Windows 7 UAC crippled - I broke it already! | The Coffeehouse

Sven Groot
My name has 9 letters. Coincidence? I think not...

I managed to get hold of the PDC build of Windows 7 via methods that I will not mention here. I installed it in Virtual PC and am pretty impressed on the whole. But this new UAC default setting makes it completely and utterly useless.

Windows 7's default UAC setting lets you change Windows settings without needing a prompt. In practice this means that any app that is part of Windows can elevate without a prompt. Even when another app is asking them to do it! Three lines of C# code is all I need to have my app write to parts of the registry that an untrusted app shouldn't be able to write to without getting a prompt.

Here's the code:

ProcessStartInfo p = new ProcessStartInfo("cmd.exe", "/k reg add HKLM\\Software\\malicious");<BR>p.Verb = "runas";<BR>Process.Start(p);

Run that code on Win7 with default UAC settings and it will not prompt and allow the registry write!

This is rediculous. They're going way too far in the opposite direction now. You might as well not have UAC at all and put up a sign "malware welcome!" or something. Sad

Bas
It finds lightbulbs.

No, see, this is fine, because launching the command prompt and running k reg add HKLM\\Software\\malicious can obviously only be a user initiated action. *rolls eyes*

Despite having a build that you're not supposed to have, can you send this as feedback? This is ridiculous.

Sven Groot
My name has 9 letters. Coincidence? I think not...

In reply to Bas

#Oct 31st, 2008 @ 9:11 AM

No, I don't have a product key, and the feedback tool won't run without a product key.

littleguru
<3 Seattle

Yeah... that's weird! It might - and please Windows team don't disappoint - just be a bug in the current build that was distributed during PDC and is fixed later on (as in for BETA and RTM). Crippling UAC is the wrong direction to go!

Bas
It finds lightbulbs.

In reply to Sven Groot

#Oct 31st, 2008 @ 9:11 AM

Ugh. Well, it'll probably be too late when the public beta comes by. Looking forward to using the most insecure version of Windows yet! Tongue Out

Sven Groot
My name has 9 letters. Coincidence? I think not...

In reply to Bas

#Oct 31st, 2008 @ 9:14 AM

You can still change the settings yourself to make it more secure, so if you want to be secure it's not an issue. Normal users will be right back where they were with XP running as an admin.

blowdart
Peek-a-boo

I dropped you an email.

leeappdalecom
.nettter

In reply to Sven Groot

#Oct 31st, 2008 @ 9:16 AM

Whatever happens MS wont win here, personally I think UAC should stay as it was in Vista.

I turned it off after a while and thats fine, but the point is I had to go and turn it off rather than turn it on.

If they relax UAC they get it wrong if they leave UAC as it is they get it wrong its a no win.

To me UAC is no diffrent than the elevated prompt in MAC OSX but you dont here people complaining as much about that.

Sven Groot
My name has 9 letters. Coincidence? I think not...

In reply to blowdart

#Oct 31st, 2008 @ 9:23 AM

Where? I'm not seeing it anywhere.

Sven Groot
My name has 9 letters. Coincidence? I think not...

In reply to leeappdalecom

#Oct 31st, 2008 @ 9:25 AM

I'm all for reducing the number of UAC prompts. But the way they should be doing it is by reducing the number of components that need prompts. Make more settings per-user. Encourage per-user app installs (like Chrome and Live Mesh), get people to use per-user ActiveX controls (new in IE8). Streamline places like Explorer where the UAC experience was jarring.

But for heaven's sake, don't reduce prompts by supressing prompts where they are needed! That's just the most completely wrong thing you can do! What concerns me most is that either the people at MS didn't think of this or they thought it was acceptable. Either way it makes me question the intelligence of those involved, I'm sorry to say.

blowdart
Peek-a-boo

In reply to Sven Groot

#Oct 31st, 2008 @ 9:25 AM

-snippity-

littleguru
<3 Seattle

In reply to leeappdalecom

#Oct 31st, 2008 @ 9:25 AM

Microsoft shouldn't listen too much to the people who complain. The issue is that a lot of them haven't even tried Vista after all. Or if they tried it they were just searching for reasons. If all the other issues that were/are around with Vista are going to be fixed and some innovation happens most of the users will be fine.

Btw. I wonder what the number one reason for deactivating UAC is/was. I could imagine that they turned it off because some application wouldn't work. Applications that just thought they are going to be admins forever - and ignoring guidelines forever...

I hope Windows 7 won't abandon the current road. I personally found that UAC made Windows a lot more secure. In XP I had to clean my parents PCs all half years. Full of crap on there. UAC helped a lot. I trained them to never click "Continue" other than when they launched a setup. And they did that. It worked wonders.

Sven Groot
My name has 9 letters. Coincidence? I think not...

In reply to blowdart

#Oct 31st, 2008 @ 9:34 AM

The tubes must be clogged, I don't have it yet.

EDIT: Nevermind, got it.

Typhoon87
Facilitator of our reality

In reply to Sven Groot

#Oct 31st, 2008 @ 9:36 AM

I hate per user app installs. When multuiple users use the same app you get multiple versions/unecassary files ect. Install it per machine and have the settings and options per user.

Sven Groot
My name has 9 letters. Coincidence? I think not...

In reply to Typhoon87

#Oct 31st, 2008 @ 9:42 AM

I was just giving examples of how to reduce prompts without making UAC pointless.

Even my claim that UAC is primarily useful when an app doesn't elevate is no longer valid. The idea was that an exploit for something like Outlook, which isn't elevated, couldn't do much harm. However, now such an exploit could elevate silently so even that advantage is gone. By giving any app the ability to elevate silently by asking a windows component to do it for them, UAC has no raison d'etre anymore. They might as well remove it. It's imply not an acceptable situation.

wastingtimewithforums

In reply to Sven Groot

#Oct 31st, 2008 @ 9:49 AM

"Microsoft shouldn't listen too much to the people who complain. The issue is that a lot of them haven't even tried Vista after all. Or if they tried it they were just searching for reasons"

I agree. Especially listening to sites like slashdot or digg is madness. This is the lowest of the low. Some people there are literaly addicted to Microsoft-hating. It's almost like a intoxication.

The internet is a moronic place, that's a fact. And design decisions shouldn't be based on the echoes of one of the worst mediums in existence.

Vista had it right the first time, and now they bow down before the slashdot crowds. Sickening. What is it with MS nowadays anyway? Not to forget the response to the Apple ads (which backfired).

Responding and listening is not always right, the most people on the internet are morons and shouldn't be listened at.

Bas
It finds lightbulbs.

I just now remembered that all PDC sessions end with an email address for questions and feedback. I figured I'd look for a suitable session on Windows 7 and email whoever presented it about this problem, only to find out that there's no security related Windows 7 sessions. Uh oh.. Tongue Out

figuerres
???

what about a note to PaoloM ?? he works on some part of the WIn 7 team right?? He could ask about it I would think.

blowdart
Peek-a-boo

I've had a response; I've asked if I can share, or if the SDE in question would like to come over here. I won't blame him if he says no, you lot are frightening.

Bas
It finds lightbulbs.

In reply to blowdart

#Oct 31st, 2008 @ 11:09 AM

We'll tear him apart if he gets here! I demand blood. Tongue Out

stevo_
Human after all

In reply to Bas

#Oct 31st, 2008 @ 11:21 AM

Sounds similar to the attack on leopard where some system app was implicitely trusted, but it just happened to an app that could be told to do things.. I hope they blog about this and give a good reason why they let this happen in this build and are going to change this.. otherwise windows could become more like os x's development moto... form over function.. or more accurately, focus on getting form done - then we'll see how much function we can fit in with the left over time.

Richard Turner

Blowdart posted me your comments and I thought I'd clear up a few things and calm your nerves a little Wink

The PDC build really is a pre-beta. If it had reached the beta quality bar, it'd have been called a beta.
As a pre-beta, the PDC Win7 build is missing a few things that we can't ship a beta without.
The Win7 team takes security EXTREMELY seriously and are working hard to ensure that Win7 builds on Vista's already impressive security track record (http://blogs.technet.com/security/archive/2008/10/27/download-h1-2008-desktop-vuln-report.aspx), adding several more important security features and core OS improvements to eliminate large classes of potential vulnerabilities.
The Win7 team are also working hard to reduce the "noise" that has annoys a lot of users; UI clutter, unnecessary icon animations, toast popping up every 2 mins, constant UAC prompting are just a few examples.

To your specific point about UAC and auto-elevation: In the PDC build, all Windows apps can auto-elevate when you set the UAC slider to the default level.

However, this won't be the case in Beta. For Beta, Windows components that can execute arbitrary code and or apps (eg CMD, CSCRIPT, WSCRIPT, PowerShell, etc) are prevented from auto-elevating. Thus, your example won't work in the beta and beyond. This has been validated on machines running more recent builds Smiley

Significant improvements in the already effective SDL and through far more effective engineering tools, techniques and practices have resulted in the components of Windows being FAR less prone to the many forms of attack that enable arbitrary code execution. The team feel confident that these more secure Windows apps can therefore be trusted to auto-elevate in cases where elevation is required.

I don't want to sound like a corporate drone, but your feedback TRULY IS highly important to and appreciated by Microsoft. However, because the PDC build is a pre-beta "taster", issues you may experience are likely to have already been found and either fixed or in the process of being fixed. Therefore, I would encourage you to make notes of things that you think need to be adjusted, fixed, changed etc., and then when the Beta comes around, compare to see if the issue persists and if so, submit feedback.

Based upon my own experience with and observations of the Windows 7 product and process, I can openly state that I've not been THIS excited about a release of an OS from Microsoft since NT first appeared!

Not long now for the best OS beta we've ever shipped Smiley

spivonious

In reply to Richard Turner

#Oct 31st, 2008 @ 11:44 AM

Nice to see a response from someone on the team. Thanks for clearing up the issue, Richard.

Will the first beta be public? If not, how can I sign up?

Minh
WOOH! WOOH!

In reply to Richard Turner

#Oct 31st, 2008 @ 11:44 AM

I can openly state that I've not been THIS excited about a release of an OS

Thanks Richard. I thought that security hole was just too big to be legit. I'm also excited... I mean, I'm cautiously optimistic... Hope for the best, expect the worst. I mean I don't want her to break my heart... err... be disappointed like Vista again, you know?

BHpaddock

In reply to spivonious

#Oct 31st, 2008 @ 11:51 AM

This is a very well known issue, the UAC changes in the M3 build are not complete.

This has already been fixed in the beta builds. At the PDC booth we talked to several people about this and demonstrated how applications like CMD always prompt in the newer builds.