Print 71 comment(s) - last by bodar.. on Feb 3 at 10:14 PM

Blogger Long Zheng of Started Something has published a proof-of-concept attack of how to use a script to easily disable the Windows UAC, do to the inherent design flaw that it trusts changes to itself blindly. Microsoft thus far has refused to acknowledge that it needs to fix the problem calling it "by design" and yanking a MSDN blog on the UAC changes.  (Source: Started Something)
Microsoft insists big Windows 7 security hole will not be fixed, is "by design"

When Windows Vista was launched, it brought to the table a new feature that was supposed to safeguard the user:  the User Account Control (UAC).  However, the useful feature, which could be disabled, became the source of a great deal of the OS's early criticism due its warning messages which some users found irritating.

With Windows 7, Microsoft decided to switch gears and is offering a less nosey UAC in the beta version of the OS.  This move was the subject to much early praise.  However, it may have now backfired as a blogger Long Zheng, who runs the blog Start Something, has detailed a proof-of-concept attack against the new Windows 7 UAC.

Mr. Zheng says the attack is a vindication of Windows Vista, and evidence that the new Windows 7 approach, while more pleasing to some, is inherently insecure.  He states, "This is dedicated to every ignorant ‘tech journalist’ who cried wolf about UAC in Windows Vista. A change to User Account Control (UAC) in Windows 7 (beta) to make it ‘less annoying’ inadvertently clears the path for a simple but ingenious override that renders UAC disabled without user interaction. For the security conscious, a workaround is also provided at the end. First and foremost, I want to clear up two things."

The flaw, which he calls "blatantly simple" to fix, was raised to his attention by a "security-minded 'whistleblower.'"  Ignored largely by Microsoft in chatter in its Windows 7 beta feedback, the issue may be present in the retail version of Windows 7 and has been known to many for some time.

Normally Windows 7 is set with the options "Notify me only when programs try to make changes to my computer" and "Don’t notify me when I make changes to Windows settings".  It uses a security certificate to determine if a program is part of Windows -- in other words, changes in the control panel don't raise warnings as they have a trusted certificate.

The "Achilles heel" as Mr. Zheng describes is that the UAC is a certified program and thus changes to it are also trusted -- even if that change is to disable it.  While he admits that he had to "think bad thoughts" to come up with a way of disabling the UAC without directly tricking the user into doing it, he says it wasn't tough.  He has posted a proof-of-concept VBScript, which uses keyboard shortcuts to select the UAC and then disable it.  The attack works against any user who has administrative permissions (as standard users are prompted for an administrative password when changing the UAC settings).

He elaborates, "We soon realized the implications are even worse than originally thought. You could automate a restart after UAC has been changed, add a program to the user’s startup folder and because UAC is now off, run with full administrative privileges ready to wreak havoc."

He adds, "This is the part where one would usually demand a large sum of money but since I’m feeling generous, there is a simple fix to this problem Microsoft can implement without sacrificing any of the benefits the new UAC model provides."

The fix, he says is to force the UAC into a secure desktop mode, whenever the UAC is changed, regardless of its state.  This, he says, while by no means foolproof, will prevent basic attempts.  He suggests Microsoft adopt the fix as soon as possible.

Microsoft, however, appears to be relaxed about the topic, as it responded to Mr. Zheng that the flaw is "by design", indicating it will not be changed before release.  Furthermore, as of this morning it has pulled a MSDN post about the topic which Mr. Zheng linked. 

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By wwwebsurfer on 2/2/2009 8:49:35 AM , Rating: 1
Why are people whining about the UAC protection? It may be a *little* bit of a hassle, but from the security side it seems like nothing short of necessary. Why in the world do you need constant admin-level access? There is a reason linux uses SuperUser and disables root after 15 minutes unless you directly tell it not to. Perhaps there is a correlation with it being arguably the most secure operating system.

RE: ?
By jay401 on 2/2/2009 8:53:02 AM , Rating: 3
In, what, NINE years of using Win2000/WinXP logged in 100% of the time as an admin on my home computers, I've had zero problems. So for personal use there appears to be no practical, actual risk. Corporate use is another story, but I'm talking about the OS I use at home.

RE: ?
By BansheeX on 2/2/09, Rating: -1
RE: ?
By Motoman on 2/2/2009 12:20:02 PM , Rating: 1
...they're trying to protect people from their own stupidity...which will always fail. Idiots always find a way to prevail.

In a way, I really hate attempts to remove the responsibility for your machine from the user. If you're an idiot user, and you load your machine up with viruses and spyware and whatnot...well, you're an idiot and by the way, no, the nice guy from Nigeria isn't really trying to send you eighty bazillion dollars.

On the other hand...ah, screw it. If you're too stupid to not screw up your computer, then maybe you should just stick to cell phones.

RE: ?
By BansheeX on 2/2/2009 1:03:58 PM , Rating: 2
Yeah, and if I wasn't being clear enough, I essentially think the prompting part is what's useless and annoying. Setting up file access/editing privileges on created user accounts, whether you're an OEM or an individual or an IT guy, is fine.

RE: ?
By Motoman on 2/2/2009 2:28:22 PM , Rating: 2
Yeah, the UAC prompts are in a way kind of like taking your laptop out of it's bag and putting your shoes on the belt at the airport. Neither of which do anything (nor does limiting liquids, so on and so forth), but it appears that you're doing "something about the problem."

RE: ?
By gochichi on 2/3/2009 12:17:02 AM , Rating: 2
Mac users are still relatively "safe"... so yes, you CAN protect idiots from themselves. If by idiots we mean people.

Dude, without some basic tools from software providers most of us idiots would be swimming in viruses.

Whether it's Linux, or Windows or whatever... I mean, as an example, I wouldn't run Windows without an Antivirus or without updates. I didn't "create" any of that. They are all things to help me stay protected... and they work really well for the most part. The amazing people that give of their time to make Linux safe... I need them, I need them very much. They are watching out for me not to be utterly at risk when I run Ubuntu... and I like that, I appreciate that.

I'm glad that you absurdly believe that you could be safe online without software (and settings) to protect you. But it's perhaps the most naive stance of anyone. Systems should default to safe, that much is obvious. It shouldn't take a bunch of know how to enable safety... it should take know how (or at least "the intent") to increase the amount of risk.

I'll tell you... Windows users are wising up a little bit. Vista requiring you to click OK when installing something is hardly debilitating. I do worry about Mac users though... they are so unbelievably oblivious to security/virus concerns...

Protect everyone. That's what software companies should believe they have to do. Anything less would be utterly unethical. Yes, us so called experts should believe that "idiots" should be totally safe when using their computers. When I go to the doctor and he prescribes me medication... I don't expect to be called an idiot because the drug was unsafe... I expect it to be safe because ethical people are supposedly at the helm, making sure of it. What do you believe? I believe, protect 100% of users, that includes protecting grandparents, protecting teenagers, protecting businesspeople... everyone.

You are NOT stupid, because you see a deceptive ad while you're browsing the web ... a pop up with pretty graphics that says, "YOU have been selected" you click on it, and you're infected. It is NOT stupid to be a victim of that attack. It is malicious, it is a bad action, it is completely wrong to attack a user that way. Bad people doing bad things... it is up to the ethical expert community to shield the user from bad people. The open source community does it on ethics alone, but Microsoft has a mandate because those "idiots" are paying money for a service (the service being security).

RE: ?
By BansheeX on 2/3/2009 5:39:40 AM , Rating: 2
You have no idea what you're talking about. None of your fevered ranting or poor analogies accomplishes anything. UAC prompts don't protect you from machine-compromising exploits, user privilege restrictions do. All a prompt does is ask someone twice whether they want to do what they intended. It's the user's access restrictions that causes malevolent code be impotent.

Mac has miniscule market share, of course it's safer. It's design isn't a factor yet, too few people are using it for hackers to care.

Dude, without some basic tools from software providers most of us idiots would be swimming in viruses.

Can Vista fanboys read? I am attacking the UAC prompts. UAC prompts. UAC prompts. Not antivirus software.

I expect it to be safe because ethical people are supposedly at the helm, making sure of it. What do you believe? I believe, protect 100% of users, that includes protecting grandparents, protecting teenagers, protecting businesspeople... everyone.

There is no such thing as 100% security, software can't address the latest worms and viruses the second they come out. If you actually believe that or try to convince others of that, you are proving my point. You can't just install some software and proceed to browse and e-mail with reckless abandon, you're going to learn a very hard lesson. People MUST educate themselves with the fundamentals, there is no magic shield you can buy to avoid that.

RE: ?
By anotherdude on 2/3/2009 1:38:21 PM , Rating: 2
UAC prompts don't protect you from machine-compromising exploits, user privilege restrictions do. All a prompt does is ask someone twice whether they want to do what they intended. It's the user's access restrictions that causes malevolent code be impotent.

Not sure what you are driving at here. UAC puts the entire machine into user mode which stops both the user and ANY RUNNING SOFTWARE from changing important OS files or settings without the user giving explicit assent.

Yes, this is no where near as safe as locking a machine down in user mode but doing that is impractical for many situations. Yes, if the user foolishly clicks through a UAC prompt without stopping to think it will not help but if the user is not even installing software or making system changes and a prompt comes up they should have the sense to say no, or can be trained to say no - part of "learning the fundamentals" as you say. It's not perfect but it helps.

RE: ?
By VaultDweller on 2/2/2009 9:35:55 AM , Rating: 2
I'll disagree there. UAC is useless and essentially irrelevant for corporate use: its function is to provide a safety blanket for users logged in as admins. Since corporate users are most definitely not logged in with admin rights (aside from certain IT staff, of course), UAC has no bearing on them. They won't see UAC prompts, they'll just see access denied messages.

UAC is all about home use, and for home use the majority of users should never be logging in as admin. Maybe it's just fine for you, but you (and probably most DT readers) are not the users that UAC is meant to protect. UAC is there to render most malware and viruses inert unless they have an elevation of priv exploit, or if the user ignores the UAC prompt and just clicks OK for everything.

RE: ?
By Master Kenobi on 2/2/2009 9:58:12 AM , Rating: 4
Since corporate users are most definitely not logged in with admin rights

Ah hah hah hah. You think that don't you? I guess it would surprise you to know that the majority of companies in the unclassified arena, all users are local admins on the systems using XP.

RE: ?
By kelmon on 2/2/2009 10:10:15 AM , Rating: 2

Still, I will assist your point by saying that I am an Administrator on XP at work (very big corporation) and I expect everyone else is here since the setup is standard across the company. However, I have no idea what other companies do and for all I know "Users Group" may be the normal setting.

RE: ?
By dgingeri on 2/2/2009 11:24:02 AM , Rating: 5

I've been working in IT for 13 years (Well, it will be 13 years in a couple weeks) and nearly every place I've worked that used anything from Windows NT to Windows XP, the users were generally set up as admins.

Believe me, if I could do it any other way, I would. Unfortunately, we have to run our remote users as admins so they can install local printers, (HP is too stupid to write printer drivers that can install with only power user membership) our helpdesk (for users of our products, not internally, and by far our biggest infection rate of trojans) must run as admins so that they can run the ticketing software and the phone center software, and our development department must run their own domain, that we can't lock down, so that they can test their newly developed software on their test servers.

If I could lock down users, I definitely would. The problem is that programmers don't seem to want to put in the time to make a program that can be run without being local admins. There are also far too many programmers out there who think they can change system files with impunity, which has always been the biggest source of instability in the Windows OS. I actually had one programmer in my last company contact me and ask me to deploy out a single file update (mfc42.dll) to the entire company so he could make his new program work right. (That dufus actually believed I wouldn't protest it!)

As soon as we get some smart programmers in the world, then we'll be able to get rid of things like this.

Oh, right, programmers are human. We aren't going to be able to get rid of the lazy, stupid ones.

RE: ?
By dgingeri on 2/2/2009 11:27:58 AM , Rating: 2
Oh, I forgot to mention. the stupid programmers of our help desk ticketing system actually require the users have admin rights to the SQL server in order to run the software! Can you imagine the idiocy??

And our help desk management at the time actually went with this garbage system and paid $2000 per license, and $5000 per management license for this POS software. I'm glad that manager is gone. I just wish the systems admin that approved this move wasn't my boss now.

RE: ?
By DrKlahn on 2/2/2009 1:21:39 PM , Rating: 2
None of our users run as administrators. I do agree that programmers need to be beat over the head with the need for their programs to function as a user. However we have been able through the use of utilities like Process Monitor from SysInternals to open up only the files and keys needed for the various programs to function. Some programs only require their initial launch as an administrator to setup the necessary files. As a result viruses and malware that get downloaded very rarely do any actual damage (I can't think of one incident in the last 6 months).

Remote sites are taken care of by remote control applications which allow the IT staff to install software and manage them. However painful the connection speed, it is a small price when compared with the labor needed to actually diagnose and repair an infected system. Laptops that absolutely have to have the ability to install devices on the road log in locally and then into AD when returning. The AD account of course does not have admin rights.

The users complained at first but looking at the statistics it is irrefutable that this has been a huge benefit. It takes a lot of testing and effort to get programs to function as a user, but it is well worth the investment. It's a shame that more programmers don't take this issue to heart as this single biggest reason Windows has the security issues it does.

RE: ?
By gstrickler on 2/2/2009 4:20:47 PM , Rating: 2
The way to encourage programmers to write software that doesn't require admin rights is to make your programmers run with the same privileges you expect users to have (e.g "power users" or "users").

Yes, developers may need to be able to install software on their machines. For that I give them a second login that gives them local admin rights (but very limited network access, so they can't normally run under that account to do their job). Be sure you're logging changes to permissions, group memberships, etc. If they use the local admin account to upgrade their domain user permissions (e.g. to a local administrator), they can be terminated.

Then, have a QA person or network tech try to install and run any updates from the developers while logged in as a "typical" user in your environment. If it doesn't install or doesn't work, send it back and work with the developers to come up with a solution that doesn't compromise your security.

I'm a developer, and a network admin, and network designer, and security consultant. I've had great success getting management backing to implement the above policies at my clients, regardless of company size. Generally, the most challenging users are executives/owners who are moderately technical, they often want to run as admin for convenience. Most of the time, I can convince them to be a power user (and possibly give them a separate local admin account with restricted network access).

There are challenges:
Some third party software requires operating as a local administrator. In this case, we typically set up a shortcut to run that application using "run as" using an account with local administrator privileges. With W2k/XP, there is a third party tool named TQCrunas that you can use to setup a shortcut where the shortcut is a script with an encrypted password so the user doesn't even need to know the account name or password for that local admin account.

TQCrunas can also be used to allow remote users to install their own print drivers and/or printers.

Programs that attempt to update themselves:
You can push updates via WSUS, and/or the Windows login script, and or from a script on the server, and/or use run as/tqcrunas for the installer/updater, and/or allow write permissions on that specific program directory (but not a Windows system directory), and/or install an updater service on the workstation.

I've encountered very few situations that actually require the user to run as an administrator. It's not hard to set up, but it does require some research, planning, and testing.

RE: ?
By bodar on 2/2/2009 6:22:21 PM , Rating: 2
We use a similar program from FullArmor called Intellipolicy, that is configured with AD Group Policy to promote apps to admin for any user. They discontinued the program though, because this can be done natively in Vista.

RE: ?
By omnicronx on 2/2/2009 10:21:38 AM , Rating: 2
I've never worked at a medium to large business that allows local admin rights to the masses. Personally I have it, as I am a programmer that requires certain admin rights, but I am certainly not the majority. A standard Vista/7 user can also do a lot more than under XP.

RE: ?
By LRonaldHubbs on 2/2/2009 10:54:08 AM , Rating: 2
I work for a large company and this is 100% correct. All our laptops run WinXP and users have full administrative rights. There are official guidelines as to what we are allowed to install, but the only things actually controlled by IT are certain Windows updates (like SP3 and IE7).

RE: ?
By VaultDweller on 2/2/2009 11:06:01 AM , Rating: 2
I'll rephrase.

Corporate users are not logged in with admin rights in any corporation where the IT department is doing its job, and definitely not in any company that's able to pass compliance audits (for PCI, FISMA, HIPAA, etc etc).

I have never worked at a business that allowed admin rights for the masses. My current employer (small corporation, approximately 800 employees and 40 offices) doesn't even give admin rights to many people in the IT staff.

RE: ?
By Master Kenobi on 2/2/2009 11:22:58 AM , Rating: 2
Sorry but IT departments do not set policy in large corporations. 800 users isn't large, thats medium sized. I'm speaking from experience and through conversations I've had with IT professionals at other large corporations. All of these companies possess >5000 users. In companies this large, politics dictates policy, and Local Admin without having to get IT to install software, etc.... is required otherwise they simply fire the IT management and replace it with one that will do it. IT is a Cost Center, not a Profit Center, and thus we do not get to dicatate, security be damned.

RE: ?
By VaultDweller on 2/2/2009 11:55:16 AM , Rating: 3
Giving users admin rights to install their own software does not cut IT costs, it inflates them. This is just another failure by IT to do their jobs - in this case, they failed at the task of giving management the information they need (in a way they understand) to make financially sound decisions.

Also, have you or the IT professionals you've conversed with not worked for companies that have had to deal with standards like the PCI DSS or FISMA? Politics dictate policy, like you said, and money dictates politics. Where money is concerned, not much can have a greater impact than a failed PCI audit.

Maybe security is just handled better up here in Canada than in the US. The US does have an abysmal reputation for cyber-security at the federal level, but I've never seen any kind of comparison between the security postures of private industry in Canada vs America.

RE: ?
By Master Kenobi on 2/3/2009 7:46:22 AM , Rating: 2
Also, have you or the IT professionals you've conversed with not worked for companies that have had to deal with standards like the PCI DSS or FISMA?

FISMA applies to jobs I've had in classified environments, in which case your argument is valid. My original post specifically outlined unclassified workspaces/networks.

PCI DSS applies to credit cards. None of the companies I've worked at has ever bothered dealing with credit cards. We aren't running point of sale systems, were trillion dollar companies that do business by the millions/billions.

This is just another failure by IT to do their jobs - in this case, they failed at the task of giving management the information they need (in a way they understand) to make financially sound decisions.

Your assuming IT is in a position to make such a policy stick. When a major profit center in the company is complaining that they can't run System A or its costing them additional overhead because IT implemented policy B, you will see executives strike it down in short order. Profit Centers are elevated above all else. The lax security is simply considered a "cost of doing business" at many companies. Additional security is piled on to make sure a compromised system can't do damage to the rest of the network, but that one will be in for a reimage in short order.

Giving users admin rights to install their own software does not cut IT costs, it inflates them.

That is IT's problem, not the business profit centers problem. It doesn't balance out from a top down view overall, but this is how it is viewed in many companies. Let IT pay for it with their own budget. Welcome to corporate america.

RE: ?
By bodar on 2/2/2009 6:28:44 PM , Rating: 2
Wow... just wow. That's terrible. I work for state govt. (albeit a small dept) and we have the users locked down pretty tightly. I can't imagine working in a "Wild West" IT environment, where I have no idea what is installed and what damage an "admin" has done to his PC.

RE: ?
By Master Kenobi on 2/3/2009 7:31:17 AM , Rating: 2
Smaller environments can get away with tighter controls and restrictions from IT without too much hassle. But when your managing 5000 or 50,000 users, it becomes a nightmare in overhead to babysit them. This isn't IT's fault, this is the fault of convenience. No IT manager is going to do battle with corporate executives who want convenience over security.

RE: ?
By bodar on 2/3/2009 10:00:18 PM , Rating: 2
I definitely see your point, but it's sad to know that most execs would rather throw away money paying IT to put out fires all day, rather than focus on higher level services. It's much easier to babysit when he's in the playpen, not tearing around the living room in his walker.

RE: ?
By bodar on 2/3/2009 10:04:54 PM , Rating: 2
Well, at least that just means they need more IT personnel. Good news for us.

RE: ?
By RamarC on 2/2/2009 3:47:52 PM , Rating: 1
every company i've worked has made ALL domain users local admin for ALL PCs. it makes for great fun! place a file named "AllTimeFavoritePorn.htm" in their documents folder and wait for the 'WTF's to flow! put a job in their task scheduler to open a word document with fake departmental salary information and hilarity ensues. even better, change folder permissions and lock them out of their own files. change 'em back right after they call for support. good times -- good times! 8^)

RE: ?
By Spivonious on 2/2/2009 10:11:38 AM , Rating: 2
At our company, users have to be local admins due to our software distribution system (it gets the latest DLLs when they start the app and you have to be a local admin to register those DLLs).

RE: ?
By theapparition on 2/2/2009 9:49:02 AM , Rating: 2
Same here.

But UAC isn't aimed for you or I. It's aimed for the masses that open unknown email links or do stupid things. So just because you've never had a problem, that doesn't mean UAC was worthless.

RE: ?
By Master Kenobi on 2/2/2009 8:59:22 AM , Rating: 5
Because many tech journalists blasted Vista's UAC as annoying, problematic, and a pain in the rear. So Microsoft responded in kind by easing it up, but when easing it up you get the caveat that security is also not as good. This is a simple you can have your cake, but you can't eat it. All these journalists want both, but the reality is if you want more security, you need to deal with an additional prompt/check.

Frankly, if anyone is to blame, its people for blasting UAC in Vista. Vista got it right, people just don't want security that badly yet.

RE: ?
By anotherdude on 2/2/2009 10:37:22 AM , Rating: 2
Users didn't like UAC, granted, but the tech journalists and (even many of the local talent) should have defended and explained it instead of tearing it down. THAT was the problem.

There was a feeding frenzy on Vista, for some reason (made a good story, lot's of Mac\Linux fanboys out there in West Coast and NY bloggerland?), that went WAY beyond what it deserved and the new and lesser secure UAC default setting is the cost of this. MS's hands were tied here.

RE: ?
By VaultDweller on 2/2/2009 11:15:23 AM , Rating: 2
I agree.

I thought UAC was one of the best moves that Microsoft had ever made, and I was absolutely baffled that the same technical community that blasts MS for weak security could tear them up again for adding security features. Seriously, the same people that championed a Linux distro that by default disables the use of the root account and expects the use of sudo for all privileged actions were complaining that having to click OK was too much of a hassle. What the hell?

UAC has made my life as the free extended family tech support guy so much easier. It's like magic: after setting people up with Vista and explaining UAC to them, I never have to revisit their computer to format them or clean out malware infestations.

RE: ?
By Drexial on 2/2/2009 10:38:13 AM , Rating: 4
The thing about the UAC is that normal users will either not let anything install or let everything install just like they normally would. The pop up is just another step in the process for them.

It's kinda like getting into your car and a message coming up that you have to answer that say "Are you drunk?" then just to be sure "are you sure you are not drunk?". Whether you are drunk or not you are going to get asked this every time. The people that do drink and drive are just going to ignore it just like they ignore the fact that they are drunk now and will drive their car anyways.

This UAC was a poor excuse for security. Because its completely in the hands of the user to understand the risk. If they understand the risk then the UAC isn't doing anything to help them, if they don't understand it, they are just going to OK the message anyway.

RE: ?
By VaultDweller on 2/2/2009 11:21:44 AM , Rating: 2
Yes, users have to understand the risk - but it's not something hard to understand or to explain.

No, UAC won't do anything if the user actively runs an installer for malicious software, because of course the user has decided they want said software and will let it do whatever it wants.

On the other hand, it seems like most malware and virus installs can be prevented by one simple explanation: "If you open an e-mail or visit a web page and it causes a UAC prompt, don't click OK - it's a virus."

That has absolutely worked wonders for me so far. Drive-by installers don't work on a system with UAC unless the user gives permission at the UAC prompt.

RE: ?
By Drexial on 2/2/2009 11:33:24 AM , Rating: 2
I can understand that helping only if they understand that. That's great that they have you to explain it. I suppose its good for a lesson in proper computing as long as there is someone there to teach them the guide. But my grandpa has gotten along just fine with a similar lesson without the UAC.

That's because people like you and me were around to tell them what to look out for and what not to go to.

RE: ?
By VaultDweller on 2/2/2009 12:09:53 PM , Rating: 2
With the UAC, I don't need to give any kind of lesson about where they should and should not go. They can go wherever they want, and any malicious sites will hit a brick wall without admin rights. There's no need to teach a person or make them understand security concepts. They don't need to be able to make judgment calls about what websites or e-mails seem suspicious. It all boils down to one simple sentence with clear, easy to remember criteria: UAC prompt from an e-mail/website = virus.

Mind you, it won't do anything to stop them from providing information to phishing sites... but at least their system won't be compromised.

RE: ?
By FITCamaro on 2/2/2009 3:07:20 PM , Rating: 2
Agree 100%.

I have no real issue with UAC. Yes sometimes I get a little annoyed. But in the end I'd rather know if something tries to do something and I didn't want it to. Hopefully Windows 7 allows for a Vista-like UAC mode.

RE: ?
By RamarC on 2/2/2009 5:33:29 PM , Rating: 3
unless you're a developer. i'm constantly doing things that provoke the UAC as part of my normal day. and i have to have admin rights to run Business Intelligence Design Studio since it's based on VS 2005.

i just wish there was an option to allow me to hush the UAC for a specified length of time (a 'do this for subsequent actions in the next 15 minutes') or at least figure out that i do certain stuff repeatedly and not ask after i confirm the first action. (i set environment variables once, i'm likely to set 'em again this session.)

RE: ?
By Zoomer on 2/2/2009 7:37:13 PM , Rating: 3
Yes, to me that is the most annoying part of UAC. I might actually leave it enabled if that were the case. I don't need to be asked 10 times when I need to change something.

RE: ?
By lifeblood on 2/2/2009 9:07:35 AM , Rating: 2
Vista, deserved or not, was blasted, not just by tech journalists, but by customers as well. The reasons were long and varied, but UAC figured predominantly in their complaints. As such, many organizations and individuals have refused to update. Microsoft is trying to fix the complaints with Win7, and that includes lowering the annoyance of UAC. Otherwise Win7 may follow in the footsteps of it's predecessor and be rejected by users. That would be a shame as it appears Win7 will be an excellent OS.

This attack also only works if your logged in as admin. I know I never log in as admin except on very rare occasions, and I don't surf the web as admin.

RE: ?
By omnicronx on 2/2/2009 10:40:18 AM , Rating: 2
Vista, deserved or not, was blasted, not just by tech journalists, but by customers as well.
You think one does not have to do with the other? I still see countless articles making jabs at Vista, in which most of the claims are unfounded or just plain untrue. People just eat this stuff up, as it seems poking fun at Vista sells lots of copies for PC magazine than writing pro Windows articles. Sometimes when reading I wonder if I picked up a copy of MacWorld by accident.

RE: ?
By lifeblood on 2/2/2009 2:23:35 PM , Rating: 2
It was blasted by non-technical users who never read the trade rags. I had a few customers who insisted on upgrading to Vista on their old PC's (with additional RAM). They were all back on XP within a month. I had other customers buy new hardware with Vista pre-installed and they all requested to be downgraded to XP within a month. However, part of that was because they got Office 07 with it's new ribbon bar at the same time. That was a double whammy. I think a lot of users hate for Vista was exacerbated by Office 07.

I use Vista and Office 07 and I'm ok with Vista but despise Office 07. I look forward to Win7, but I see no relief from the Ribbon bar.

RE: ?
By pcwhizzer on 2/2/2009 11:44:20 AM , Rating: 2
Problem, the average user has no f'ing idea what a pop up is. Second, when someone see's an error, they want to fix it immediately. Third, most people have no idea what to download and what not to download.

What windows needs is a more intuitive messaging system that would tell the user what is occuring and GOOD suggestions on what to do. For instance, if someone does click on an email and it asks them to install something, windows would come up and say "This message has been identified as a hoax and WILL damage your PC and make it non usable and has been identified as the JokeVirus.exe, DO NOT INSTALL".

Only problem is, if someone wants that porn or free desktop backround, they will get it!

The problem of security will go on and on. I have seen no change working on PC's for as long as I have, I still have dumbarses downloading and infecting their PC's!

RE: ?
By gstrickler on 2/2/2009 4:29:43 PM , Rating: 2
Why are people whining about the UAC protection? It may be a *little* bit of a hassle, but from the security side it seems like nothing short of necessary.
Because Unix/Linux/MacOSX have shown it can be done securely with minimal user interruption. MS can and should do better. The users and administrators deserve better than what's in Vista (and apparently better than what's in Win7).

Because those of us who have administered Windows NT/2K/XP workstations know you can have good security with minimal interruption to the user, even without Vista's UAC.

UAC is a step in the right direction, it's just a poor implementation.

RE: ?
By gochichi on 2/2/2009 11:53:22 PM , Rating: 2
I agree that people have whined about UAC on Vista WAY too much.

Even in the responses here, people are defending being open to random attacks as more appropriate than UAC. Weird behavior... truly strange. Like, my car beeps at me to wear my seatbelt... and I "hate it" but c'mon... it's a good idea PERIOD.

In any case, it's sad to see Microsoft backpedaling ... the people that need this kind of protection the most, need this protection by default. It's always been ridiculously easy to disable it.

I dissabled it just "to see that i could" but I enabled right back because it's saved my hide a couple of times at least.

I read the response below and I can't believe my eyes. The guy states, "I just don't open some e-mail" and that's just not normal at all. You should be able to open whatever e-mail you get and have some protection.

Vista is a flop for one main reason... the public opinion spun out of control... based on a ton of lies. I mean, this UAC thing... it really blew out of proportion when the stupid Apple Ad made fun of it. Then people were saying, "Oh, it's EXACTLY like that". I had seen the feature used in SLED 10 before Vista (Suse Linux) so I knew it was a solid, research based decision.

Now, the first truly horrible thing to happen to us Vista users is that Microsoft is prematurely replacing it. I wouldn't care but I don't really want to spend the money upgrading 3 computers. Vista is replacing it with a more worked out version of it... it should be Vista SP2... instead it HAS TO BE Windows 7 because people will never understand that Vista isn't horrible. The only way to do it, is to change the name... and leave us Vista users with the bugs in Vista... it's ridiculous.

Smells like FUD.
By Smilin on 2/2/2009 5:58:31 PM , Rating: 2
Here are the Windows 7 UAC settings (copied from linked MSDN):

1. Always notify on every system change. This is Vista behavior – a UAC prompt will result when any system-level change is made (Windows settings, software installation, etc.)
2. Notify me only when programs try to make changes to my computer. This setting does not prompt when you change Windows settings, such as control panel and administration tasks.
3. Notify me only when programs try to make changes to my computer, without using the Secure Desktop. This is the same as #2, but the UAC prompt appears on the normal desktop instead of the Secure Desktop. While this is useful for certain video drivers which make the desktop switch slowly, note that the Secure Desktop is a barrier to software that might try to spoof your response.
4. Never notify. This turns off UAC altogether.

My take:
1 - Is the most secure mode and is how Vista runs.
2 - Should be the real improvement in Windows 7. It reduces the # of prompts.
3 - Is funcionally the same as has just as many annoying prompts but with less security. There is NO reason to run in this mode. Video drivers in the year 2009 can handle this crap just fine. The last time drivers had this trouble were during the early beta of VISTA.
4 - ..hey, it's your gun do what you want.

The author is all griping about #3 but in fact this same setting exists in Vista...just nobody uses it. You can find it under Security Options in gpedit.msc. It's called "Switch to the secure desktop when prompting for elevation".

The flaw discussed in the article exists when you drop from #2 to #3. Windows 7 is using #2 by default I say FUD.

RE: Smells like FUD.
By llamas on 2/2/2009 8:31:12 PM , Rating: 2
This is not correct. The article is complaining about option 2 (the default) because it does not prompt when you change Windows settings (like lowering the UAC settings to 4). However, what most people seem to be glossing over is that for this to be exploited, the user will still have to OK a UAC prompt before running the malware from a web site. The proof of concept is a script you can run without a UAC prompt, but that's you running it in your session, not navigating to a malicious web site.

That said, you'd think that it would be a good idea to offer the extra notification that something was not only requesting permission to load (a web app that you don't think is malicious), but also going to change your security settings (hard to take that for anything other than it is).

RE: Smells like FUD.
By leexgx on 2/3/2009 12:17:40 AM , Rating: 2
most users would click ok any way as most do not even know what UAC is there for

on Vista the help system in big letters should pop up enplaning what the UAC boxs are but nope, not many users know there is an help system in windows and even then thay would not know what to look for to find out what this allow, cancel or continue is, to them its one more click they need to do to make it go away

the extra check is needed to protect form this problem as well as explaining what is going on or an warning

RE: Smells like FUD.
By Smilin on 2/3/2009 9:45:23 AM , Rating: 2
You're right, I'm wrong. Looking into this..

RE: Smells like FUD.
By Smilin on 2/3/2009 9:39:56 AM , Rating: 2

I changed my mind. Looking into a way to get this fixed.

By Elementalism on 2/2/2009 11:34:04 AM , Rating: 5
All Luddites bash Windows 7 as being a step backwards from Vista because it is less secure. Then claim you are waiting on Windows 8 while continuing to use that bastion of security Windows XP with an Admin account. Dont worry you have AVG free edition, you are safe!

RE: Quick
By just4U on 2/3/2009 2:47:41 AM , Rating: 2
That Bastion of Security Windows XP ...

I LIKE the way you put that!

whats the big deal?
By acme420 on 2/2/09, Rating: 0
RE: whats the big deal?
By dgingeri on 2/2/2009 11:31:36 AM , Rating: 4
if you are logged in as admin you most likely know what you are doing. therefore you wouldnt be downloading malware, unknown vbs, and then running em lol, and you would have already disabled Ultra Annoying Crap.

you must not work in computer support. Most people certainly do not know what they are doing. You would be amazed at the number of people that you would think are smart enough to avoid something, yet they step right in it over and over.

By oserus99 on 2/2/2009 2:30:08 PM , Rating: 2
Let me see if I have this straight. This is an exploit that is only possible if you can somehow get a user who is logged in with administrator rights to run a VB script? Well heck, anything could be an exploit then. How about a batch file that does something nasty also?

RE: huh?
By Zoomer on 2/2/2009 7:39:19 PM , Rating: 2
History tells us this is not hard at all.

By akosixiv on 2/2/2009 8:48:50 AM , Rating: 1
I'd guess this will be another one of those.. deny then just slip in a patch or update.

By just4U on 2/3/2009 2:50:46 AM , Rating: 2
Well ... From what I've seen so far when UAC is turned off so are all your Gadget's. Don't quite know why that is but if it's like that in the final version then it's a good indicator that something has shut off your UAC.

By blckgrffn on 2/2/2009 9:23:06 AM , Rating: 1
Isn't that big of a deal. If Windows 7 ships with everyone as standard users, not that many people will even know to change it.

By omnicronx on 2/2/2009 10:18:45 AM , Rating: 1
Whatever account you first create in the Windows 7 setup will have admin rights, it does not default to standard user.

I really don't see why they can't just keep the setting exactly the same, except do what the blogger was saying, add a prompt for turning it off. This adds one warning that the normal user will never see!

Of course this article should be more specific as UAC is not comprimised, if you turn it on high settings this should not be a problem. It is the medium and lower UAC settings that have been compromised, if you can even call it that.

By spuddyt on 2/2/2009 11:26:26 AM , Rating: 2
Why not make it an option? You know, like when you install or turn it on for the first time, it gives you an option as to which you want

By Jhwkfan on 2/2/2009 11:40:36 AM , Rating: 2
Any IT staff that lets their users (outside of the occational user never linked to the network) have local admin rights, is not doing their job. There are ways around everything. If it's issues w/ offsite printers, you can set the load/unload device drivers in services to allow them to do it themselves. Of course, HP is a pain in the butt, but there are some new installs from them that can be installed by the local user.

Use a remote access program (dameware, proxy, shoot even RDP) if something needs to be done offsite or on that requires admin rights. Don't be lazy.

As for the arguement about 'large corporations'.. they should have a CIO, and any competent CIO would not allow users to have local admin rights.

By Spookster on 2/2/2009 11:53:42 AM , Rating: 2
What else would you expect from a company that names its OS after the easiest place on a house to break in.

The Plus side of UAC
By HotFoot on 2/2/2009 4:27:23 PM , Rating: 2
... is that it exposed a lot of applications that kept wanting to run with administrator privileges for no apparent reason than lazy programming.

Coming from using a few home-suitable Linux distros, where I do nothing with admin privileges that doesn’t need it, my impression is that UAC, for the most part, wouldn’t have been a problem if application designers had been more prudent when designing their programs. In Ubuntu I have to do a lot more than click ‘Yes’ when I want to change a system setting or install a new program, but that happens so infrequently once I have the computer set up that it doesn’t bother me. UAC is a convenience feature compared to that.

This is somewhat analogous to the poor game performance under Vista issue. I think a lot of people have come around to putting the blame on the 3rd party drivers. I do think some blame might still go to MS because it’s obvious that somewhere the cooperation between them and 3rd parties needed to be tighter, but overall is it really Vista’s fault?

That said, it doesn’t really matter to the end user who’s to blame. If the end experience is so frustrating it makes you want to go back to XP then one way or another you have an unhappy customer.

By Jeff7181 on 2/2/2009 5:21:02 PM , Rating: 2
I wish they wouldn't change UAC in Windows 7. It works, and it works well. This is one of the best features ever added to Windows.

Now it's up to developers to design their programs to install and run just fine for a single user without modifying anything system wide.

By jbourne77 on 2/2/2009 8:27:52 PM , Rating: 2
Seriously, we're still talking about UAC?

And again.
By FaceMaster on 2/3/2009 6:27:54 AM , Rating: 2
this is why i hayte Micro$ucks. Billy Gay keeps on releesing new products that brake our systems. APPLE FTW

I hope they never "FIX" this
By mac2j on 2/2/09, Rating: -1
By omnicronx on 2/2/2009 4:07:36 PM , Rating: 2
and no I'm not stupid I have VISTA's UAC disabled but the way it does everything - even copying files - is a giant pain compared to XP.
The way it does what? This is exactly the kind of talk that circulates that gives it a bad name as you obviously have no idea why. I assure you copy times on Vista SP1 are very similar to that of XP. Vista also employs load balancing where XP systems would previously become slow and unresponsive during copy. I will take the addition of 10 seconds of copying if it means I can still multitask effectively while not slowing down the copy speed.

RE: I hope they never "FIX" this
By bodar on 2/3/2009 10:14:49 PM , Rating: 1
I still don't get what is so hard about clicking Allow for a UAC prompt when you are trying to change/install something, or using Run as Administrator for certain apps. It's no different from taking root in Linux, and if it's too much stress for you, it can be disabled. Oh, the humanity!

"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." -- Bill Gates
Related Articles
Windows 7 Beta Gets Official
January 8, 2009, 10:21 AM
Windows 7 Features Revealed
October 28, 2008, 4:50 PM

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki