Coffeehouse Thread

83 posts

Is UAC a security feature or not?

Back to Forum: Coffeehouse
  • User profile image
    GoddersUK

    Colour me confused, but in simple n00b language (yes or no Tongue Out) is UAC there to improve the security of my computing experience or not?

  • User profile image
    blowdart

    It's a feature, not a boundary. So it might, but that's not it's purpose (although that's what MS originally said it was for)

  • User profile image
    GoddersUK

    blowdart said:

    It's a feature, not a boundary. So it might, but that's not it's purpose (although that's what MS originally said it was for)

    ok... and how does a boundary differ from a feature?

  • User profile image
    blowdart

    GoddersUK said:
    blowdart said:
    *snip*

    ok... and how does a boundary differ from a feature?

    A boundary is a technical term with a specific meaning

    A feature is a marketing term which means whatever someone wants it to mean at the time

  • User profile image
    wkempf

    blowdart said:
    GoddersUK said:
    *snip*

    A boundary is a technical term with a specific meaning

    A feature is a marketing term which means whatever someone wants it to mean at the time

    *LOL* That's great, blowdart.  Gotta remember that one.

  • User profile image
    AndyC

    wkempf said:
    blowdart said:
    *snip*

    *LOL* That's great, blowdart.  Gotta remember that one.

    If a bug allows to you cross a security boundary, you have a security vulnerability, this is very very bad and needs fixing ASAP. This means that an authenticated user sat at the terminal can do something they shouldn't be allowed to do.

    If a bug allows you to circumvent a security feature, you haven't really accomplished anything the user couldn't have done if they wanted, so you haven't given them the ability to do anything they theoretically couldn't have done anyway.

    UAC isn't a boundary because anything that circuments UAC is no worse than if a malicious user sat at the terminal had voluntarily clicked OK. It still weakens the overall defense in depth approach, because the user doesn't know something is elevating, but it hasn't actually caused a vulnerability.

  • User profile image
    Ray7

    blowdart said:
    GoddersUK said:
    *snip*

    A boundary is a technical term with a specific meaning

    A feature is a marketing term which means whatever someone wants it to mean at the time

    Nice one ...  Smiley

  • User profile image
    Bas

    UAC is what causes the C9 team to treat you as an idiot if you dare to suggest that their definition of it has changed.

  • User profile image
    ManipUni

    Please stop the threads. Enough already.

  • User profile image
    Charles

    Bas said:

    UAC is what causes the C9 team to treat you as an idiot if you dare to suggest that their definition of it has changed.

    Well, that's not entirely true. I'm the only one on the C9 team who has been addressing this in the forums here, so you can accuse me, not the team, of making you feel like idiots, which of course is not what I am doing and is certainly not true - you are all are very smart and the argument that you've been presenting is not stupid.

    The problem as Niners have stated is that the default setting for UAC in Win7 coupled with the silent elevation afforded to special system binaries opens up a hole should code get onto your system (regardless of the vector - remote code execution due to a hole in some trusted application code(buffer overrun in Chrome, for example) or running an untrusted exe from an external source).

    My position has simply been that if UAC was a security boundary we wouldn't be having this conversation since this type of potential exploit scenario would not be possible. I've also stated that code has to get onto your system in the first place.

    I don't speak for the Windows team (or the C9 team unless explicitly stated). These are my opinions. As I've said, the Windows product management team has stated that they feel the information that currently exists about UAC in the wild is sufficient and they see no reason to address this further. Of course, like most things in this industry, this could change.

    Certainly, my attempt at humor yesterday on a different UAC thread may have come across as belittling. My apologies. Keep on speaking up and speaking out. Nobody wants to make you feel insecure when running Windows.

    Why not send emails to Windows people too? Post these thoughts on the E7 blog and the Windows Team blog. It's probably best for me to stay out of this going forward. My position is not representative of anything more than my position.

    Keep on posting,

    C

  • User profile image
    blowdart

    Charles said:
    Bas said:
    *snip*

    Well, that's not entirely true. I'm the only one on the C9 team who has been addressing this in the forums here, so you can accuse me, not the team, of making you feel like idiots, which of course is not what I am doing and is certainly not true - you are all are very smart and the argument that you've been presenting is not stupid.

    The problem as Niners have stated is that the default setting for UAC in Win7 coupled with the silent elevation afforded to special system binaries opens up a hole should code get onto your system (regardless of the vector - remote code execution due to a hole in some trusted application code(buffer overrun in Chrome, for example) or running an untrusted exe from an external source).

    My position has simply been that if UAC was a security boundary we wouldn't be having this conversation since this type of potential exploit scenario would not be possible. I've also stated that code has to get onto your system in the first place.

    I don't speak for the Windows team (or the C9 team unless explicitly stated). These are my opinions. As I've said, the Windows product management team has stated that they feel the information that currently exists about UAC in the wild is sufficient and they see no reason to address this further. Of course, like most things in this industry, this could change.

    Certainly, my attempt at humor yesterday on a different UAC thread may have come across as belittling. My apologies. Keep on speaking up and speaking out. Nobody wants to make you feel insecure when running Windows.

    Why not send emails to Windows people too? Post these thoughts on the E7 blog and the Windows Team blog. It's probably best for me to stay out of this going forward. My position is not representative of anything more than my position.

    Keep on posting,

    C

    I think the major "problem" here is that you're getting all the flack because you're the only person bothering to engage. The Windows people don't. The E7 blog and the Windows blog ignore the comments with a "We've said all we're going to say".

    That's far more of a problem that the UAC settings themselves.

     

  • User profile image
    ManipUni

    blowdart said:
    Charles said:
    *snip*

    I think the major "problem" here is that you're getting all the flack because you're the only person bothering to engage. The Windows people don't. The E7 blog and the Windows blog ignore the comments with a "We've said all we're going to say".

    That's far more of a problem that the UAC settings themselves.

     

    I agree.

    98% of the problem = Poor communications
    2% of the problem = The default settings in Windows 7

    Both in terms of broad PR and when discussing with the tech community. Who sells your products I might add. Both to businesses and on a personal level.

  • User profile image
    Bas

    Charles said:
    Bas said:
    *snip*

    Well, that's not entirely true. I'm the only one on the C9 team who has been addressing this in the forums here, so you can accuse me, not the team, of making you feel like idiots, which of course is not what I am doing and is certainly not true - you are all are very smart and the argument that you've been presenting is not stupid.

    The problem as Niners have stated is that the default setting for UAC in Win7 coupled with the silent elevation afforded to special system binaries opens up a hole should code get onto your system (regardless of the vector - remote code execution due to a hole in some trusted application code(buffer overrun in Chrome, for example) or running an untrusted exe from an external source).

    My position has simply been that if UAC was a security boundary we wouldn't be having this conversation since this type of potential exploit scenario would not be possible. I've also stated that code has to get onto your system in the first place.

    I don't speak for the Windows team (or the C9 team unless explicitly stated). These are my opinions. As I've said, the Windows product management team has stated that they feel the information that currently exists about UAC in the wild is sufficient and they see no reason to address this further. Of course, like most things in this industry, this could change.

    Certainly, my attempt at humor yesterday on a different UAC thread may have come across as belittling. My apologies. Keep on speaking up and speaking out. Nobody wants to make you feel insecure when running Windows.

    Why not send emails to Windows people too? Post these thoughts on the E7 blog and the Windows Team blog. It's probably best for me to stay out of this going forward. My position is not representative of anything more than my position.

    Keep on posting,

    C

    Well, that's not entirely true. I'm the only one on the C9 team who has been addressing this in the forums here, so you can accuse me, not the team, of making you feel like idiots.

     

    Well, agreed. Instead of 'the C9 team', I guess I should've just said 'Microsoft', because it wasn't just you either. My apologies.

    I don't speak for the Windows team (or the C9 team unless explicitly stated). These are my opinions.

    And the other Softies that posted, because I sure can't remember anyone with a Microsoft badge on their post holding a different opinion. But yeah, The thing is, C9 is supposed to be our line of communication with the cockpit, and here's what I'm hearing when I tune in:

    "Hey, there's this problem with UAC!"
    "No, there's no problem, because UAC isn't for security." (I always imagine the Jedi handwave here.)
    "But.. it's always been advertised as such."
    "No it hasn't."
    "Yes, you've been telling us that for the past three years, for instance here, here and here."
    "Let's not argue semantics."

    Frankly, that conversation sucks. If their response to a UAC issue is 'you're putting the wrong label on UAC', and then say that we shouldn't argue about labels, then they're treating their users as idiots.

    Certainly, my attempt at humor yesterday on a different UAC thread may have come across as belittling. My apologies. Keep on speaking up and speaking out. Nobody wants to make you feel insecure when running Windows.

    I haven't even read the UAC thread yesterday because I'm totally tired of the dismissive attitude I'm hearing from Microsoft towards users' concerns on this matter. This has been going on ever since the first public Windows 7 beta's and Sven's thread about it.

    Why not send emails to Windows people too? Post these thoughts on the E7 blog and the Windows Team blog. It's probably best for me to stay out of this going forward. My position is not representative of anything more than my position.

    This has happened, repeatedly, and has been responded to with the same handwavium. Sure, that's their choice, and they're free to make it. They're the ones who have to make and sell the product, after all. But if 'letting them know' is that important, here's me letting them know their attitude on this matter is damned patronizing.

    I'll be sure to mail this to the Windows team too. And I expect I'll be doing the same thing when Windows 8 comes round and Microsoft tells me that I was a fool to believe what Microsoft told me about UAC for the past six years.

  • User profile image
    Ray7

    Bas said:
    Charles said:
    *snip*

    This has happened, repeatedly, and has been responded to with the same handwavium. Sure, that's their choice, and they're free to make it. They're the ones who have to make and sell the product, after all. But if 'letting them know' is that important, here's me letting them know their attitude on this matter is damned patronizing.

    I'll be sure to mail this to the Windows team too. And I expect I'll be doing the same thing when Windows 8 comes round and Microsoft tells me that I was a fool to believe what Microsoft told me about UAC for the past six years.

    I have still no idea what it's for then.

  • User profile image
    Heywood_J

    Charles said:
    Bas said:
    *snip*

    Well, that's not entirely true. I'm the only one on the C9 team who has been addressing this in the forums here, so you can accuse me, not the team, of making you feel like idiots, which of course is not what I am doing and is certainly not true - you are all are very smart and the argument that you've been presenting is not stupid.

    The problem as Niners have stated is that the default setting for UAC in Win7 coupled with the silent elevation afforded to special system binaries opens up a hole should code get onto your system (regardless of the vector - remote code execution due to a hole in some trusted application code(buffer overrun in Chrome, for example) or running an untrusted exe from an external source).

    My position has simply been that if UAC was a security boundary we wouldn't be having this conversation since this type of potential exploit scenario would not be possible. I've also stated that code has to get onto your system in the first place.

    I don't speak for the Windows team (or the C9 team unless explicitly stated). These are my opinions. As I've said, the Windows product management team has stated that they feel the information that currently exists about UAC in the wild is sufficient and they see no reason to address this further. Of course, like most things in this industry, this could change.

    Certainly, my attempt at humor yesterday on a different UAC thread may have come across as belittling. My apologies. Keep on speaking up and speaking out. Nobody wants to make you feel insecure when running Windows.

    Why not send emails to Windows people too? Post these thoughts on the E7 blog and the Windows Team blog. It's probably best for me to stay out of this going forward. My position is not representative of anything more than my position.

    Keep on posting,

    C

    But no one has answered the original question.  Is the purpose of UAC to improve the security of a computer.  Yes or No.

     

     

  • User profile image
    Royal​Schrubber

    Heywood_J said:
    Charles said:
    *snip*

    But no one has answered the original question.  Is the purpose of UAC to improve the security of a computer.  Yes or No.

     

     

    UAC is as much of  a security feature as speed limit traffic sign is a road safety feature - it won't prevent you from driving too fast..

  • User profile image
    DCMonkey

    RoyalSchrubber said:
    Heywood_J said:
    *snip*

    UAC is as much of  a security feature as speed limit traffic sign is a road safety feature - it won't prevent you from driving too fast..

    It's security theater. Sure, it will still catch the odd shoe-bomber or box-cutter wielding hijacker, but everyone will be sneaking in with the flight crew anways, because they aren't checking IDs like they used to.

  • User profile image
    TheGnu

    RoyalSchrubber said:
    Heywood_J said:
    *snip*

    UAC is as much of  a security feature as speed limit traffic sign is a road safety feature - it won't prevent you from driving too fast..

    Quite, if you were to walk up to a sign saying "Danger minefield ahead" but walked on anyway, how much more blatent do MS have to make the warnings. How much flak would they get if the OS just said "NO Nanny knows best i'm not letting you". Cue all the trolls saying see MS is an evil control freak, it's my computer how dare MS not let me damage my machine as I want and then complain to the EU.

    Ignore the warnings and you'll suffer, deliberately remove them so you don't know you're about to hit the minefield that you already knew existed? I almost never see UAC prompts, why are still such an issue?

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.