Coffeehouse Post

Single Post Permalink

View Thread: UAC controversy - the last episode!
  • User profile image

    LeoDavidson said:
    wastingtimewithforums said:

    [EDIT: I was wrong about Flash/PDF within protected-mode IE. See reply on 8th page.]

    It's also worth noting that both Flash and Adobe Reader run within medium-IL proxy processes even when used with low-IL Internet Explorer. We all wish they didn't, and wish more things supported low-IL, but we still live in a reality where that isn't the case. Low-IL is the exception, not the rule. There are still plenty of "innocent" actions, like visiting a webpage in an up-to-date low-IL browser or double-clicking what you think is a static image or document file, which can result in malicious code being run.

    It doesn't have to be a "dodgy" webpage or file, either. There have been several cases this year alone where non-malicious sites and advertising networks have been hijacked by bad people to deliver malicious content to unsuspecting users.

    UAC isn't only about malicious code, obviously, but it's pretty useful at slowing it down and/or limiting how deeply it can embed itself in the system itself. I'd say that's the primary benefit of the prompts for admin accounts. (Even though UAC isn't a security boundary, it is still a security feature.)

    If you remove that benefit then what's left? Just the idea of making apps which show too many prompts annoy admin users with the misguided idea that it'll be more likely to make people push for those apps to be redesigned than for those people to simply turn off UAC if it bothers them... A pretty rich idea, too, considering Microsoft's apps (when their private backdoor is taken away) were and still are the worst offenders when it comes to this.

    Quote from

    The problem with marking Windows binaries to “silently elevate” is that we feel it will lead to “worms” or self propagating malware.  If, for example, the user marks MMC.exe (the Microsoft Management Console) as “silent elevate” so that the device setup dialogs don’t prompt for elevation, malware running as Standard User would be able to use that setting to launch MMC with a set of command line parameters that accomplish tasks that we don’t want to happen silently, such as adding a new admin account to the system.  As another example, if you mark as a “silent elevator,” malware can then do a format of the OS drive.

    I think it's safe to say this team isn't working on UAC anymore...