Coding Around UAC's Security Limitations 334
Mariam writes "Free software developers from the non-profit NeoSmart Technologies have published a report detailing their experience with coding around Windows Vista's UAC limitations, including the steps they took to make their software perform system actions without requiring admin approval or UAC elevation. Their conclusion? That Windows Vista's improved security model is nothing more than a series of obstacles that in reality only make it more difficult for honest ISVs to publish working code and not actually providing any true protection from malware authors. Quoting from the post: 'Perhaps most importantly though, is the fact that Windows Vista's newly-implemented security limitations are artificial at best, easy to code around, and only there to give the impression of security. Any program that UAC blocks from starting up "for good security reasons" can be coded to work around these limitations with (relative) ease. The "architectural redesign" of Vista's security framework isn't so much a rebuilt system as much as it is a makeover, intended to give the false impression of a more secure OS.'"
Misleading Summary (Score:5, Interesting)
I fail to see how they drew this conclusion:
"[UAC does] not actually providing any true protection from malware authors"
This isn't a hole in the system. If applications couldn't use services running at admin or system then the entire system would be damn near nonfunctional.
I mean how would you even play music without a regular application being able to communicate up safely to the driver?
The article is fine. The person who wrote the summary didn't actually RTFA and is just trolling. They haven't justified anything they've said.
Re:Where have I heard this before? (Score:3, Interesting)
In fact 99% of applications shouldn't need an installer for OS X. Just a drag to the
MSFT has turned a single user OS and tacked on multi user support, and then multi user security. OS X, and every *nix are Multi-user OS's. I not only have applications but also user specific applications stuff that only I can run, and stuff that only I can see.
You shouldn't have to be an admin to install a web browser, word processor , or spreadsheet. You should only be an admin if your installing it for everyone.
Re:Not a novel idea... (Score:3, Interesting)
Re:Easy, but it's Not, but it is? (Score:1, Interesting)
Honest, "good" programmers should have no trouble whatsoever with whatever security systems there are to work with. Those should be designed to trouble malware, not the "good" software.
Malware programmers, however, have the purpose to work around and find loopholes in security systems and thus it MUST be hard for them to operate under any security system. After all, malware is trying to do nasty stuff in your system.
What this article is stating is just the opposite. As a Software Developer you are bound to have lots of shit coming your way if you intend to work on Wista because of UAC limitations. As a malware programmer, you can just easily overcome the "difficulties" and live happily ever after.
The problem with journalism, I'd say, is that it looks honest, but just isn't. Sometimes, however, bloggers don't have the ability to be clear and concise.
Re:A Service... (Score:5, Interesting)
Re:Where have I heard this before? (Score:2, Interesting)
Yep, that's responsible for a huge number of Windows' problems. So why the hell did they do it ?
At home, I'm the only user on my machine. The wife occasionally checks a web site or plays a video on my rig, but ultimately I have no need for multi-user configs as there is only one account. I can't remember the last time I had any profile other than Administrator on my own box.
Casual users will create separate profiles, but really all they're personalizing is individual preferences. They still run all the same apps. Should these people need to jump through hoops like the UAC, just for the privilege of having their own set of bookmarks ?
Today's exploits operate in plain sight: "Click here to install TalkingMonkeyP2PsexTorrentScannerTweak.exe". The UAC still can't prevent stupid people from being stupid. They click "Yes" on ActiveX prompts, they'll continue to click "Yes" on UAC prompts because whatever malware they're installing, they made a conscious decision to click in the first place. Uninformed, but conscious. Might as well do away with the UAC and let users jump headfirst into trouble, like they always have and always will.
You know what would be more useful and effective than the UAC ? A "safety tip of the day" widget that forces common users to sit through a 2-minute tutorial with an exam at the end. Don't let them surf that day until they pass the exam. Educate the users, beat them over the head with the wisdom we geeks take for granted. That will make a real difference!
Re:Where have I heard this before? (Score:4, Interesting)
Other than that, the IPC primitives Win32 provides (message queues, pipes, etc.) are about the same complexity than UNIX's and really shouldn't take that much code.
Re:Where have I heard this before? (Score:3, Interesting)
Doing something sloppy and wrong is often easier and less time consuming than doing things right.
This article is just that case.
NeoSmart was getting a free ride by being bad developers, and assuming that everyone was running as admin, and that someone would always be logged into the box.
Now they're being forced to learn how to program correctly, and do things right, and yep, it takes more lines of code.
Doing things the right way almost always does, but you end up with a better product in the end.