Coffeehouse Thread

10 posts

Proof: Vista developers were smarter than Win7 developers

Back to Forum: Coffeehouse
  • User profile image
    wastingtime​withforums

    They knew damn well back then that stuff like silent elevation was a disaster waiting to happen (and like we see with the rundll32/code injection bugs in win7, it happened)

    Look what the Vista devs wrote  2007:

    http://blogs.msdn.com/windowsvistasecurity/archive/2007/08/09/faq-why-can-t-i-bypass-the-uac-prompt.aspx

    Full quotes:

    -----------

    FAQ: Why can’t I bypass the UAC prompt?

    The designers of Windows Vista's User Account Control expressly decided not to incorporate functionality like setuid/suid or sudo found in Unix and Unix-like OSes such as Mac OS X. I think they made the right decision.

    .....

    Pre-approving code to run with elevated permissions without going through an elevation prompt, as described in the bulleted scenarios above, seems at first glance to be both useful and convenient. However, the negatives far outweigh those benefits. In particular:

    • The "standard user by default" vision would become impossible and ultimately never happen;
    • Elevation of privilege (EoP) would be trivial – any compromise could lead to full system compromise.

    If it were possible to mark an application to run with silently-elevated privileges, what would become of all those apps out there with LUA bugs? Answer: they'd all be marked to silently elevate. How would future software for Windows be written? Answer: To silently elevate. Nobody would actually fix their apps, and end-user applications will continue to require and run with full administrative permissions unnecessarily.

    "Well, so what? We're only talking about applications I approved!" OK, let's say that's true, but how do you ensure that a malicious user cannot use the application for purposes other than those for which it was intended? And at least as important – how do you ensure that malware that has infected the user's session cannot drive a setuid application programmatically to take over the system? Ensuring strict behavioral boundaries for complex software running with elevated privileges is (at best) incredibly difficult. And ensuring that it is free of exploitable design and implementation bugs is far beyond the capabilities of software engineering today. The complexity and risk compounds when you consider how many apps have extensibility points that load code that you or your IT admin may not be aware of, or that can load code or consume data from user-writable areas with minimal if any validation.



    ----------------------

    OK, this was mostly about third party software, but still - much of it applies to windows components as well.

    Here is the best part again:

    ----------------

    Pre-approving code to run with elevated permissions without going through an elevation prompt, as described in the bulleted scenarios above, seems at first glance to be both useful and convenient. However, the negatives far outweigh those benefits

    ----------------

    So, rundll32 and other windows components should't be pre-approved either! The Vista devs unterstood this well. Either they got a complete new team for win7 or the devs are constrained by marketing. ("win 7 needs to be less annoying!")

  • User profile image
    Cream​Filling512

    Thanks for the new UAC thread, I just can't get enough! Keep it up!

  • User profile image
    Bas

    CreamFilling512 said:
    Thanks for the new UAC thread, I just can't get enough! Keep it up!

    I just love discussion, though everything's been said,
    And I just can't get enough, I just can't get enough
    Every point you're making, each in a separate thread
    And I just can't get enough, I just can't get enough

    Posting exploits and solutions thereof
    And I just can't seem to get enough

    Don't fear regression, redundance or repeat
    And I just can't get enough, I just can't get enough
    All these other similar threads, already obsolete
    And I just can't get enough, I just can't get enough

    Forum regulars complain and huff,
    And I just can't seem to get enough

    The Coffeehouse needs more monotony
    And I just can't get enough, I just can't get enough
    Flooding the first page with only UAC.
    And I just can't get enough, I just can't get enough

    I can tell, it's just a labor of love
    And I just can't seem to get enough

  • User profile image
    rhm

    *Yawn*

    Again?

    I mean, seriously?

    Is this another Beer28 effort?

  • User profile image
    Ray7

    Bas said:
    CreamFilling512 said:
    *snip*

    I just love discussion, though everything's been said,
    And I just can't get enough, I just can't get enough
    Every point you're making, each in a separate thread
    And I just can't get enough, I just can't get enough

    Posting exploits and solutions thereof
    And I just can't seem to get enough

    Don't fear regression, redundance or repeat
    And I just can't get enough, I just can't get enough
    All these other similar threads, already obsolete
    And I just can't get enough, I just can't get enough

    Forum regulars complain and huff,
    And I just can't seem to get enough

    The Coffeehouse needs more monotony
    And I just can't get enough, I just can't get enough
    Flooding the first page with only UAC.
    And I just can't get enough, I just can't get enough

    I can tell, it's just a labor of love
    And I just can't seem to get enough

    Actually that was pretty good ....

    Smiley


    wastingtimewithforums ....

    If you have anything new to say, then just tack it onto the existing thread ... it helps keep the thread of conversation going.

    We all know how important this is, but one thread on the subject is much easier to follow than three or four (at least for me anyway).



  • User profile image
    vesuvius

    Ray7 said:
    Bas said:
    *snip*
    Actually that was pretty good ....

    Smiley


    wastingtimewithforums ....

    If you have anything new to say, then just tack it onto the existing thread ... it helps keep the thread of conversation going.

    We all know how important this is, but one thread on the subject is much easier to follow than three or four (at least for me anyway).



    Proof: wastingtimewithforums wasn't smart enough to start the original UAC thread, so is attempting to steal the format from that thread. This is somewhat somnifacient!

  • User profile image
    Bas

    vesuvius said:
    Ray7 said:
    *snip*
    Proof: wastingtimewithforums wasn't smart enough to start the original UAC thread, so is attempting to steal the format from that thread. This is somewhat somnifacient!
    somnifacient


    Win.

  • User profile image
    BlackTiger

    What a point to discuss "must to disable ASAP" feature?

    If you stumbled and fell down, it doesn't mean yet, that you're going in the wrong direction.
    Last modified
  • User profile image
    Harlequin

    Bas said:
    vesuvius said:
    *snip*


    Win.
    http://dictionary.reference.com/browse/somnifacient

    And for the rest of us without Word open so we can use the thesaurus too Smiley

    ++ on Channel 9 needing her spam button back...

  • User profile image
    Curt Nichols

    I admit to getting a chuckle out of the subject: "Proof: Vista developers were smarter than Win7 developers"--as if these are two disjoint sets of people! Wink

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.