A Windows Vista forum. Vista Banter

Welcome to Vista Banter.

You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact support.

Go Back   Home » Vista Banter forum » Microsoft Windows Vista » Security and Windows Vista
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security)

can a key logger program steal admin password when you install program from limited user account



 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old December 18th 10, 03:04 PM posted to microsoft.public.windows.vista.general,microsoft.public.windows.vista.security,microsoft.public.windows.vista
[email protected]
external usenet poster
 
Posts: 24
Default can a key logger program steal admin password when you install program from limited user account

I have admin and limited user account on my PC. I always run in
limited user account, except when installing program and doing other
system maintenance work.

In limited user account, when I install a program, it will pop up a
dialog to ask for admin password.

Suppose that under limited user account, I by mistake downloaded
virus/trojan, can this virus/trojan/key logger steal the admin
password when I try to install a program?

I know that I'll be safe if I switch to admin account to do the
installation.

And yes, there is a possibility that the virus will change the program
I want to install. Let's ignore this possibility for now.

I am running Win7.

Thanks.
  #2 (permalink)  
Old December 19th 10, 12:25 AM posted to microsoft.public.windows.vista.general,microsoft.public.windows.vista.security,microsoft.public.windows.vista
FromTheRafters[_2_]
external usenet poster
 
Posts: 221
Default can a key logger program steal admin password when you installprogram from limited user account

wrote:
I have admin and limited user account on my PC. I always run in
limited user account, except when installing program and doing other
system maintenance work.

In limited user account, when I install a program, it will pop up a
dialog to ask for admin password.

Suppose that under limited user account, I by mistake downloaded
virus/trojan, can this virus/trojan/key logger steal the admin
password when I try to install a program?


How does it work? If it can install a keylogger, it already has admin
privileges.

Short answer:

It should not be able to. The elevation prompt is not in your limited
user account, but in the "secure desktop" instead (like your logon
desktop). The system takes a snapshot of your current desktop, darkens
it, and switches to the secure desktop and displays it there - and then
displays the credentials prompt.

However, it might be possible for a compromised limited account to fake
a secure desktop (darkened desktop) with a fake credentials prompt for you.

I know that I'll be safe if I switch to admin account to do the
installation.


If you have a keylogger "installed", how can you assume this?

And yes, there is a possibility that the virus will change the program
I want to install. Let's ignore this possibility for now.


You are only concerned about what can see the admin password?

When you get to the "logon" screen and enter your admin password there,
it is the same thing as the secure desktop offered up in your limited
user account - if your keylogger can do one, it can do the other.

I am running Win7.


I assumed Vista (the group names all say vista) - and I also assume Win
7 is quite similar in this respect.
  #3 (permalink)  
Old December 20th 10, 02:56 AM posted to microsoft.public.windows.vista.general,microsoft.public.windows.vista.security,microsoft.public.windows.vista
Dave Warren
external usenet poster
 
Posts: 107
Default can a key logger program steal admin password when you install program from limited user account

In message FromTheRafters
was claimed to have wrote:

wrote:
I have admin and limited user account on my PC. I always run in
limited user account, except when installing program and doing other
system maintenance work.

In limited user account, when I install a program, it will pop up a
dialog to ask for admin password.

Suppose that under limited user account, I by mistake downloaded
virus/trojan, can this virus/trojan/key logger steal the admin
password when I try to install a program?


How does it work? If it can install a keylogger, it already has admin
privileges.


Keyloggers can run as a limited user but will only be able to intercept
activity that happens within that user's context and won't see what
happens in other contexts, including UAC elevated applications.

Short answer:

It should not be able to. The elevation prompt is not in your limited
user account, but in the "secure desktop" instead (like your logon
desktop). The system takes a snapshot of your current desktop, darkens
it, and switches to the secure desktop and displays it there - and then
displays the credentials prompt.


Don't forget the number of folks who set UAC to not use a secure
desktop, these people may not even have this level of protection.

  #4 (permalink)  
Old December 20th 10, 06:40 AM posted to microsoft.public.windows.vista.general,microsoft.public.windows.vista.security,microsoft.public.windows.vista
Poutnik
external usenet poster
 
Posts: 109
Default can a key logger program steal admin password when you install program from limited user account

In article , dave-
says...

.........

Keyloggers can run as a limited user but will only be able to intercept
activity that happens within that user's context and won't see what
happens in other contexts, including UAC elevated applications.

Short answer:

It should not be able to. The elevation prompt is not in your limited
user account, but in the "secure desktop" instead (like your logon
desktop). The system takes a snapshot of your current desktop, darkens
it, and switches to the secure desktop and displays it there - and then
displays the credentials prompt.


Don't forget the number of folks who set UAC to not use a secure
desktop, these people may not even have this level of protection.


Sofisticated malware can abuse
security vulnerabilities of various software, including OS,
related to privilege escalation.

All OSs, not limited to Windows, and many of applications
publish often, or time by time security patches,
addressing privilege escalation threat.

Some of them are publicly known among hackers for longer time
before getting fixed.


--
Poutnik
  #5 (permalink)  
Old February 20th 11, 03:19 PM posted to microsoft.public.windows.vista.general,microsoft.public.windows.vista.security,microsoft.public.windows.vista
[email protected]
external usenet poster
 
Posts: 24
Default can a key logger program steal admin password when you install program from limited user account

On Sun, 19 Dec 2010 18:56:37 -0800, Dave Warren
wrote:

Don't forget the number of folks who set UAC to not use a secure
desktop, these people may not even have this level of protection.


How can I check to make sure that UAC is set to use a secure
desktop? I only found one screen to control UAC setting, and there is
no mention of secure desktop there. Thanks.
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 06:03 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.Search Engine Optimization by vBSEO 3.0.0 RC6
Copyright 2004-2018 Vista Banter.
The comments are property of their posters.