Coffeehouse Thread

199 posts

Win7 UAC flaw

Back to Forum: Coffeehouse
  • Bas

    Thanks, all you whiny douchebags who can't bring themselves to click an Allow button once every two weeks. Thanks for making Windows less safe again.

    Thank you very, very much.

  • ManipUni

    Really Microsoft? ...

    I was wondering how the whole "From user" Vs. "From Software" distinction was made. I guess I just assumed that things like Windows Messages with key presses and mouse clicks sent to a secure window would be the absolute first thing that you would lock down. Clearly I was wrong.

    That is a really bad design. Nuff' said.

  • jamie

    youre welcome Tongue Out

    UAC:  off since 2007

  • compugab

    jamie said:
    youre welcome Tongue Out

    UAC:  off since 2007
    As soon as I knew that, I "uped" my UAC level to Vista's default.

    The planet is safe once again!

  • W3bbo

    You know, I really didn't expect the story to be that popular, but it's already The Register's headline story for the weekend and featured on Engadget and many other websites.

    Whilst Long likes to keep his sources secret, it's nice to know a select bunch of C9 forum-goers are influencing things in our usual underhand way Wink

  • jamie

    W3bbo said:
    You know, I really didn't expect the story to be that popular, but it's already The Register's headline story for the weekend and featured on Engadget and many other websites.

    Whilst Long likes to keep his sources secret, it's nice to know a select bunch of C9 forum-goers are influencing things in our usual underhand way Wink
    lol

  • rhm

    jamie said:
    youre welcome Tongue Out

    UAC:  off since 2007
    I got UAC off *and* I'm running as administrator all the time. God I'm irresponsible Smiley

  • sushovande

    rhm said:
    jamie said:
    *snip*
    I got UAC off *and* I'm running as administrator all the time. God I'm irresponsible Smiley
    Hey guys, Microsoft is saying that this is indeed by design.

    If I follow Microsoft's argument - it is this:
    At the default level, windows settings can be changed without a prompt,hence you should not cry if someone changes your UAC settings.

    However, the flaw in the argument is:
    A 3rd party untrusted app is changing windows settings. This might lead to the app changing the settings and then relaunching itself with admin privileges.

    I really think a change in level of UAC (especially a lowering in level of security) should be treated as "very suspicious" and always prompted. But then, I never had a problem with Vista UAC - I love the fuzzy sense of security.

  • littleguru

    I find it confusing that this is by design and that something like this could really pass the design phase. The interesting thing is that you run a little script that sets the level of the UAC down to zero. After that you are able to access and modify everything, including system features, system folders, the whole registry, without the need of elevation.

    It's problematic since people might think that they are still safe with the default level. But they are not.

    I'm not buying the argument of: when you have something running on your device you are lost anyway. With the Vista UAC enabled you could have running something on the device that DID NOT have admin rights and the only way to get them was via a prompt. Now every application that runs on the device can get admin rights even without showing any prompt.

  • KevinB

    littleguru said:
    I find it confusing that this is by design and that something like this could really pass the design phase. The interesting thing is that you run a little script that sets the level of the UAC down to zero. After that you are able to access and modify everything, including system features, system folders, the whole registry, without the need of elevation.

    It's problematic since people might think that they are still safe with the default level. But they are not.

    I'm not buying the argument of: when you have something running on your device you are lost anyway. With the Vista UAC enabled you could have running something on the device that DID NOT have admin rights and the only way to get them was via a prompt. Now every application that runs on the device can get admin rights even without showing any prompt.
    Indeed. 7 may as well not have UAC with this 'Feature'.

    WRT to those people that are running without UAC and admin on Vista, I don't think that the people on this forum are really the target audience for UAC. I mean, lots of us also run without anti-virus as we tend to know what to click on and what not to click on. UAC gives 'regular' users a pause for thought before clicking Continue and now that this is so easily disabled in 7, I see things becoming easier and easier for malicious apps.

    KEvin


  • Bas

    So, Charles... any chance of a new Going Deep episode about UAC? I'd love to hear Jon Schwartz and Chris Corio (or whoever took their place on the Windows 7 team) explain why they intentionally designed UAC in Windows 7 to be unsafe by default. (After all, reports on it are closed as "By Design")

    Also, why the new 'levels' of UAC security, if really the only options, security-wise, are "Alway notify" and "Off"? (Seeing how all the levels in between aren't any safer than "off")

  • ManipUni

    I would like to add that if UAC can be disabled this easily then that is just the tip of the iceberg. Which is to say that if UAC can be changed then effectively everything accessible in Control Panel can be. So even if Microsoft hot fix the UAC secure window to block this then they really haven't solved much of anything.

    Really makes one wonder if Windows needs an entire concept of "User actions" Vs. "Program action" from the driver level on down though to all applications. But that might require a complete redesign of the OS.

    PS - KevinB I run Vista with UAC, DEP ("All Programs"), and passive anti-virus/spyware.

  • Bas

    ManipUni said:
    I would like to add that if UAC can be disabled this easily then that is just the tip of the iceberg. Which is to say that if UAC can be changed then effectively everything accessible in Control Panel can be. So even if Microsoft hot fix the UAC secure window to block this then they really haven't solved much of anything.

    Really makes one wonder if Windows needs an entire concept of "User actions" Vs. "Program action" from the driver level on down though to all applications. But that might require a complete redesign of the OS.

    PS - KevinB I run Vista with UAC, DEP ("All Programs"), and passive anti-virus/spyware.
    Interesting point. Man, I knew the uninterrupted stream of good news about Windows 7 wouldn't last forever, but I didn't expect the first bad news to be this bad.

  • Sven Groot

    Personally I think they're going about it the wrong way. They want to reduce the number of prompts; that's a good thing. But they're doing it by not showing prompts for things that change system settings. That's the wrong method, in my opinion. It's hiding the symptoms, not the problem.

    Redesign explorer so you can easily work in folders that need elevation without getting a prompt every two clicks. Change more thing to be user instead of system settings. In other words, actually reduce the number of things that need prompts, rather than hiding prompts for things that actually should still need them.

  • wastingtime​withforums

    Sven Groot said:
    Personally I think they're going about it the wrong way. They want to reduce the number of prompts; that's a good thing. But they're doing it by not showing prompts for things that change system settings. That's the wrong method, in my opinion. It's hiding the symptoms, not the problem.

    Redesign explorer so you can easily work in folders that need elevation without getting a prompt every two clicks. Change more thing to be user instead of system settings. In other words, actually reduce the number of things that need prompts, rather than hiding prompts for things that actually should still need them.

    Man, great job, this kind of stuff was discovered a while ago:

    http://channel9.msdn.com/forums/Coffeehouse/437528-Just-great-Microsoft-listens-to-forum-idiots-and-made-Windows-7-insecure/

    Whoever came with the bright idea to cripple UAC should be shot. When do vendors learn: YOU DO NOT LISTEN TO BLOGGERS!

    The vast majority of them are complete BOZOS. i can't believe MS crippled UAC just because of the whining of those idiots at blogger, wordpress, slashdot and other internet sh*t holes.

    History shows that they are almost never correct in their assumptions. If the world was going according to those interidiots then we would be all using GNU/HURD 3.0 on the OLPC laptop by now. And Stallman would be the emperor of the known universe.

    Great job listening to them, MS. I really hope that this UAC flaw will result in a massive virus/worm attack, maybe that will teach you guys a lesson.

  • ManipUni

    wastingtimewithforums said:
    Sven Groot said:
    *snip*

    Man, great job, this kind of stuff was discovered a while ago:

    http://channel9.msdn.com/forums/Coffeehouse/437528-Just-great-Microsoft-listens-to-forum-idiots-and-made-Windows-7-insecure/

    Whoever came with the bright idea to cripple UAC should be shot. When do vendors learn: YOU DO NOT LISTEN TO BLOGGERS!

    The vast majority of them are complete BOZOS. i can't believe MS crippled UAC just because of the whining of those idiots at blogger, wordpress, slashdot and other internet sh*t holes.

    History shows that they are almost never correct in their assumptions. If the world was going according to those interidiots then we would be all using GNU/HURD 3.0 on the OLPC laptop by now. And Stallman would be the emperor of the known universe.

    Great job listening to them, MS. I really hope that this UAC flaw will result in a massive virus/worm attack, maybe that will teach you guys a lesson.

    There's nothing in principle wrong with what they have done to UAC if they had the right tech in place behind the scenes to assure that actions taking against secure windows originate from the user. The fact is that the OS should never get user confirmation on a user originated action for security reasons.

    I would put an analogy here that would make light of how ridiculous it is to confirm with the user that an action the user has just taken is authorised but I am busy and nothing springs to mind. Maybe I will edit one in here later if something occurs to me. Smiley

  • Royal​Schrubber

    wastingtimewithforums said:
    Sven Groot said:
    *snip*

    Man, great job, this kind of stuff was discovered a while ago:

    http://channel9.msdn.com/forums/Coffeehouse/437528-Just-great-Microsoft-listens-to-forum-idiots-and-made-Windows-7-insecure/

    Whoever came with the bright idea to cripple UAC should be shot. When do vendors learn: YOU DO NOT LISTEN TO BLOGGERS!

    The vast majority of them are complete BOZOS. i can't believe MS crippled UAC just because of the whining of those idiots at blogger, wordpress, slashdot and other internet sh*t holes.

    History shows that they are almost never correct in their assumptions. If the world was going according to those interidiots then we would be all using GNU/HURD 3.0 on the OLPC laptop by now. And Stallman would be the emperor of the known universe.

    Great job listening to them, MS. I really hope that this UAC flaw will result in a massive virus/worm attack, maybe that will teach you guys a lesson.

    I think the bozos are people that want 7 work as Vista did. The default on 7 is the right one.

    Of course there is an error because unprivileged applications are allowed to talk to those with privileges, but the rationale behind default setting in 7 is right. User should not be nagged when he does administrative tasks in applications with low security attack vector - these are the ones that do not have internet component or do not take any input from files or are written in typesafe language.

    If explorer wants to delete files in system32 folder then it's probably bacuse you in front on the computer is telling it to do so and not because explorer got exploited. Every dialog in control panel is like so, it's almost imposible to exploit them, so why display UAC if you know the user initiated actions and not a hacker exploiting some vulnerability. Of course it's reasonable to leave IE, Live and Office apps running as they did in Vista, with UAC, because these apps have large attack vectors and so they are not to be trusted.

  • Royal​Schrubber

    ManipUni said:
    wastingtimewithforums said:
    *snip*
    There's nothing in principle wrong with what they have done to UAC if they had the right tech in place behind the scenes to assure that actions taking against secure windows originate from the user. The fact is that the OS should never get user confirmation on a user originated action for security reasons.

    I would put an analogy here that would make light of how ridiculous it is to confirm with the user that an action the user has just taken is authorised but I am busy and nothing springs to mind. Maybe I will edit one in here later if something occurs to me. Smiley
    OS should not trust application because action came from user. What if application got exploited before or when user made the action. Application received mouse events moments before it requested admin privileges but you still have no way to trust it.

    Remember UAC is not there to protect OS from yourself or from malware, it's there to protect OS from hacker attacks and worms exploting holes in legitimate applications. So the rule here is that if your application can get any kind of input from outside world than it is not to be trusted at any time.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.