

 

[Mark D. VandenBerg]

Hi,
Maybe I read it wrong;but;
To stage the attack, however, Vista needs to be running in administrator

mode, Rutkowska acknowledged. That means her attack would be foiled by
Microsoft's User Account Control, a Vista feature that runs a PC with fewer
user privileges. UAC is a key Microsoft effort to prevent malicious code
from being able to do as much damage as on a PC running in administrator
mode, a typical setting on Windows XP.

"I just hit accept," Rutkowska replied to a question from the audience about
how she bypassed UAC.

O.K.
What part of UAC protected it? Sure ya gotta be runnin as admin;which is still default when you initially set up Vista; and to show this point;go to UAC setup in control panel; where;if you follow it; it will show that; the person's privelege is admin,at least in 5384.
Which then follows her next comment;that has been conviently snipped in this thread;read above;
"I just hit accept," Rutkowska replied to a question from the audience about

how she bypassed UAC.

So back to the original point;hacked;easily!!
Jeff



Well, when you come up with a way to cure stupidity or teach common-sense to the average person, please post it here. As with any most other security measure, UAC depends upon interaction with a human.

 

[Jeff]

Mark,
Point being; doesn't matter about uac.
Jeff

Hi,
Maybe I read it wrong;but;
To stage the attack, however, Vista needs to be running in administrator

mode, Rutkowska acknowledged. That means her attack would be foiled by
Microsoft's User Account Control, a Vista feature that runs a PC with fewer
user privileges. UAC is a key Microsoft effort to prevent malicious code
from being able to do as much damage as on a PC running in administrator
mode, a typical setting on Windows XP.

"I just hit accept," Rutkowska replied to a question from the audience about
how she bypassed UAC.

O.K.
What part of UAC protected it? Sure ya gotta be runnin as admin;which is still default when you initially set up Vista; and to show this point;go to UAC setup in control panel; where;if you follow it; it will show that; the person's privelege is admin,at least in 5384.
Which then follows her next comment;that has been conviently snipped in this thread;read above;
"I just hit accept," Rutkowska replied to a question from the audience about

how she bypassed UAC.

So back to the original point;hacked;easily!!
Jeff



Well, when you come up with a way to cure stupidity or teach common-sense to the average person, please post it here. As with any most other security measure, UAC depends upon interaction with a human.

 

[Alan Simpson]

You need system administrator-level permissions to turn off the driver-signing requirements first. Not UAC administrator privileges. According to the Information Week article...



"...an attacker with systems administrator-level privileges could trick Windows Vista Beta 2 kernel, x64 edition, into disabling its signature-checking function and allow any unsigned device driver to be loaded onto a user's system."



Once the signature-checking feature is turned off then, sure, it's just a matter of clicking Accept or Continue to let unsigned drivers in. But for the vulnerability only exists after the attacker has turned off signature checking. And to do that the attacker apparently needs higher privileges than UAC allows. So it's really a pretty minor vulnerability and one that'll probably be easy to fix (given that it apparently only exists in the 64-bit beta 2 kernel). Definitely not a deal-breaker for me, personally ;-)

 

[Chad Harris]

Chad has stated that Alan the Blue Pill exploit was not possible when
running as less than admin, in 3 or 4 posts when he can keep the MSFT
orange badge flunkie who has the bottom feeder community job from knocking
his posts off here. Mark VandenBerg pointed this out clearly as well.

But with all the requests ( go on some of the better public forums for XP
and Vista) to turn off UAC, or suggestions spreading like a pandemic to take
the last 4-5 secpol entries on the list and run as admin, I think UAC's
deployment is so horrible that a high percentage of people people will not
run as less than administrator.

Also there will be other hacks and exploits to UAC and there are many
already to IE7 Beta 3 and IE7 that is in the latest build released to Tap on
Aug. 2.

Alan several of your fellow book authors are now critical of UAC deployment
in a major way.

So given that many will kick UAC to the curb, and run as admin or turn it
off, I think U are Compromised is prescient and relevant.

CH

 

[Chad Harris]

Again, again I have said that in about 4-5 posts Jeff but MSFT keeps
knocking my posts off the server because they are up tight over criticism of
Vista and the chaos in Redmond over Vista deadlines and the now ground swell
of emails they are getting to hold it up. Many TAP testers I talked to
locally are very very disatisfied with Vista's deployment in their
organizations and they are letting the Softy "advisor" to their
participation know.

CH


Hi,
Maybe I read it wrong;but;
To stage the attack, however, Vista needs to be running in administrator

mode, Rutkowska acknowledged. That means her attack would be foiled by
Microsoft's User Account Control, a Vista feature that runs a PC with
fewer
user privileges. UAC is a key Microsoft effort to prevent malicious code
from being able to do as much damage as on a PC running in administrator
mode, a typical setting on Windows XP.

"I just hit accept," Rutkowska replied to a question from the audience
about
how she bypassed UAC.

O.K.
What part of UAC protected it? Sure ya gotta be runnin as admin;which is
still default when you initially set up Vista; and to show this point;go to
UAC setup in control panel; where;if you follow it; it will show that; the
person's privelege is admin,at least in 5384.
Which then follows her next comment;that has been conviently snipped in this
thread;read above;
"I just hit accept," Rutkowska replied to a question from the audience
about

how she bypassed UAC.

So back to the original point;hacked;easily!!
Jeff
Very nice Alan. Thanks for sharing

 

[Chad Harris]

UAC is so eggregiously horrible and unrealistic as a deployment, not as a
concept, in contrast to what Linux does according to many Linux
administrators who are also TBTing Vista, that it is not going to be kept on
by Joe and Suzy 6 pack computer user.

Redmond needs a few focus groups from average people on UAC. I noticed that
many many many Beta testers posted workarounds to UAC early on--in secpol,
regedits, and at msconfig among others. UAC usability has not gotten
incrementally better to the extent it should to prevent the penchant for the
bell shaped curve of users to turn it off. That is my concern.

Also I predict that therer will be exploits out there that don't need you to
run as admin. I'll bet as the Black Hat meeting goes on, there will emerge
more Hacs and I'll bet 2600 will soon publish some.

http://www.2600.com/

http://www.blackhat.com/

CH


Hi,
Maybe I read it wrong;but;
To stage the attack, however, Vista needs to be running in administrator

mode, Rutkowska acknowledged. That means her attack would be foiled by
Microsoft's User Account Control, a Vista feature that runs a PC with fewer
user privileges. UAC is a key Microsoft effort to prevent malicious code
from being able to do as much damage as on a PC running in administrator
mode, a typical setting on Windows XP.

"I just hit accept," Rutkowska replied to a question from the audience about
how she bypassed UAC.

O.K.
What part of UAC protected it? Sure ya gotta be runnin as admin;which is
still default when you initially set up Vista; and to show this point;go to
UAC setup in control panel; where;if you follow it; it will show that; the
person's privelege is admin,at least in 5384.
Which then follows her next comment;that has been conviently snipped in
this thread;read above;
"I just hit accept," Rutkowska replied to a question from the
audience about

how she bypassed UAC.

So back to the original point;hacked;easily!!
Jeff



Well, when you come up with a way to cure stupidity or teach common-sense
to the average person, please post it here. As with any most other security
measure, UAC depends upon interaction with a human.

 

[Alan Simpson]

So what's your solution?

Chad has stated that Alan the Blue Pill exploit was not possible when
running as less than admin, in 3 or 4 posts when he can keep the MSFT
orange badge flunkie who has the bottom feeder community job from knocking
his posts off here. Mark VandenBerg pointed this out clearly as well.

But with all the requests ( go on some of the better public forums for XP
and Vista) to turn off UAC, or suggestions spreading like a pandemic to
take the last 4-5 secpol entries on the list and run as admin, I think
UAC's deployment is so horrible that a high percentage of people people
will not run as less than administrator.

Also there will be other hacks and exploits to UAC and there are many
already to IE7 Beta 3 and IE7 that is in the latest build released to Tap
on Aug. 2.

Alan several of your fellow book authors are now critical of UAC
deployment in a major way.

So given that many will kick UAC to the curb, and run as admin or turn it
off, I think U are Compromised is prescient and relevant.

CH

 

[Jimmy Brush]

Point being; doesn't matter about uac.

It DOES matter - not EVERYONE will "just hit accept". Any security is better
than no security.

Eventually, users will understand UAC, and know when to click and when not
to click. I say a large chunk of users will "just get it" and use the
feature intuitively, but I would be a fool to say EVERYONE will. Some people
will resist. Some people will be apathetic and just click Continue, as you
imply.

However, UAC is not going anywhere - it will be around for a long, long
time. The longer it lives, the more percentage of people that will use it
right. Eventually, it will become understood and used correctly by the
majority, especially as UAC evolves after feedback from the first Vista
release and MS fine-tunes it.

And then, finally, Windows will be running with an effective security model.

And there will be some peace for a little while.

And then malware will adapt, and the cycle will repeat.

- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[Chad Harris]

"Microsoft completely botched UAC," Thurrott says. "It's almost criminal in
its insidiousness"

One solution, Alan, is to completely rework the deployment/implementation
of UAC so that it exists, but it does not throw a box in someone's face
every time they make a miniscule move--to rename a shortcut or folder, to
drag into a folder, ect. The first of many Black Hat exploits the lady
reported the other day also involved clicking OK and people will do that
right and left.

What Chris Corio and his UAC team are doing, is to superficially trim a few
of the prompts (as if it's a big deal they stop the command elevation--they
need to but that's superficial). They don't get it. Again the least
technically sophisticated managers in the MSFT Sinofsky "make the trains run
on time--but screw it if they're running off the track" ethos is
thecontrolling, pervasive Vista culture. They are under tremendous pressure
to slap it together and put out something that has a Vista name on it and to
gush it's Vista, it's a paradigm shift, it's clear, confident,and connected.
It's as clear and confident and connected as the Iraq war is, and the robots
and automatons who persist in pushing the FIASCO.

Is Window's Vista too Protective
http://www.edbott.com/weblog/?p=1186

Is Windows Vista ready?
http://www.winsupersite.com/showcase/winvista_ready.asp
"No. God, no. Today's Windows Vista builds are a study in frustration, and
trust me, I use the darn thing day in and day out, and I've seen what
happens when you subject yourself to it wholeheartedly. I think I've
mentioned the phrase "I could hear the screams" on the SuperSite before. My
wife said that to me one day, and she was referring to the sound of me
barking some primeval curse at my desktop PC as it succumbed to Vista's
stupid slowdowns, crashes, and hang ups for the umpteenth time. She, more
than anyone, knows the frustration I've experienced because of Windows
Vista. But even she doesn't know the details. They would bore her, frankly.
She's normal like that.

I've been working with Windows Vista for a long, long time, and I've seen
how it's evolved. Heck, I've been working with Microsoft OS betas for over
12 years now, and while it's very clear that Vista hasn't exactly followed a
trajectory that's at all similar to any of the other betas, it's also true
that each OS beta has its own vibe"


What I Don't Like About UAC
by Martin Zugec, MSFT MVP
http://msmvps.com/blogs/martinzugec/archive/2006/06/04/99341.aspx

7 Steps to Delete a Shortcut with Vista UAC
http://www.flickr.com/photo_zoom.gne?id=151250154&size=o

http://blogs.msdn.com/uac/

On to the transcript…



Question: Can I ask technical questions while the presentation is going on?

Private Answer: Yes



Question: Will this be in the form of an on-demand webcast?

Answer: Yes. Watch your inbox tomorrow for an e-mail with information about
viewing this webcast on demand and downloading a WMV file. The e-mail will
also include a link to a downloadable PowerPoint presentation of today’s
webcast. [Anyone can watch it again here.]



Question: I connected some Windows Vista workstations to an SBS2003 server,
and every logon, the default SBS2003 logon script runs a Client\Setup.exe,
which kicks up the UAC screen. This does not seem to be a desirable feature
of every logon.

Answer: This is something that we are working with the SBS team on right
now. This logon script updates binaries and settings configured by SBS, but
it is rarely updated. Currently, we recommend that you propagate an App
Compat shim marking the client\setup.exe binary as not requiring
Administrator privileges. The proper run level would be asInvoker.



Question: How can you run things as an admin that don't specifically have a
Start menu icon? For instance, an applet in the taskbar that requires admin
access (but right-click over doesn't allow for "Run as...").

Answer: You can either browse to the binary and right-click it, or you can
run a CMD window with Administrator privileges and run it there.



Question: What is Microsoft doing to educate vendors on how to write
applications that don't require admin rights?

Answer: We've done our best to let all developers and ISVs know about this
product by presenting at numerous conferences since PDC '05. We also have
guidance available online. Check out the resources slide for those links.



Question: Is it possible for IT departments to update the app compat list
using, say, GPO or SMS?

Answer: Yes. You can use GP to deploy the App Compat shims.



Question: I am asking about the domain users in the local machines. Does
this apply to it?

Answer: UAC applies to both domain users and local users.



Question: You have mentioned App Compat shims several times in the replies.
Is there some detailed documentation on App Compat Shims available?

Answer: Yes, take a look at:
http://www.microsoft.com/technet/windowsvista/deploy/appcompat/acshims.mspx



Question: So you can drop a manifest in alongside an app that you did not
produce (e.g., I have an app from a defunct ISV)?

Answer: Yes, as long at the app does not have an internal manifest, which
would override the external one. You can also use the tool mt.exe (shipped
with Visual Studio) to add an internal manifest to an existing .exe.



Question: My initial take on UAC is you are simply masking over the real
problem of users with admin rights. If they have an admin password, they are
only one step away from hacking their computer. Will we be able to identify
and customize the ACLS on all system components based on application
requirements to allow these applications to run without supplying an admin
password?

Answer: Our goal is to reduce the privileges that applications are designed
to run with. Unfortunately, because all of our users prior to Windows Vista
were members of the Administrators group, applications often unnecessarily
required that the user be an administrator. We are trying to help the
industry understand that oftentimes they don't need administrator privileges
to execute their applications, and we expect many users in enterprises to no
longer run as administrators.



Question: Can the local store be relocated to better support roaming
profiles?

Answer: Unfortunately, the location of the virtual store isn't configurable.



Question: That so it is of stability? (Sorry for my English) will be able to
use the old standard user or not?

Answer: You can still run your users as member of the users group. If you
want exact parity between XP, you should disable the UAC installer detection
feature and file virtualization.



Question: I referred to me that in spite of being a beta, if Windows Vista
is stable in its totality or still it has things to correct.

Answer: We continue to refine Windows Vista as we move toward release. We
feel that the beta version is quite stable.

Question: I'm still confused. Applications don't "require" admin rights.
Applications perform tasks on a computer that accesses system components
(directories, registry, services, etc.) that are locked down to admins only.
Can we not identify these components in advance and adjust the ACLs on these
components to give the standard user the ability to access?

Answer: You could do this, but then any malware running as the user could
also change those settings. This would undermine any security model that an
application or Windows has established for those resources.



Question: In what SKUs is the secpol available?

Answer: secpol.msc is available in all SKUs [Correction from live chat:
secpol will only be available in the SKUs that support group policy:
Business, Enterprise, and Ultimate.]



Question: Given that we'll be running in a mixed environment at first
(Windows XP and Windows Vista), will any level of these controls be
available for XP via a patch?

Answer: There are currently no plans to move UAC down-level. However, as you
understand which applications can run as standard users on Windows Vista,
you can move your Windows XP users into the Users group and get similar
performance.



Question: How can I make a white list program by vendor or by location or
what?

Answer: Check out the Software Restriction Policy white paper available
here:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx



Question: What was that again? If I disable UAC, do I also lose the new
security features of Internet Explorer?

Answer: Internet Explorer will not be running in Protected Mode if UAC is
disabled.



Question: What is the URL for the compatibility tools?

Answer:
http://www.microsoft.com/technet/desktopdeployment/appcompat/toolkit.mspx



Question: Can we see the vote results?

- Alex



CH



Read it--Find out what the American lemmings are complacently allowing to
occur Be different Read a paper like the NYTimes--Fiasco: The American
Military Adventure in Iraq (Hardcover)

http://www.amazon.com/gp/product/15...=pd_bbs_1/102-3215667-3228953?ie=UTF8&s=books


CH

 

[Jeff]

Jimmy,
Relax,
Really, it doesn't matter if you're Fort Knox;someone;somewhere will
always try to gain access.
Theoretically; I totally agree with the concept;
The implementation;however; is not up to MSFT; it ends up in the
end-user's hands.
And;at this point;in the development of this UAC model;granted;it's not all
polished. But again;point being;I think you may well see a general tendency
for many;to not try to understand concepts;and consider UAC a pain.
Eventually?
Eventually everything happens, but;not that it should be; first impressions
go a long way.
And most people's initial interaction with UAC(in it's current form);
will be their basis of further actions;
Which is to say;the 1st time Joe user tries to move a folder;gets prompted
for admin;says o.k. ; then denied; they will just get frustrated;and
gravitate towards the simplest;easiest resolution.
Which then follows; doesn't matter about UAC from that point on.

Jeff

 

[Jimmy Brush]

Jimmy,

Relax,

I'm not upset, I enjoying debating - it is helpful to MS if they read this,
and we learn from each other.

Really, it doesn't matter if you're Fort Knox;someone;somewhere will
always try to gain access.

Of course. They will TRY. Why make it easy for them? You're not implying
here that because true security is impossible we should just give up, are
you?

Theoretically; I totally agree with the concept;
The implementation;however; is not up to MSFT; it ends up in the
end-user's hands.

Correct - the user decides what he/she wants to have access to the system.
This is the only model that works.

There are already automated solutions out there that pick up malware, but
these don't work 100%. This model is like having a bodyguard outside of your
house with a list of people to deny access (and you don't control the list).
The bodyguard will keep many bad people out, but still alot of bad people
will just come right in.

On the other hand, keeping your doors and windows locked and then deciding
who to let in on a case-by-case basis is a much better idea, ESPECIALLY when
you still have a bodyguard outside to tell those known bad people to shove
it. Someone can knock on the door, and you can peep thru the peephole and
decide whether or not to let them in. This is YOUR decision, and that is the
way it has to be - no computer can decide for you whether to open the door
or not, and be totally effective.

Of course, you still have the option of opening the door for everybody, as
well as just keeping your doors unlocked, but oh well - that's your choice.

And, just because your doors are locked and you have a security system AND a
body guard doesn't mean that NOBODY can break it - it just makes it is MUCH
HARDER for them to do so - this will make it challenging, and so the vast
majority of bad guys will pass by your house, and only the real
professionals will attempt to break in.

And;at this point;in the development of this UAC model;granted;it's not all
polished. But again;point being;I think you may well see a general tendency
for many;to not try to understand concepts;and consider UAC a pain.

I think in terms of RTM and later, this will not be the general case.

Eventually?
Eventually everything happens, but;not that it should be; first impressions
go a long way.

No, ALL things don't happen eventually . Some things do. First impressions
do go a LONG way, you are correct... but I think this will be a moot point
down the road, when all programs expect to run in a UAC environment, and
things are just more natural with it turned on than with it turned off.

When we get there, people will consider those with UAC turned off
risk-takers, the same way in *nix people consider those who log in as root
instead of using su as risk-takers.

And most people's initial interaction with UAC(in it's current form);
will be their basis of further actions;
Which is to say;the 1st time Joe user tries to move a folder;gets prompted
for admin;says o.k. ; then denied; they will just get frustrated;and
gravitate towards the simplest;easiest resolution.
Which then follows; doesn't matter about UAC from that point on.

The example you gave shouldn't happen (being denied permission after
elevating with UAC). Although, it does happen in some certain specific
circumstances.

To be honest, the only misgivings I have about UAC (yes, I have some too)
are with working with the file system. This is the only MAJOR pain point
IMHO. (I don't call clicking Continue a major pain point ... a minor one,
indeed, not major).

In many cases, UAC simply does not play nice with the file system - and the
poor solutions MS has come up with to mitigate this is insufficient (ie
"Windows tried to change security settings but couldn't - you should try
editing security" hey thanks, thanks alot ... or "You need permission from
Jimmy to do this" - hey that's ME!)

But, other than on that point ... I think MOST USERS (who won't run into
filesystem based problems) will not have major issues with UAC, and will
leave it on, and eventually begin to understand it.

You seem to be pointing out the specific cases where UAC fails, while I tend
to point on the more general case where it works.

You and I are both correct; however, I think the success cases will outweigh
the failure ones.

The failure cases have workarounds and are usually experienced by more
advanced users (though not always), whereas the success cases protect the
majority of users (assuming they understand it).

There is a chance for it to go either way ... but I really think it is going
to work, and then get better and better

- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[Jeff]

Jimmy;
OK
BTW-this is beta stuff;so hopefully it'll get worked on
Oh; I had it tell me I had to ask Jeff; for permission TOO!!!! LOL
Oh; and about that search issue I had the other day? Somehow it was WAY
corrupted;
Reformatted;reinstalled;and BINGO; C drive showed up in the indexing
options, and it works right.
Go figure!!! That's why it's beta

Jeff

 

[Alan Simpson]

Well those are certainly good suggestions if users are prompted for
elevation every time they perform some miniscule task. I wasn't able to
duplicate that problem on my own machine. I can rename, move, and delete
files, folders and shortcuts from my standard account without any prompts
for elevation whatsoever. But you're certainly right, that's the way it
should be.



But getting back to the original point, I still stand by my initial
assertion that Rutkowska's finding that an attacker with systems
administrator-level privileges could trick Windows Vista Beta 2 kernel x64
into disabling its signature-checking function doesn't even come close to
being in the general vicinity of the ballpark of equating to UAC = U Are
Compromised. And I still advise people not to take such sweeping
overgeneralizations to heart. There is simply nothing in Rutkowska's finding
that means UAC is bad for you or your computer.



Personally, I have no problem with UAC. I'd rather stay in my standard
account and be prompted for elevation as needed then have to log out and log
into an administrative account to perform some simple administrative task.
But I guess that's just me.

 

[Chad Harris]

No it's not just you, Alan. There is considerable support for UAC, and
considerable support for being able to run as a standard user and if it's
user friendly and quick to be able to elevate for the period of time you
need to get tasks done, and a Steve Riley [MSFT Security] talk on it is a
treat to behold. But they must be able to be resourecful enough to make
this more workable IMHO so that it can be embraced and adopted as the norm
which is what they want to happen.

CH

 

[Robert Moir]

It DOES matter - not EVERYONE will "just hit accept".

The majority will. The majority do now. There are plenty of email vectored
viruses out there that require a user to download a zip file email
attachment, open it and type in the password included in the body of the
email, and then install whatever is inside it, and these seem to be
spreading nicely.

Any security is
better than no security.

Any good security is better than no security. Bad security, the sort that
lulls people into a false sense of feeling secure, is worse than doing
nothing.

 

[Colin Barnhorst]

If you are using 5472 be aware that there are significant changes to UAC
since 5384 that simplifies doing things like deleting shortcuts from the
desktop.