Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
Administator security
I wonder if I am missing something in how the new security is designed in
Vista. When I installed Vista it asked for my logon on name and set me up as an administator account. It asked no questions about the type of account or if any other users were to be added. When I trigger an event that requires admin level permissions I get the dialog box that asks for confirmation, but no request for a password. I just click continue and proceeed. How is this more secure than XP? Or am I missing something? Kent |
|
|||
Administator security
Hello,
In Windows Vista, even though your account is an administrator, the programs you run are only given "standard user" permissions, unless you approve them via the permission dialog to have admin power. This is more secure in XP, because most applications running on your computer can't change system-level settings if they are compromised or poorly designed. And, the only applications that CAN potentially hurt your system are the ones that you explicitly authorize... So, if you see a prompt asking for permission when you are browsing the internet or writing in your word processor, you can reason that you weren't changing a system settings and click cancel, preventing an unknown program from gaining admin permission on your computer. In Windows XP, any program that could somehow get itself started could completely take control of your system. In Windows Vista, you are in control of what programs can hurt your system. -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
Administator security
This is more secure in XP
Should read: "This is more secure THAN XP" -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
Administator security
"Jimmy Brush" wrote in message ... Hello, In Windows Vista, even though your account is an administrator, the programs you run are only given "standard user" permissions, unless you approve them via the permission dialog to have admin power. This is more secure in XP, because most applications running on your computer can't change system-level settings if they are compromised or poorly designed. And, the only applications that CAN potentially hurt your system are the ones that you explicitly authorize... So, if you see a prompt asking for permission when you are browsing the internet or writing in your word processor, you can reason that you weren't changing a system settings and click cancel, preventing an unknown program from gaining admin permission on your computer. In Windows XP, any program that could somehow get itself started could completely take control of your system. In Windows Vista, you are in control of what programs can hurt your system. -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/ I agree with everything you have written about UAC, Jimmy, and you know I am a proponent of UAC and that I also understand (somewhat) its advantages over XP. After several months of reading posts by users unable to retain a product key, users who are under the impression that Microsoft writes drivers and users that can't burn (or recognize) an .iso, is Microsoft being wise in a practical sense by putting this control in the hands of the average user? As an example, when Joanna Rutkowska was asked at Black Hat how she was able to circumvent UAC, she replied that she merely clicked "OK." Or is it a matter of this being better than it was? Should Microsoft have gone farther? Am I over-analyzing? |
|
|||
Administator security
Hello Mark,
You bring up an excellent point, as always. And I would say that regardless of how the average user uses UAC, the system is still much more secure than in XP - even if the user always clicks Continue. Why? Because the majority of the system runs as a standard user when UAC is turned on (explorer.exe, etc). And, Internet Explorer Protected Mode is enabled with UAC on. These things will protect the user from automated attacks - such as worms - because if a worm burrows into these processes, they won't be able to do admin stuff. Of course, the worms can throw in shellcode that will ask the user to elevate a new process as admin, but this will be much more difficult to write, as it will have to drop an EXE onto the system, or abuse a pre-existing EXE. But, that still brings us back to the original question ... will users use UAC the way it was intended - to protect them from running applications that they did not start or do not want on their system? And if so, how does the user know what is good vs what is bad? Obviosuly I can't answer these questions definatively. But I do think it will work and be successful - here's why. Users are VERY aware that their computer gets filled up with "trash". Now, some users are more proactive about it than others (by buying security software or getting their computer cleaned by a geek), but I would say that even the lazy-est of computer users know that when they are on the internet their computer collects junk that slows down their computer and throws advertisements. With UAC, users are no longer in the dark about this "filling up with trash" process... It is now very simple to explain to users that "When you click Continue, your computer fills up with junk and you have to spend money to clean it out". I am hoping that this doesn't even have to be explained - as it should be ovious to the user after a while that clicking Continue does bad things. From a psychological viewpoint, UAC throws in a rewards/punishment system to the mix. When they click Continue when a malware asks to be installed, they are punished by being forced to put up with the malware and eventually having the computer cleaned. When they click Cancel, they are rewarded by stopping the malware from getting started. BUT ... how does the user know when to click Continue and when to click Cancel? This part takes some training - but I think it will be very simple for most users to grasp, many just intuitively. Basically, if you're opening something that you want to be able to trash your computer, steal your credit card numbers, and send embarassing pictures of you at last years octoberfest to your contact list, click Continue; otherwise, click Cancel. As for taking UAC "to the next level" ... Fundamentally, UAC relies on the user to give the system a yes or no response. There is no way around this... the system cannot determine what programs should have admin or shouln't have admin, because the system sees all programs as equal. This is why UAC works so well with antispyware solutions and antivirus solutions -- they fill gaps in each others' protections. Traditional security software stops known baddies but doesn't get them all. UAC helps the user stop unknown baddies while relying on traditional security software to automatically stop the known baddies so as not to bother the user with them. However, I do hope that in a future version, Windows will be able to tell the difference between the user starting a program and a program starting a program. This will allow the system to make much more informed decisions as to when to ask the user for permission -- for example, a program could be "blessed" to always run as admin, but only if the system determines the user is explicitly starting that program; if not, the system would throw a prompt. -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
Administator security
I never really wrapped up my thoughts ...
In conclusion, then, it is anybody's guess how successful UAC will be with training users when to click Continue and when to click Cancel. I'm sure Microsoft has been watching user reactions to it very closely and will continue to fine-tune it after Vista is released. It is definately something Microsoft MUST watch closely, and tweak very often, because getting users to be able to intuitively understand its value and learn how to use it is of paramount importance. -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
Administator security
So, UAC is better than anything previously offered by Microsoft in an
operating system. On this we can agree. Is it enough? We don't yet know, but I will be cynical and say it is not, and that users will click away with abandon. I'l return to my "Blue Pill" example and purport that Joanna is correct in her assesment that social engineering, Pavlovian that it is, has conditioned the average user to merely click without thought. Rootkits are the next threat, and with virtual machines so prevalent, they are here, now. Ones done well will be undetectable, and with a user programmed to click, they will be installed. AI has shown promise in other fields. Can the properties of AI be adapted to recognize "good vs. evil?" Not today. When does Vienna ship? |
|
|||
Administator security
Can the properties of AI be adapted
to recognize "good vs. evil?" Good and evil are labels assigned by human brains to abstract concepts. If my computer started doing this, I would be very, very afraid. lol -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/ |