Windows Vista has large security hole in UAC

[zekrahminator]

When Microsoft shipped Windows Vista, they bragged about how secure it was, showing off the User Access Control (UAC) feature. UAC is something that asks a user if they really want it to run a program before simply running it (previous versions of Windows would simply run the program). "Hackette" Joanna Rutkowska found a disturbing loophole through UAC. Apparently, UAC works by running everything as an administrator, and simply asking for confirmation before executing a program. So if something like a game installer triggered off UAC, and a user hit "allow", the program could theoretically be allowed to run a bunch of other things that would individually require administrator privileges. When dealing with things like simple registry changes this is no problem, but when malware is piggybacking in an installer....this effectively ushers in the next generation of Trojan horse viruses. Microsoft does not consider this a serious threat, and thinks of it more like a minor weakness, which is the result of a "design choice".

View at TechPowerUp Main Site

 

[EastCoasthandle]

Well wouldn't you know...there really is no such thing as a secure os after all. Oh wait, don't believe it just because it comes from the inquirer.

 

[BXtreme]

when ppl have Vista they should have a gd antivirus with them, so to get rid of inserted viruses in game packages or software ones, and if the antivirus doesn't get note of the virus, is the user also dumb enough to allow an unknown file ??? This is a minor threat imo also, no one should care unless they don't have proper security in their copy of Windows Vista.

 

[EastCoasthandle]

when ppl have Vista they should have a gd antivirus with them, so to get rid of inserted viruses in game packages or software ones, and if the antivirus doesn't get note of the virus, is the user also dumb enough to allow an unknown file ??? This is a minor threat imo also, no one should care unless they don't have proper security in their copy of Windows Vista.

Dude, you need to re-read that again.

So if something like a game installer triggered off UAC, and a user hit "allow", the program could theoretically be allowed to run a bunch of other things that would individually require administrator privileges.

 

[BXtreme]

then what for is an antivirus ???

 

[EastCoasthandle]

then what for is an antivirus ???

All antivirus will trigger UAC while the viruses, malware, etc don't.

 

[BXtreme]

well, that calls for smarter antivirus, maybe

 

[EastCoasthandle]

Actually you need a 2nd tier UAC that would catch this. In other words you would invest in a good firewall program. In all UAC is just a very "lite" version of an annoying, useless firewall IMO.

 

[BXtreme]

ya agreed lol, but users also need to be more cautious ya know , see my thread "Attention Vista users" something about new vista viruses are comin'.

 

[WarEagleAU]

More and more reasons why Vista is bad news ATM.

 

[Completely Bonkers]

What is truely bad is the passive response from MS. I would, as a potential customer of Vista, be much more confident in them and the OS if they said "this is an interesting possibility that wasn't anticipated: installation files with both a legitimate purpose but also malicious content. Our primary concern is security, and as such we will investigate how to modify the installer to restrict registry "auto run" to be validated ONLY AFTER a full virusscan of installed files has been completed"

This would be a change in how the registry works... quite a task... but actually a very smart move.

 

[Deleted member 24505]

uac is really irritating,microsoft dont tell people that.i like most vista users have probably turned off the uac.

 

[mullered07]

i think a lot of power users and people off here this isnt a problem at all, a lot of us are clued up enough to make our os secure ourselves, however the "average joe" is not so clever, ive fixed countless pc's off friends and family and as soon as it boots the things is clogged to shit trying to load up all kinds of crap thats uneccessary (imo software developers need to take responsibility for this and learn NOT to program there software to automatically startup, if the user is running there software is that not enough? )

and the amont of times ive had someones pc to fix and thought id start up internet explorer and theres like 3-4 different toolbars, one under the other (taking up half the bloody screen) (not too mention being able to browse all the naughty sites they have visited clean your goddam browsers people or dont vist pr0n sites )

imo windows should make a dummed down version for 50% home users (ie: preinstalled with a decent firewall, av, spyware and warn the user not to install all the shit there going to because its "free" )lol cause its people like them who give the hackers the satisfaction they crave, i never have a problem with virii/spyware/trojans etc cause i know what im doing

 

[zekrahminator]

the "average joe" is not so clever, ive fixed countless pc's off friends and family and as soon as it boots the things is clogged to shit trying to load up all kinds of crap thats uneccessary (imo software developers need to take responsibility for this and learn NOT to program there software to automatically startup, if the user is running there software is that not enough? )

and the amont of times ive had someones pc to fix and thought id start up internet explorer and theres like 3-4 different toolbars, one under the other (taking up half the bloody screen) (not too mention being able to browse all the naughty sites they have visited clean your goddam browsers people or dont vist pr0n sites )

I earn $20 a house-call, and that is almost exactly like what I have to deal with every visit. Have you tried putting your clients on limited accounts (through Windows)? I've found it keeps a lot of crap off, especially when all my clients want to do is access teh interweb (firefox, disabled access to IE). And I completely agree on how software developers need to keep their crap from starting with Windows. Stores are selling PC's with SEVENTY PROCESSES :shadeshu . I'm currently running 31 processes and have just about everything I need on the PC on right now (WMP, AIM, FF, AV...).

Oh yeah and I don't use firewalls, common sense and a router do everything a software firewall would do .

 

[Alec§taar]

When dealing with things like simple registry changes this is no problem, but when malware is piggybacking in an installer....this effectively ushers in the next generation of Trojan horse viruses.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer

Point-blank: When you assign that registry pathway SYSTEM users, w/ FULL CONTROL rights, OR Administrator users, w/ FULL CONTROL rights?

She's right - in that even 'safe installers' CAN/COULD deliver ANYTHING it wants, & I don't care if you use .msi installers, installshield, or what...

(& I'd wager it's the exact same in VISTA, that same pathway exists, w/ same user rights assigned to it)

Same w/ your filesystems, they can write anything they'd like.

Add to that, the fact they have an internal 'stamp' (probably in the Win32 Portable Executable Header) which marks them as running as Admin users, by "association"? Well, you get, what you get. Installers have to change as well, imo, yet again also.

APK

P.S.=> UAC doesn't do a thing to stall that apparently, how can it? Check you registry permissions there, you'll see what I mean...

http://theinvisiblethings.blogspot.com/2007/02/running-vista-every-day.html

"One thing that I found particularly annoying though, is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges. So, when you try to run such a program, you get a UAC prompt and you have only two choices: either to agree to run this application as administrator or to disallow running it at all. That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing e.g. to load kernel drivers! Why Tetris installer should be allowed to load kernel drivers?"

VISTA security, nice as it is & it IS an improvement on its forebears in many ways, does have a "hole" there, you either install as administrator user, (OR don't install your program, yea, right: IF YOU WANT TO USE IT, you'll install it, the point of running one IS that) & the installer technically CAN do what ADMIN users can @ that point... where you the user can't for many things!)

There is currently, NO SANDBOX FOR INSTALLERS in other words, & they too, need to change it seems to fit the VISTA security model... apk

 

[EastCoasthandle]

Wait a minute, Vista is sold on the premise that it's a safer OS! This is not about comprise nor about how you navigate the internet (laughable at best). If you are treating Vista like XP why even buy it to begin with?