From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_06B9_01C75470.2F0CB220
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   This has no relevance to malware.

Rich

  "Rich Gauszka"  wrote in message =
news:45da8a0b$1{at}w3.nls.net...
  I can understand why the criticism though as when one is the dominant=20
  vendor as is Microsoft one is also the chief target of Malware. I tend =

  to agree with the views expressed in the blog below

  http://blogs.zdnet.com/Ou/?cat=3D8

  While it's true that Vista UAC is no different from Mac or Linux=20
  privilege escalation, we must remember that the old argument that=20
  "everyone else is doing it" just doesn't cut it when you're the most=20
  dominant desktop operating system in the world and the biggest target=20
  for Malware.  While Vista's security record in the first three months=20
  (referring to enterprise and MSDN rollout) in public has been stellar =
by=20
  any standard on any operating system, we have to expect that Malware=20
  pushers will be using a lot more social engineering as their weapon of =

  choice against Vista once it inevitably becomes the dominant operating =

  system led by the retail sector.  There are simply too many people=20
  downloading "warez" (pirated software), applications and games that=20
  people think will be cool to try out, and "free" adult videos that=20
  require one of those "special" root me Codecs in order to
"play" and=20
  your average Joe or Jane won't know any better.  While one might be=20
  tempted to say "it's their problem", it eventually becomes everyone's=20
  problem because those suckers become a massive army of zombies that =
can=20
  spew spam and DDoS (Distributed Denial of Service) attacks.

  What Rutkowska suggests is that UAC should have more than just a =
yes/no=20
  option on privilege escalation but a yes, limited yes, and no option.=20
  Under Windows XP, Rutkowska is able to run as a limited user with add=20
  only privileges to the "Program Files" directory and the HKLM Software =

  registry hive but Vista takes this choice away from her because of the =

  way that UAC works.  I would add to that add only permissions list the =

  "Public Desktop" so that launch icons can at least be installed for=20
  everyone.  The vast majority of applications shouldn't need any more=20
  privileges than what's listed here and they certainly shouldn't ever=20
  have the ability to modify the OS kernel unless they're signed by a=20
  trusted Certificate Authority.  If Microsoft would adopt this as the=20
  standard permission model for the vast majority of applications then =
it=20
  would vastly improve the Trojan Malware situation

  Rich wrote:
  >    This is entirely an app compat issue for legacy installers not=20
  > anything that should be relevant as ISVs release new products.  =
There is=20
  > a mechanism defined for any application to declare its elevation=20
  > behavior and one specifically for installers that use Windows=20
  > Installer.  See=20
  > http://msdn2.microsoft.com/en-us/library/aa372468.aspx for Using =
Windows=20
  > Installer with UAC.  See=20
  > http://msdn2.microsoft.com/en-us/library/aa480150.aspx for info on=20
  > developing applications.  The Certified for Windows Vista logo =
requires=20
  > that all EXEs declare their execution level.  See=20
  > =
http://download.microsoft.com/download/8/e/4/8e4c929d-679a-4238-8c21-2dcc=
8ed1f35c/Windows%20Vista%20Software%20Logo%20Spec%201.1.doc.
  > =20
  > Rich
  > =20
  >=20
  >     "Rich Gauszka"      > wrote in message
  >     news:45da0ce1$3{at}w3.nls.net...
  >     I don't read that in Russinovich's response as he does admit =
there is a
  >     problem and admit that Vista's administration escalation on the
  >     installer is
  >     intentional. Only time will tell if Vista's 'usability' makes =
for a
  >     happy
  >     hacker and Microsoft's design choice was poor .
  >=20
  >     It does seem though that Microsoft's security concern these days =
is
  >     more
  >     with tightening the screws to wga rather than worry about =
mundane user
  >     related security issues
  >     =
http://crunchgear.com/2007/02/19/microsofts-ballmer-blames-poor-vista-sal=
es-on-piracy/
  >=20
  >=20
  >     "Gary Britt"      > wrote in message
  >     news:45da06e5$1{at}w3.nls.net...
  >      > Its said to see Russinovich lend his credibility to the spin
  >     machine at
  >      > Microsoft.  Am I the only one who thinks this?  I'm sure he's
  >     getting paid
  >      > really well and any of us would have sold out just like him, =
but
  >     its still
  >      > sad nonetheless.
  >      >
  >      > Gary
  >      >
  >      > Rich Gauszka wrote:
  >      >> "I would like to be offered a choice whether to
fully trust =
a given
  >      >> installer executable [and run it as full administrator] or =
just
  >     allow it
  >      >> to add a folder in C:\Program Files and some keys under
  >     HKLM\Software and
  >      >> do nothing more."
  >      >>
  >      >> "I could do that under Windows XP, but apparently I can't =
under
  >     Vista,
  >      >> which is a bit disturbing."
  >      >>
  >      >>
  >      >>
  >     =
http://www.itnews.com.au/newsstory.aspx?CIaNID=3D46057&src=3Dsite-marq
  >     =
http://www.itnews.com.au/newsstory.aspx?CIaNID=3D46057&src=3Dsite-marq>
  >      >>
  >      >> Rutkowska discovered that when Vista detects that the user =
is
  >     running an
  >      >> installation file it kicks into full admin mode.
  >      >>
  >      >> If a user wishes to install a new program they are presented
  >     with the
  >      >> option either to allow the installer complete system =
privileges
  >     or not to
  >      >> run the program at all.
  >      >>
  >      >> Rutkowska wrote on her Invisible Things blog: "That means =
that
  >     if you
  >      >> downloaded some freeware Tetris game, you will have to run =
its
  >     installer
  >      >> as administrator, giving it full access to all your file =
system and
  >      >> registry, and allowing it to load kernel drivers! Why should =
a
  >     Tetris
  >      >> installer be allowed to load kernel drivers?
  >      >>
  >      >> "I would like to be offered a choice whether to
fully trust =
a given
  >      >> installer executable [and run it as full administrator] or =
just
  >     allow it
  >      >> to add a folder in C:\Program Files and some keys under
  >     HKLM\Software and
  >      >> do nothing more.
  >      >>
  >      >> "I could do that under Windows XP, but apparently I can't =
under
  >     Vista,
  >      >> which is a bit disturbing."
  >      >>
  >      >> A few days after her posting there was a lengthy and =
detailed
  >     response
  >      >> from Mark Russinovich, a Technical Fellow at Microsoft.
  >      >>

--- BBBS/NT v4.01 Flag-5