"Very Severe Hole" In Vista UAC Design

[4play]

Joanna Rutkowska has always been a big supporter of the Windows Vista security model. Until she stumbled upon a "very severe hole" in the design of UAC (User Account Control) and found out — from Microsoft officials — that the default no-admin setting isn't even a security mechanism anymore. Joanna Rutkowska

Rutkowska, a hacker with a track record of defeating Vista's security mechanisms, believes UAC has a major flaw in the way it automatically assumes that all setup programs (application installers) should be run with administrator privileges.

"When you try to run such a program, you get a UAC prompt and you have only two choices: either to agree to run this application as administrator or to disallow running it at all. That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing it to load kernel drivers! Why should a Tetris installer be allowed to load kernel drivers?," Rutkowska asked in a post on her Invisible Things blog.

___________________________________________________________

In simple terms microsoft have done everything possible to remove kernel access to all its users, implement a very low privileged user for internet explorer, then bombard their users with popups telling you eactly what the operating system is doing and go right ahead and completely destroy any decent security they have implemented by making all installers run as admin in the name of ease of use.

bravo microsoft

Source: http://blogs.zdnet.com/security/?p=29

[Hairbautt]

Wait for March Tuesday update?

[4play]

Wait for March Tuesday update?

I doubt they will be able to fix this with a quick patch next black tuesday. The problem is that so much old software and probably even new vista compatible software have become accustumed to being installed as admin.

can you tell me honestly why the sims needed admin privildeges to install in xp. The answer is the designers of the game screwed up and had the game write registry keys and files to places in windows that need admin priveldges. It would be trivial to rewrite the game so it didnt need admin priviledges but who wants to do that.

Now microsoft has been left with a tough choice. Do they force a decent user model into vista so that all applictions are installed as a user unless they really need admin level access (av, firewall....) but at the same time lose compatibility with badly designed software. I for one would be pestered like hell if my sisters couldn't get sims working on a shiney new pc. Microsoft seems to have chosen the second option of allowing all software to be run as admin for ease of use but makes their "this is our most secure os ever" look plain silly.

[grchl3]

It never ceases to amaze me how insecure the os's from good ole Redmond are. But honestly MS, if you're going to release yet another os chock full of security holes don't give me a line about how much you value security and how this is your more secure os yet. The sheer user base of windows installs and the compatibility nightmare of making them all run in sync makes any kind of security overhaul from microsoft infeasible. Unless they want to start from scratch, and leave behind all the legacy apps, windows will continue to be as insecure as ever. And to add insult to injury, MS is asking people to shell over big bucks to upgrade to a new untested os that will probably leave them less secure than xp.