That said the UAC in Vista is a joke, all the UAC does is verify that you want to run a program when you double click on it…if I didn’t I wouldn’t have clicked on the icon. The UAC is just an illusion of security.

What the UAC should do is tell you things like a program is setting itself to start automatically at startup, but it doesn’t do that, once you say it is alright for a setup program to run the setup can do whatever it likes without any UAC prompt.

For an example I recently installed Nero 8 on Vista with UAC on. It prompted for the setup to run, during setup Nero set 3 program to auto start with Windows, without the setup telling me or UAC. After unistalling Nero the 3 programs set to suto start were still there, I had to remove them manually through registry.

Stuff like that is what causes winrott and malware. All the UAC does is ask when you double click on something are you sure you wanted to, not much else.

The UAC I guess could be called a start but barely a start, there has been better security software on the market for years such as ZoneAlarm which monitors additions to startup section of registry and keyloggers.

Viruses can be spread with UAC just as easy as without, simply use an installer, the user gets prompted is it OK, they don’t know its a virus so they click yes, and the installer installs the virus, sets it to start automatically along with 20 other viruses and malware. UAC is an ilusion and a waste of all of our time.

All that being said Windows is in no jeopardy of losing its dominance because of security, anybody that is serious about security has real security software installed. Security and false security like the UAC and the incompatibility issues something like the useless UAC causes along with a lot of other reasons is losing causing them to slowly lose market share. But it would take many, many years of bad design for MS to lose their dominance.

I hear a lot of people talking about lazy programmers and how the security problems are because of them. Microsoft enjoys dominance because of these so called “lazy” programmers. All PC buyers should think back to the first time they had to choose between a MAC and a PC and remember that they chose the PC because of all the software that was available for it. Quit blaming lack of security on programmers, give us real security and real information.

That said the UAC in Vista is a joke, all the UAC does is verify that you want to run a program when you double click on it…if I didn’t I wouldn’t have clicked on the icon. The UAC is just an illusion of security.

What the UAC should do is tell you things like a program is setting itself to start automatically at startup, but it doesn’t do that, once you say it is alright for a setup program to run the setup can do whatever it likes without any UAC prompt.

For an example I recently installed Nero 8 on Vista with UAC on. It prompted for the setup to run, during setup Nero set 3 program to auto start with Windows, without the setup telling me or UAC. After unistalling Nero the 3 programs set to suto start were still there, I had to remove them manually through registry.

Stuff like that is what causes winrott and malware. All the UAC does is ask when you double click on something are you sure you wanted to, not much else.

The UAC I guess could be called a start but barely a start, there has been better security software on the market for years such as ZoneAlarm which monitors additions to startup section of registry and keyloggers.

Viruses can be spread with UAC just as easy as without, simply use an installer, the user gets prompted is it OK, they don’t know its a virus so they click yes, and the installer installs the virus, sets it to start automatically along with 20 other viruses and malware. UAC is an ilusion and a waste of all of our time.

All that being said Windows is in no jeopardy of losing its dominance because of security, anybody that is serious about security has real security software installed. Security and false security like the UAC and the incompatibility issues something like the useless UAC causes along with a lot of other reasons is losing causing them to slowly lose market share. But it would take many, many years of bad design for MS to lose their dominance.

I hear a lot of people talking about lazy programmers and how the security problems are because of them. Microsoft enjoys dominance because of these so called “lazy” programmers. All PC buyers should think back to the first time they had to choose between a MAC and a PC and remember that they chose the PC because of all the software that was available for it. Quit blaming lack of security on programmers, give us real security and real information.

I have a simple program (let’s say app.exe) and I can install it just fine on XP as a limited user.

However, as a “standard” user on vista I cannot install without the admin password.

What’s up with that?

I have a simple program (let’s say app.exe) and I can install it just fine on XP as a limited user.

However, as a “standard” user on vista I cannot install without the admin password.

What’s up with that?

So, the crux of the situation is that currently a lot of apps and their installers are written to install for the system, and to do so these apps request admin rights.

That’s really it. Microsoft is simply dealing with its insecure past, i.e. a world in which installers had full admin rights to do anything they wanted on the system. As such, most software is still written in this fashion, and since that’s the case, and Vista users are non-privileged, — old, dirty-style programs have to be installed with elevated rights if you want to use them.

In short, it’s still a security problem, but the problem comes from Microsoft’s difficult to handle legacy past, not a recent, poor security decision by Microsoft.

Anyway, I was sloppy, and I apologize for that. I should have nailed down the problem more accurately before posting.

So, the crux of the situation is that currently a lot of apps and their installers are written to install for the system, and to do so these apps request admin rights.

That’s really it. Microsoft is simply dealing with its insecure past, i.e. a world in which installers had full admin rights to do anything they wanted on the system. As such, most software is still written in this fashion, and since that’s the case, and Vista users are non-privileged, — old, dirty-style programs have to be installed with elevated rights if you want to use them.

In short, it’s still a security problem, but the problem comes from Microsoft’s difficult to handle legacy past, not a recent, poor security decision by Microsoft.

Anyway, I was sloppy, and I apologize for that. I should have nailed down the problem more accurately before posting.

First, let me tell you, if you follow Windows security issues at all, you should know the name Rutkowska. Obviously you don’t, which does not serve any favors (hint: Google for “Blue pill” to learn something).

Second, you don’t seem to understand the issue at all… “Vista only requires programs to elevate using UAC if it actually is necessary, ie, the program would otherwise fail.”

And THAT is exactly the problem! Here’s the attack vector: JoeFriend surfs around on your machine and finds this great program on the net that he’d like to try. So he downloads it, clicks through UAC, fine and dandy. But the program contains who knows what sort of crap malware (let’s say it even installs itself in the kernel). So you thought JoeFriend can’t create any trouble? Whoops!

First, let me tell you, if you follow Windows security issues at all, you should know the name Rutkowska. Obviously you don’t, which does not serve any favors (hint: Google for “Blue pill” to learn something).

Second, you don’t seem to understand the issue at all… “Vista only requires programs to elevate using UAC if it actually is necessary, ie, the program would otherwise fail.”

And THAT is exactly the problem! Here’s the attack vector: JoeFriend surfs around on your machine and finds this great program on the net that he’d like to try. So he downloads it, clicks through UAC, fine and dandy. But the program contains who knows what sort of crap malware (let’s say it even installs itself in the kernel). So you thought JoeFriend can’t create any trouble? Whoops!

most apps install, by default, files, or registry entries to places that a standard user (non-admin, non-power user) does not have access to. On windows 9x / 2000 / xp this is not an issue as all users by default (at least on a standalone or workgroup pc) have administrative rights and can do what they want. Generally, most applications, if written correctly, do not need to put files / registry entries in to system-wide locations, but they just do because they have been able to for so long, and it’s easier.

e.g., quicktime will install system wide video codecs, that annoying system tray icon, change system-wide file associations, etc. however, as an example of apps that do install correctly, it is possible to install microsoft office without elevated user rights, and by default it will only get installed for that user, and not for others – kind of how you would expect. Especially as it’s a microsoft app.

so, the crux of the situation is that currently a lot of apps and their installers are written to install for the system, and to do so these apps request admin rights.

the only option to tighten security for vista was to adopt the linux approach and give users non-administrative rights by default, and install apps that affect the system as an elevated user. As vista’s lifecycle progresses, we shall see more apps written correctly to run in limited user context, and not require admin rights to install.. but for the time being we have badly written apps and installers.

most apps install, by default, files, or registry entries to places that a standard user (non-admin, non-power user) does not have access to. On windows 9x / 2000 / xp this is not an issue as all users by default (at least on a standalone or workgroup pc) have administrative rights and can do what they want. Generally, most applications, if written correctly, do not need to put files / registry entries in to system-wide locations, but they just do because they have been able to for so long, and it’s easier.

e.g., quicktime will install system wide video codecs, that annoying system tray icon, change system-wide file associations, etc. however, as an example of apps that do install correctly, it is possible to install microsoft office without elevated user rights, and by default it will only get installed for that user, and not for others – kind of how you would expect. Especially as it’s a microsoft app.

so, the crux of the situation is that currently a lot of apps and their installers are written to install for the system, and to do so these apps request admin rights.

the only option to tighten security for vista was to adopt the linux approach and give users non-administrative rights by default, and install apps that affect the system as an elevated user. As vista’s lifecycle progresses, we shall see more apps written correctly to run in limited user context, and not require admin rights to install.. but for the time being we have badly written apps and installers.

Not so fast, there. I don’t think the researcher is claiming it’s a bad thing for admin privileges to be granted during an application’s installation.

The issue here is that once an installer is granted permission to run and install its stuff, it gets those rights indefinitely during the install. That means it can install an application that will always run as an administrator, with all the privileges that includes.

This means that your spyware-laden applet can still gain admin privileges as long as your users can be tricked into granting permission to the installer. The installer just installs it stuff as normal, and because it’s got admin rights during the install, it says “it’s okay, the user trusts me, and I trust this little binary I’m installing — it can run as administrator if it wants, too. Ask the user again if you don’t believe me!”

In Unix land this is called “setuid root” — any user with sufficient permission to execute the binary can do so, and any execution of the binary permits it to run as the owning user (if the owner is root and the file is setuid, that means the binary gets to run as root, no matter who runs it).

Sounds like this is exactly what Vista is permitting — install a binary as an admin, with admin rights, so every time it runs, it gets to be an admin. Yay.

Not so fast, there. I don’t think the researcher is claiming it’s a bad thing for admin privileges to be granted during an application’s installation.

The issue here is that once an installer is granted permission to run and install its stuff, it gets those rights indefinitely during the install. That means it can install an application that will always run as an administrator, with all the privileges that includes.

This means that your spyware-laden applet can still gain admin privileges as long as your users can be tricked into granting permission to the installer. The installer just installs it stuff as normal, and because it’s got admin rights during the install, it says “it’s okay, the user trusts me, and I trust this little binary I’m installing — it can run as administrator if it wants, too. Ask the user again if you don’t believe me!”

In Unix land this is called “setuid root” — any user with sufficient permission to execute the binary can do so, and any execution of the binary permits it to run as the owning user (if the owner is root and the file is setuid, that means the binary gets to run as root, no matter who runs it).

Sounds like this is exactly what Vista is permitting — install a binary as an admin, with admin rights, so every time it runs, it gets to be an admin. Yay.

“Still, even though that might look like a secure configuration, this is all just an illusion of security! The whole security of the system can be compromised if attacker finds and exploits e.g. a bug in kernel driver.”

Oh really? You mean an OS is insecure if the attacker can exploit the kernel? You don’t say?

OBVIOUSLY. It’s still real security. The fact that human mistakes can always occur doesn’t stop it from being real security.

You can say “what if an attacker can exploit the kernel?” about any OS ever made; and it will remain true for any OS ever made. It’s a completely pointless FUD statement.

Mistakes happen. That doesn’t make security an “illusion”.

He’s an idiot.

“Still, even though that might look like a secure configuration, this is all just an illusion of security! The whole security of the system can be compromised if attacker finds and exploits e.g. a bug in kernel driver.”

Oh really? You mean an OS is insecure if the attacker can exploit the kernel? You don’t say?

OBVIOUSLY. It’s still real security. The fact that human mistakes can always occur doesn’t stop it from being real security.

You can say “what if an attacker can exploit the kernel?” about any OS ever made; and it will remain true for any OS ever made. It’s a completely pointless FUD statement.

Mistakes happen. That doesn’t make security an “illusion”.

He’s an idiot.

Conclusion: Vista only requires programs to elevate using UAC if it actually is necessary, ie, the program would otherwise fail.

Conclusion: Vista only requires programs to elevate using UAC if it actually is necessary, ie, the program would otherwise fail.

OK, I just did some testing to verify my above hypothesis, and I believe it to be correct.

The installer for Quicktime for Windows does not have a shield icon when you download it. Many other installers will display a shield while visually sitting on your desktop. Vista has identified these programs in advance as needing administrator privileges to run.

However, if you run Quicktime, Vista realizes during the installation process that Quicktime requires administrator privileges. Thus, it pops up a permissions elevation window. If you deny Administrator access, it means that the object Quicktime is trying to access (say, putting a DLL into the Windows directory) will fail without this permission.

It makes no sense to attempt to allow the installer to continue, because Vista knows the installer will simply fail.

Finally, there is another set of installers that need administrator privileges, but which Vista cannot identify. If you run these installers, they will just fail with a security error. If you re-run them, explicitly requiring the administrator account (say, through the right-click menu on the file) they will succeed.

So, there appear to be three classes of installers:

(1) Programs that Vista can identify in advance require administrator privileges. The install would simply fail without it; it knows this, so there is no reason to let you run the program. It would be like Windows Explorer pretending to let you access a directory it knows you don’t have rights to — it would be a runtime exception and something would crash. It not letting you do anything BUT run it as administrator is just a gracious way of crashing.

(2) Programs Vista can’t identify in advance as requiring administrator privileges, but which Vista can identify while they are running. Vista asks you at the time it attempts to use those privileges, and presents the elevation dialog.

(3) Programs that Vista cannot identify at all. These programs just crash (although the application itself might catch the error and say something like “Failed to install. Rolling back” or something). You have to run them as administrator manually.

Which category an application falls into, whether 1,2, or 3 probably depends on which APIs the program uses to perform its actions.