| 2004 | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | |
| 2006 | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Oct | Oct | |
| 2007 | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | 2007 |
| 2008 | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | 2008 |
| 2009 | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | 2009 |
| 2010 | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | 2010 |
| 2011 | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | 2011 |
| 2012 | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | 2012 |
| 2013 | Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | 2013 |
Fri 25th May 00:19 2007: Vista UAC
Vista's security model looks something like su or maybe sudo, to those of us in the UNIX world. To do something special, you have to provide your password first. That will grant this process permissions which you would not usually have, and also log the event.
With Vista's User Account Control (UAC), a "normal" user has to provide a password; an "admin" user has to click to confirm the action.
What happens once that confirmation has been done?
With su/sudo, that process, and its children, have elevated rights. Other processes running under your control, though, cannot access it. With Vista's UAC, it seems that any other (unprivileged) process can do what it likes with the privileged process - press buttons, perform mouse clicks, keyboard input, etc etc..
And how do Microsoft respond to this criticism? ("IL" = "Integrity Level"):
Even the ability of a process at low IL to manipulate objects of a higher IL isn't necessarily prevented. Since processes running at different integrities are sharing the same desktop they share the same "session".... ILs, in and of themselves, do not define security boundaries. What's a security boundary? It’s a wall through which code and data can't pass without the authorization of a security policy..... Because elevations and ILs don't define a security boundary, potential avenues of attack, regardless of ease or scope, are not security bugs. So if you aren't guaranteed that your elevated processes aren't susceptible to compromise by those running at a lower IL, why did Windows Vista go to the trouble of introducing elevations and ILs? To get us to a world where everyone runs as standard user by default and all software is written with that assumptionYes, folks. That's the best argument that Microsoft can come up with: It gets people used to the concept of run-as-user. The fact that it doesn't protect you at all is not a security bug. This is just to get people used to the idea. We may actually implement the idea at some later date.
Trustworthy Computing, anybody?
Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry to a whole new level of Trustworthiness in computing.
-- Bill Gates, 2002
Comments for 'Vista UAC'
| Fri 25 May 2007 @ 00:51 GMT : Steve Parker Hehe |
| Then I see this: < href="http://www.physorg.com/news99222979.html">Security drives Vista adoption 52% for Firewall/Anti-Spyware 14% for limited user accounts 22% for improved usability 11% for "other" Of those surveyed, 6% have "finished testing" Vista. |
You could post a comment if you were logged in.
You are logged in as 0
