Email Address Password
Remember Me

Or Create a (Free) Account.
2004JanFebMarAprMayJunJul Aug Sep Oct Nov Dec
2005 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2006 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Oct Oct
2007JanFebMarAprMayJunJulAugSepOctNovDec2007
2008JanFebMarAprMayJunJulAugSepOctNovDec2008
2009JanFebMarAprMayJunJulAugSepOctNovDec2009
2010JanFebMarAprMayJunJulAugSepOctNovDec2010
2011JanFebMarAprMayJunJulAugSepOctNovDec2011
2012JanFebMarAprMayJunJulAugSepOctNovDec2012
2013JanFebMarAprMayJunJulAugSepOctNovDec2013
2014JanFebMarAprMayJunJulAugSepOctNovDec2014

Fri 25th May 00:19 2007: Vista UAC

Vista's security model looks something like su or maybe sudo, to those of us in the UNIX world. To do something special, you have to provide your password first. That will grant this process permissions which you would not usually have, and also log the event.

With Vista's User Account Control (UAC), a "normal" user has to provide a password; an "admin" user has to click to confirm the action.

What happens once that confirmation has been done?

With su/sudo, that process, and its children, have elevated rights. Other processes running under your control, though, cannot access it. With Vista's UAC, it seems that any other (unprivileged) process can do what it likes with the privileged process - press buttons, perform mouse clicks, keyboard input, etc etc..

And how do Microsoft respond to this criticism? ("IL" = "Integrity Level"):

Even the ability of a process at low IL to manipulate objects of a higher IL isn't necessarily prevented. Since processes running at different integrities are sharing the same desktop they share the same "session".... ILs, in and of themselves, do not define security boundaries. What's a security boundary? Itís a wall through which code and data can't pass without the authorization of a security policy..... Because elevations and ILs don't define a security boundary, potential avenues of attack, regardless of ease or scope, are not security bugs. So if you aren't guaranteed that your elevated processes aren't susceptible to compromise by those running at a lower IL, why did Windows Vista go to the trouble of introducing elevations and ILs? To get us to a world where everyone runs as standard user by default and all software is written with that assumption
Yes, folks. That's the best argument that Microsoft can come up with: It gets people used to the concept of run-as-user. The fact that it doesn't protect you at all is not a security bug. This is just to get people used to the idea. We may actually implement the idea at some later date.

Trustworthy Computing, anybody?

Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry to a whole new level of Trustworthiness in computing.
-- Bill Gates, 2002


Comments for 'Vista UAC'

Fri 25 May 2007 @ 00:51 GMT : Steve Parker
Hehe
Then I see this: < href="http://www.physorg.com/news99222979.html">Security drives Vista adoption
52% for Firewall/Anti-Spyware
14% for limited user accounts
22% for improved usability
11% for "other"
Of those surveyed, 6% have "finished testing" Vista.

You could post a comment if you were logged in.

You are logged in as 0

create an account

Steve's urandom blog
Share on Twitter Share on Facebook Share on LinkedIn Share on Identi.ca Share on StumbleUpon
My Shell Scripting Book:
    Shell Scripting, Expert Recipes for Linux, Bash and more
is available online and from all good booksellers:


DefectiveByDesign.org