The great UAC debate continues ... in Windows 7. - Page 2

iMav · 02-03-2009, 06:21 AM

@corrine UAC is a security feature built for mass users & not everyone is a forum user who checks what changes are made at system level everytime a program is installed. Let's look at practical scenarios of home users who obtain stuff from various sources & if a program can change UAC without user knowledge what's the point of UAC?

HappyAndyK · 02-03-2009, 12:42 PM

Good to see WinPatrol has reacted immediately, thanks to your suggestion Corrine.

seti · 02-03-2009, 05:23 PM

As I've posted elsewhere when a MVP suggests something then it is probably wise to follow their advice, when two do so then it is probably mad not to do so. So I'm switching UAC on and having winpatrol as well

roraniel · 02-03-2009, 06:00 PM

OK, enlighten me. I would love to share my dock icons, how do I do what you suggest?

Quote:

Originally Posted by Corrine

@roraniel, why not put those images you're playing around with in your user's folder?

Corrine · 02-04-2009, 02:19 AM

Here's what I would describe as the "official answer": Roger's Security Blog : The Windows 7 UAC ?Vulnerability?

My thoughts:

If there are multiple users on the computer, each should run as limited user. If you elect to use the medium slider bar options, at least it will only be the standard user account that is affected, not an administrator account.

As I wrote in another thread, UAC is needed for Protected Mode in IE. The following quote from Understanding and Working in Protected Mode Internet Explorer explains Protected Mode quite well:

Quote:

Protected Mode is only available on Windows Vista because it is based on security features new to Windows Vista.

User Account Control (UAC) makes it easy to run without Administrator privileges. When users run programs with limited user privileges, they are safer from attack than when they run with Administrator privileges because Windows can restrict the malicious code from carrying out damaging actions.
Integrity mechanism restrict write access to securable objects by lower integrity processes, much the same way that user account group membership restricts the rights of users to access sensitive system components.
User Interface Privilege Isolation (UIPI) prevents processes from sending selected window messages and other USER APIs to processes running with higher integrity.

The Windows Vista security infrastructure allows Protected Mode to provide Internet Explorer with the privileges needed to browse the Web while withholding privileges needed to silently install programs or modify sensitive system data.

(The same Protected Mode principles will apply to Windows 7.)

If you are concerned about changes to the UAC settings, remember that Bits from Bill: WinPatrol v16 Monitors Changes to UAC Settings . (v16 is still beta but I believe the final version is expected to be released within a couple weeks.)

r.k · 02-04-2009, 03:53 AM

I use UAC as-in default mode except w/ disable to switch secure desktop while elevating.

HappyAndyK · 02-04-2009, 11:14 AM

Windows 7 UAC, now has a second flaw ! The price Microsoft is paying for 'dumbing' down the UAC behavior, I suppose!

"In short, a second UAC security flaw in the Windows 7 beta’s default security configuration allows a malicious application to autonomously elevate themselves to full administrative privileges without UAC prompts or turning UAC off.

The advice to every Windows 7 beta user is to set your UAC setting to “high”. This will make sure granting privileges are only in the control of your own mouse clicks and should prevent a malicious application from exploiting this and the previous flaw."

iMav · 02-04-2009, 03:05 PM

^^ That was a direct implication of the 1st flaw.

HappyAndyK · 02-05-2009, 11:39 AM

Microsoft has responded to these 2 criticisms on its E7 Blog :

The first issue to untangle is about the difference between malware making it onto a PC and being run, versus what it can do once it is running. There has been no report of a way for malware to make it onto a PC without consent. All of the feedback so far concerns the behavior of UAC once malware has found its way onto the PC and is running. Microsoft’s position that the reports about UAC do not constitute a vulnerability is because the reports have not shown a way for malware to get onto the machine in the first place without express consent. Some people have taken the, “it’s not a vulnerability” position to mean we aren’t taking the other parts of the issue seriously. Please know we take all of the feedback we receive seriously.

The second issue to untangle is about the difference in behavior between different UAC settings. In Windows 7, we have four settings for the UAC feature: “Never Notify,” “Notify me only when programs try to make changes to my computer (without desktop dimming),” “Notify me only when programs try to make changes to my computer (with desktop dimming),” and “Always Notify.” In Windows Vista there were only two choices, the equivalent of “Never Notify” and “Always Notify.” The Vista UI made it difficult for people to choose “Never Notify” and thus choosing between extremes in the implementation. Windows 7 offers you more choice and control over this feature, which is particularly interesting to many of you based on the feedback we have received.

The recent feedback on UAC is about the behavior of the “Notify me only when programs try to make changes to my computer” settings. The feedback has been clear it is not related to UAC set to “Always Notify.” So if anyone says something like, “UAC is broken,” it is easy to see they are mischaracterizing the feedback.

One important thing to know is that UAC is not a security boundary. UAC helps people be more secure, but it is not a cure all. UAC helps most by being the prompt before software is installed."

If only there was a way to allow the User to be notified if his UAC level or setting was changed, it would help...

Corrine · 02-06-2009, 12:51 AM

A joint posting by Jon DeVann and Steven Sinofsky was published announcing two changes to the RC (Release Candidate) of Windows 7:

1. The UAC Control Panel will run in a high integrity process, which requires elevation.
2. Changing the UAC setting (adjusting the slider) will prompt for confirmation.

As described in UAC Feedback and Follow-Up:

Quote:

"The first change was a bug fix and we actually have a couple of others similar to that—this is a beta still, even if many of us are running it full time. The second change is due directly to the feedback we’re seeing. This “inconsistency” in the model is exactly the path we’re taking. The way we‘re going to think about this that the UAC setting is something like a password, and to change your password you need to enter your old password."