Within Windows

Security Fail.

The new “non-annoying” UAC settings in Windows 7 are definitely less annoying, but then I was never annoyed by UAC in Vista.

I’d rather it were the same as it is in Vista, than be less secure.

Hi Rafael,

my first action is allways to set UAC to Vista level. Thanks for showing all n00bs that the new UAC from Win7 is bad!

André

@Chris123NT, i dont think the average joe is too stoopid to differentiate between the too, i think that people are getting better at hiding malware anyway they can to trick people into installing things, only to find out that they “double clicked” more then what they bargained for, not that people shouldnt still be cautious, but sometimes it can be hard to tell the difference…

i agree that sumthin should be done though and if there is a simple fix for it, like what has been found, then it should be implemented in time for RTM..theres no reason it cant be done!

peas
cityboy

Thanks for this post Rafael, I had a bad feeling about the new UAC slider in Win 7 as soon as I saw it. Security on the most popular OS in the world is a conundrum for Microsoft. The security (or lack there of) in XP is the main source of malware today, most regular users run XP as administrators and couldn’t tell you if their machine up to date with security patches. The Vista team decided that, that needed to change, and sacrificed convenience for security. It looks like the Win 7 team has decided to give in to pressure and give people an easy way to go backwards to alleviate the complaints about the annoyance UAC caused some Vista users.

Rafael – Could you comment on this?

I saw this comment posted by “Master Guru” over at a website referencing this issue:

Windows 7′s UAC is now insecure ‘by design’ – TechBlog
http://blogs.chron.com/techblog/archives/2009/01/windows_7s_uac_is_now_insecure_by_design.html#c1226188

Quoting:

UAC suppresion is only allowed on admin accounts, unless of course the user enters the admin password from a user account.

A) The script will not run on my PC in a user account.
B) If it did, it would ask for an admin password.

Dwight,

Please create a user account and try to change UAC without entering an admin password.

I’m curious why anyone else would have any other results….

The article does say user, right?

As a user I also cannot change any items with a shield on them in any dialogue box, such as Windows Firewall or any program requiring admin priveleges.

—end-quote —

The blog author (Dwight) then comments that “by default, the Win7 beta install sets up as an admin account. In fact, during setup, you have no option to set up as a user account. So I suspect 99 percent of all beta users are running as admin, in which you don’t get prompted to change UAC settings.”

Any thoughts on these perspectives of the issue?

Thanks!

I hate Vista for the UAC made the whole OS slow and cumbersome to use. I do not want a wall of popups after popups that are telling me if I’m sure that I want to install an app, watch a page in internet or change a setting. As a user all I want is speed and Vista no matter what run much slower than XP in a 50 times faster machine can you explain that. How about some code optimization please! I would have paid the same amount for the Vista OS than for a version of DirectX 10 that runs in XP. Too bad for Windows that soon it will be available not from them and it will be a free download. Unfortunately all I have seen so far is that Windows 7 is nothing more than Vista without the UAC. An improvement but a still slow OS. If Security is relevant when it comes to an OS then the whole Windows approached to it has been flawed from the design phase. If they would have been able to design the OS with a way to create restore points from which you can recover on the fly no matter what, then you would not have to worry about getting the OS so secure that is impossible to use, but instead you have a very powerful tool that allows you to recover from catastrophic loss of info. No matter how much security you put into something someone will defeat it. The real worst part here is that creating a ghost image every week in XP is cumbersome enough.

stop whining, if u install legal apps once , then u nevr see this ‘problem’ again.

Education will help with most of the issues, but how can that be accomplished to such a wide audience? People would brush that off just like the EULA is.
Good anti-malware applications should be able to prevent most things but I think its a really good thing that Microsoft is doing, protecting the users in the best way that they can.
Microsoft will get it someday and thanks to Rafael they might get there quicker. Good post.

So, does Windows7 still encourage users to run as an Administrator? Until Microsoft gets serious about security and designs an OS that properly segregates between user appropriate functions and Admin-only functions and forces their software designers to respect this segregation, any use of Windows as an OS is a security work around.

Just my two cents.

The UAC whitelist is anti-competitive, as well as being badly designed/secured.

Users cannot add 3rd party components that they use & trust to the UAC whitelist. Only Microsoft’s own components can be on it. So, for example, third party file managers have to display at least one UAC prompt to get admin access while Microsoft’s Explorer does not. That isn’t an even playing field.

Similarly, users cannot remove Microsoft’s components from the UAC whitelist. So if you do not use Explorer but do want the whitelist (which is on by default), you are forced to leave the security hole open for Explorer even though it doesn’t benefit from you. Explorer’s UI isn’t isolated like an admin process is — its windows have “medium integrity” — so there doesn’t seem to be anything to stop it being remote-controlled via mouse & keyboard events. (As the VBScript in the root post proves!) Which is an okay trade-off if you use it but a stupid security hole if you don’t. (And it seems stupid for the UAC control panel itself to be on the whitelist.)

Sadly for me (a file manager nut), people don’t seem to care much about anti-competitive behaviour that affects anything other than web browsers, so nobody AFAIK has picked up this story, although I did mail a bunch of sites about it.

More details here, including a confirmation from Microsoft:

http://www.pretentiousname.com/misc/win7_uac_whitelist.html

@Mark: UAC is virtually useless to people who are tech-literate. The UAC was meant for users who don’t necessarily grasp the concept of malware being downloaded and installed from popular programs (free P2P clients for exmaple).

Some people need UAC to make sure that they are safe and some people do not need it at all.

I think that windows 7 should have mach more less system requirements. Such as 64 Mb of VGA and 512 Mb of RAM. Becuase even the Windows Vista had more system requirements but it was not able to do much thing in performance except in the visual appearance. So if Windows 7 requires a RAM of 1Gb, it should be able handle more programs with high performance without affecting the speed.

Hashan: 7 runs with 512mb RAM and 12mb Video Memory.

@Tom

You’ve also failed to understand the issue.

1. ALL USERS ARE ADMINISTRATORS. By default, a user is an administrator, thanks to the installer. And users can be assumed to not change the default, because that involves knowledge and work, and users are uninformed and lazy.
(This has been true since Windows 2000, but for a different reason: Electronic Arts and other game publishers use coding techniques and security systems that assume the user has the same level of access as on Windows 98, i.e. Administrator.)

User Account Control was designed to make 1. less security-problematic by distinguishing program action from user intent. Administrator users are prompted before programs do anything potentially sensitive, like install malware, to make sure the user understands what’s going on and approves. Essentially it adds an invisible fence with sirens and klaxons on it.

2. ADMINISTRATIVE USERS CAN HAVE UAC TURNED OFF WITHOUT BEING ASKED, OR EVEN TOLD. The invisible fence, which was designed specifically to prevent things like this from happening, now no longer protects its own power switch. This is a privilege escalation issue, as malware can do things undetected that would normally trigger UAC prompts. This makes UAC utterly worthless. In fact, it makes it worse than worthless because it gives users a false sense of security.

Once malware has compromised the machine, it should be trapped in UAC’s sandbox, just as it would normally be trapped in a limited user’s sandbox. Obviously, that’s not going to happen. Users shouldn’t run with administrative rights. Obviously, that’s not going to happen. I’m sorry you run your machine the way it’s supposed to be run — or do you? why don’t you run Raf’s script and see what happens? — but the vast majority of users don’t, and won’t.

This happened because of a handful of idiots that cried out loud about the UAC popups initially. Microsoft should not have tampered UAC – users should learn that you have to authenticate when you do something dangerous (none complains when they have to show ID when withdrawing fund from a bank account) and programmers should learn that to calculate 5+3 you don’t need access to the kernel.

Often the cure is worse than the disease.

I have turned UAC off mainly because it continued to ask permission for same action I was repeating over and over, as an Admin, during configuration and installation of software within the same login session. In addition, some processes running through DCOM using a “secure” non-interactive user were not working if I had UAC on. I do admit that a different software design -based on what XP’s security permitted, over which I have obviously no control- and some extra configuration on Vista would have helped the latter, it was the constant UAC prompts that finally made me decide to turn it off.

If UAC does protect my computer (according to MS it does) why should it continue to bother me (Administrator, not a user with Admin priviliges) on the same issue over and over again. If it was a ‘Allow’ the first time why wouldn’t it be a ‘Cancel’ next time. Maybe a checkbox with “Don’t ask me again” would have solved the problem with very little effort. The actual solution in W7 looks more an overshoot to me.

Now-now, what’s this talk about “less secure”?!
If we’re talking about security as a trait inherent to the OS, the UAC has nothing to do with it. Security in this case depends on how easy it is to defeat policies set by the administrator, like steal or damage data from a restricted account or without access to an account whatsoever. Administrator is absolute. That’s the way it was through all the years of multi-user computing.
If Microsoft wants to help the world of computing by reducing the “human factor”, I think a two-login model for new installations would be far more appropriate: az administrator user for installing software and changing system-wide settings, and a RESTRICTED user for everything else – work, surfing the web, games, etc.
That’s the way I’m using my Windows XP account, without any antivirus software, and yet I haven’t had ANY malware or virus problems, EVER.

I recall Mark Minasi commenting that if compatibility is 9-o-clock and security is 3-o-clock, MS set it to about 10-o-clock with Vista’s UAC and integrity levels and so on. Me? I’d have slammed that sucker all the way over to 2-o-clock as a minimum!

It isn’t that it’s annoying or any kind of a problem after you do initial setup and it’s much better than using XP with Limited User Access, though I implemented that enterprise-wide a few years back. Even then (with XP) I never reinstalled anything from scratch but used a fully-configured image backup if I had to flatten the machine and rebuild it.

The real issue is “drive-by” web sites…a few times, not often in the last 2.5 years I’ve been running Vista, but a few times I’ve been Googling things and researching and…Whoa!…what’s this? A UAC prompt? Deny!!! Normally I ‘right-click’ on multiple topics in my Google searches and select ‘Open in New Tab’ before I start reading on topic.

Best illustration I’ve heard for UAC I’ve heard: when you’re done with your car, you have to take the key-fob and press the lock button…the car doesn’t ‘just know’ that you’re done with it when you get out and walk away. Similarly, you have to press the unlock button because the car also doesn’t ‘just know’ that you are the right person to allow to drive it/get inside it.

I welcome UAC and wish they’d made secure ‘stiffer’ – even as an option. When I upgrade to Windows 7 I will most definitely set UAC to behave as in Vista. If I can’t do that…I won’t change.

{Читаю {ваш|этот|} блог, и понимаю, что {ничего|нифига} не понимаю. Все так запутано. :)

seems like UIPI prevents the sendkeys, or other equivalents

Thanks for showing

Добро пожаловать на Warez-Портал Warez-KING.net Здесь вы найдете софт, видео, фильмы, клипы, обои, музыку и многое другое. И все это бесплатно!

I am not sure what UAC is, but changing it does not appear to also stop running script on computers. I’ve been trying to permanently get rid of script errors messages on my web pages and cannot get any answers that work. The one I get a kick out of is to switch on the disable script debugging in the internet explorer. With the all the computes experts, not a one of them appears to have the knowledge to tell some how to simply stop a computer from running scripts. They cannot even tell you if running scripts is necessary. I guess I have no choice to but to keep clicking the “Yes-No’ on script errors for the rest of my life. If I am wrong, and someone actually knows how to stop my computer from every showing a script error again, please let me know or tell me why I have to continue putting up with this problem.
thanks

Sometimes it is not very comfortable, constantly interfere with pop-ups, how do I remove them to help desk