From: Rich Gauszka
I can understand why the criticism though as when one is the dominant
vendor as is Microsoft one is also the chief target of Malware. I tend to
agree with the views expressed in the blog below
http://blogs.zdnet.com/Ou/?cat=8
While it's true that Vista UAC is no different from Mac or Linux privilege
escalation, we must remember that the old argument that "everyone else
is doing it" just doesn't cut it when you're the most dominant desktop
operating system in the world and the biggest target for Malware. While
Vista's security record in the first three months (referring to enterprise
and MSDN rollout) in public has been stellar by any standard on any
operating system, we have to expect that Malware pushers will be using a
lot more social engineering as their weapon of choice against Vista once it
inevitably becomes the dominant operating system led by the retail sector.
There are simply too many people downloading "warez" (pirated
software), applications and games that people think will be cool to try
out, and "free" adult videos that require one of those
"special" root me Codecs in order to "play" and your
average Joe or Jane won't know any better. While one might be tempted to
say "it's their problem", it eventually becomes everyone's
problem because those suckers become a massive army of zombies that can
spew spam and DDoS (Distributed Denial of Service) attacks.
What Rutkowska suggests is that UAC should have more than just a yes/no
option on privilege escalation but a yes, limited yes, and no option. Under
Windows XP, Rutkowska is able to run as a limited user with add only
privileges to the "Program Files" directory and the HKLM Software
registry hive but Vista takes this choice away from her because of the way
that UAC works. I would add to that add only permissions list the
"Public Desktop" so that launch icons can at least be installed
for everyone. The vast majority of applications shouldn't need any more
privileges than what's listed here and they certainly shouldn't ever have
the ability to modify the OS kernel unless they're signed by a trusted
Certificate Authority. If Microsoft would adopt this as the standard
permission model for the vast majority of applications then it would vastly
improve the Trojan Malware situation
Rich wrote:
> This is entirely an app compat issue for legacy installers not
> anything that should be relevant as ISVs release new products. There is
> a mechanism defined for any application to declare its elevation
> behavior and one specifically for installers that use Windows
> Installer. See
> http://msdn2.microsoft.com/en-us/library/aa372468.aspx for Using Windows
> Installer with UAC. See
> http://msdn2.microsoft.com/en-us/library/aa480150.aspx for info on
> developing applications. The Certified for Windows Vista logo requires
> that all EXEs declare their execution level. See
> http://download.microsoft.com/download/8/e/4/8e4c929d-679a-4238-8c21-2dcc8ed1
f35c/Windows%20Vista%20Software%20Logo%20Spec%201.1.doc.
>
> Rich
>
>
> "Rich Gauszka" > wrote in message
> news:45da0ce1$3{at}w3.nls.net...
> I don't read that in Russinovich's response as he does admit there is a
> problem and admit that Vista's administration escalation on the
> installer is
> intentional. Only time will tell if Vista's 'usability' makes for a
> happy
> hacker and Microsoft's design choice was poor .
>
> It does seem though that Microsoft's security concern these days is
> more
> with tightening the screws to wga rather than worry about mundane user
> related security issues
> http://crunchgear.com/2007/02/19/microsofts-ballmer-blames-poor-vista-sal
es-on-piracy/
>
>
> "Gary Britt" > wrote in message
> news:45da06e5$1{at}w3.nls.net...
> > Its said to see Russinovich lend his credibility to the spin
> machine at
> > Microsoft. Am I the only one who thinks this? I'm sure he's
> getting paid
> > really well and any of us would have sold out just like him, but
> its still
> > sad nonetheless.
> >
> > Gary
> >
> > Rich Gauszka wrote:
> >> "I would like to be offered a choice whether to
fully trust a given
> >> installer executable [and run it as full administrator] or just
> allow it
> >> to add a folder in C:\Program Files and some keys under
> HKLM\Software and
> >> do nothing more."
> >>
> >> "I could do that under Windows XP, but apparently I
can't under
> Vista,
> >> which is a bit disturbing."
> >>
> >>
> >>
> http://www.itnews.com.au/newsstory.aspx?CIaNID=46057&src=site-marq
>
http://www.itnews.com.au/newsstory.aspx?CIaNID=46057&src=site-marq>
> >>
> >> Rutkowska discovered that when Vista detects that the user is
> running an
> >> installation file it kicks into full admin mode.
> >>
> >> If a user wishes to install a new program they are presented
> with the
> >> option either to allow the installer complete system privileges
> or not to
> >> run the program at all.
> >>
> >> Rutkowska wrote on her Invisible Things blog: "That
means that
> if you
> >> downloaded some freeware Tetris game, you will have to run its
> installer
> >> as administrator, giving it full access to all your file
system and
> >> registry, and allowing it to load kernel drivers! Why should a
> Tetris
> >> installer be allowed to load kernel drivers?
> >>
> >> "I would like to be offered a choice whether to
fully trust a given
> >> installer executable [and run it as full administrator] or just
> allow it
> >> to add a folder in C:\Program Files and some keys under
> HKLM\Software and
> >> do nothing more.
> >>
> >> "I could do that under Windows XP, but apparently I
can't under
> Vista,
> >> which is a bit disturbing."
> >>
> >> A few days after her posting there was a lengthy and detailed
> response
> >> from Mark Russinovich, a Technical Fellow at Microsoft.
> >>
> >> Russinovich essentially admitted that, while the problem exists,
> it was a
> >> design choice that stemmed from the balance between security and
> >> usability.
> >>
> >> "Because elevations and integrity levels do not
define a security
> >> boundary, potential avenues of attack, regardless of ease or
> scope, are
> >> not security bugs, " he said.
> >>
> >> In light of the huge security campaign surrounding Windows Vista
> in 2006,
> >> Rutkowska said in a follow up posting that this explanation
> simply is not
> >> good enough and that Microsoft should attempt to solve the
> problem rather
> >> than try and dismiss the issue.
>
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
SEEN-BY: 633/267
@PATH: 379/45 1 633/267
|