SuperSite Blog

Me and another Chinese MVP had wrote the essay to analyze this tool.

The link is blogs.itecn.net/.../norton-uac-tool.aspx

and

blogs.itecn.net/.../norton-uac-tool.aspx

I'm almost embarrassed to admit, last year I decided to give Norton AV another chance. It didn't seem to slow my machine down anymore than AVG, or any of the other free AV's I've tried. Yesterday they offered a free "upgrade" to 2009. It seems about the same maybe a little lighter, it does give you option of changing your scanning speed, depending on much resources you want to devote to it.

This new tool they offer looks a little like Tweak UAC http://www.tweak-uac.com/home/

I've never tried this but UAC can be modified quite a bit without turning it off completely, I'm not sure I need an additional program to do what I already can.

I will not use Symantec/Norton security products. I have seen too many of my clients' machines bogged down by them. I have not needed or used them myself since Symantec bought Peter Norton's company.

I do not use UAC for my machines. I am quite capable of making informed decisions about my computer without some idiotic, poorly designed Microsoft tool getting in my face and disrupting my work all too often.

richardfrisch

Using  "I do not use UAC for my machines" and "idiotic" in the same paragraph really does make it too easy...

@mike:

Don't worry - he uses root as his main logon in Linux too.

Mike and Weathorn.

Sheesh. You just just can't stop can you. You even beat down on your own.

"You even beat down on your own."

I'm sure Waethorn does. Regularly.

(I know. Childish. But really, that was just too easy.)

Pingback from  Norton Takes on Vista's User Account Control

Pingback from  Najlepsze Programy, Recenzje, Informacje.  » Blog Archive   » Norton Takes on Vista's User Account Control

What’s more, because the UAC may give a false sense of security since other processes can still access the desktop, it actually raises security concerns.

This is a straight out lie. UAC runs on a Secure Desktop by default. Microsoft should sue Norton for this false advertising that could damage their brand.

And if Norton can't understand UAC, what makes you think they could do one better?

RunTimeError

I don't think in terms of "one of my own"

I think of it as the equivalent of somebody in the auto industry saying, "I do not use seat belts for my cars. I am quite capable of making informed decisions about how I drive without some idiotic, poorly designed tool getting in my face and disrupting my driving all too often. "

Encouraging people to turn off safety features for no better reason than bravado is irresponsible. (And, in this case, shows a lack of understanding about both how UAC works and the things it does besides the security prompts)

Really, just how useful is this product? I've been wary of Symantec stuff for a couple of years now, if only because they need to offer standalone uninstallers because their built-in ones can't do the job. And the screenshots we've already seen for Windows 7 UAC settings will make this utility moot.

I switched off Symantec in 2003, and this is just another reason to boycott Symantec.

And turning off the UAC? How foolish can you be? It also deactivates several other safety features within Vista, leaving you more vulnerable. How in the hell can you make an argument about Vista and the UAC, when today's 50 additional patches to Leopard brings this year's grand total of OS-X patches to over 250! (Since Symantec also deals with Mac security, it makes it a very relevant discussion point.) Yet we have these morons running around saying to switch off of Vista? Don't make me laugh.

If anything Symantec needs to know its role and fix its junky anti-virus solutions. Thats why people would rather use AVG or One Care Live, because it doesn't bring your computer down to limping with an injury speeds. With so many free solutions that run better, Symantec doing this crap just makes it more and more irrelevant.

Paul, I'd do this little Symantec tool in virtualization with a virtualized Vista. I wouldn't want Symantec running in any decent system.

I guess I have give them credit when credit is due. The latest Symantec Antivirus 2009 does not slow down my computer any more than AVG 8.0. I think they're starting to get it.

Are you guys sure the screenshots we've already seen for Windows 7 UAC settings will make this utility moot? I don't think so because I haven't seen any Win 7 screenshots showing options like "don't display this UAC prompt for this application again" and this is what Norton's UAC utility is trying to achieve. Which may make it extremely useful utility for Win 7 despite what Sir_Timbit says

I haven't switched off UAC and don't understand why it's regarded as annoying. Granted I have only used Vista on my main desktop PC since SP1, but I have found it no more 'annoying' than Mac OS X or Linux systems I also use. It pops up in about the same places, when you install something, or when you want to change a sensitive control panel setting.

That's been it. It certainly hasn't popped up in places where I wouldn't expect it. All in all, I can only imagine the people with the most problem with it are those who have run 2000/XP boxes with Administrator accounts (which is a heck of a lot) but to my mind, I have no reason to disable UAC.

I guess I am used to this kind of prompting.

"Don't ask me again" is a very dangerous feature which leaves your system wide open for elevation of privelege attacks.  As I commented on a ZDNet blog yesterday:

>>>

The problem with "don't ask me again" is that the system has to know that *you* specifically are the one taking the action requesting the prompt. I'm curious if these Symantec prompts make any attempt to determine this, otherwise it's a giant elevation of privelege hole.

Let's say there's an unpatched code execution vulnerability in my web browser and I go to a site that tries to exploit it. My browser runs at low integrity (IE) or regular/medium integrity (Firefox), and so I know that any exploit can't do anything administrative without my permission because a UAC prompt would need to appear first.

However, what if they try to launch something that I'd already said "don't ask me again" for? Is Symantec smart enough to know that the request didn't really come from me? It's really, really hard to determine the difference between the exploit case and a legitimate case.

talkback.zdnet.com/5208-12554-0.html

<<<

A reply from "davewood [MS]" (Microsoft employee it would seem) agreed, and mentioned that this also opens the door for application installers to pre-mark the apps they install in the "don't ask" category.

This enables the following elevation of privelege attack:

1. I run the installer for app XYZ.

2. The installer marks XYZ as "don't ask".

3. An attacker discovers upon two exploits, one in my web browser and one in XYZ.

4. I stumble upon a malicious site which uses the browser exploit to cause my browser (which is NOT running as admin) to launch XYZ.exe, feeding it specifically-formed data e.g. via a command line parameter of a file or URL to open.

5. XYZ silently elevates to Administrator, and the malicious data hits the vulnerability in XYZ and causes the attacker's code to run, with full administrative privileges.  Pwned.

How insane are Symantec?

Weren't they one of the loudest voices moaning about Vista's locked down kernel as well? And, therefore one of the main reasons why Vista x86 DOESN'T have a locked down kernel?

And people still trust these morons with their PC's security?

PatriotB6007

Exactly right.

It isn't as though the people at Microsoft didn't think about "mark this as safe". It's an obvious optimization. The problem is that it's also an insecure optimization.

Maybe Symantec has some really neat trick behind the covers that solves the problem.

Maybe.

But, nothing on their site suggests that they have. And that makes this tool potentially a serious security hole.

PatriotB6007

It's actually even worse than that. In the example, if app XYZ is Internet aware as most apps are these days then you don't need a vulnerability in both the browser and XYZ.

You could have the case where XYZ phones home for an update and the XYZCorp update server has been spoofed (say a man in the middle attack). The XYZ app updates itself with the exploit with no prompt (the goal of the Symantec app) and now runs the exploit code.

So far, this wouldn't be something that UAC would have saved you from since you were expecting the update so you'd have said OK anyway. The problem, though, is that now the pwned XYZ is running the exploit with Admin privs and is able to do lots of evil nasty stuff with no UAC prompts to let you know that the app has been hijacked. This is where UAC would normally prevent damage but the "don't show again" neutered UAC happily lets the pwned app destroy your system without warning.