SuperSite Blog

you have got to be kidding. you have no problem with their position? i don't think they truly understand the issue at hand here.

That is the most retarded response I've heard. There is no reason that Microsoft can't divide each control panel into user-configurable and system-configurable options like every other operating system. This is just passing the blame on to the user when Microsoft could prevent another attack point.

I plan on changing the UAC default to the highest, because this is a problem waiting to happen.

I don't know why Microsoft suddenly got stupid; they were doing so well with security before.

If they do this, then they need to do something along the lines of the "lock" system used in OS X  (where the settings are unlocked/locked unless you explicitly click the lock and reverse the situation)

This thing is getting from dumb to dumber.... So they are trying to tell us that it is our fault for introducing the malicious code unwittingly? Or are they blaming us for visiting questionable sites and/or acquiring software with risks?

Nice one, Microsoft.

"So they are trying to tell us that it is our fault for introducing the malicious code unwittingly?"

Um, that's the whole point with UAC.  If you click "Continue" unwittingly, you only have yourself to blame if you don't understand the consequences.

"Or are they blaming us for visiting questionable sites and/or acquiring software with risks?"

Well, yes.  The computer doesn't browse the internet by itself.  Your antimalware software is what is supposed to notify you when malicious software is trying to take control of your machine though.

"In order for malicious code to have gotten on to the box, something else has already been breached (or the user has explicitly consented)."

That's the thing to remember.  It is not UAC's job to monitor what is malicious or not.  It's only there to address whether or not system-level settings are trying to be modified.

BTW:  You can blame all the reviewers that claimed that "Windows 7 is now less annoying" for this.

Less annoying = less secure.

That's the price you pay for trying to appease everyone.

Be a good plumber, and just pull your pants up.

I don't understand why MS is being so adamant about this, especially  since this probably won't take much effort to fix. Oh, well.

"especially  since this probably won't take much effort to fix. Oh, well."

That may be what the problem is.  I know that sometimes things that seem simple are in fact not, and it may take some fundamental changes to implement.  And it clearly is by design when you think about it, so they are technically right about that.

However, it does seem to me to be a big potential problem that they should take care of.

"Less annoying = less secure."

Absolutely not true. The more annoying something or someone is, the less likely people are to pay attention to what it/they are saying.

Microsoft is still evil. They have not changed.

www.robertnyman.com/.../microsoft-force-installs-firefox-extension

I don't know about Microsoft's position on this one.  The whole idea of UAC is to make another barrier to malware.  If the malware gets past the other security "walls" then it still has UAC to contend with.  In this case UAC would be a nonfactor.  It's like having three walls of security and the third wall falls immediately when you touch it.  But I do not contend to know anything real about security, its just how I see this situation.

"Absolutely not true. The more annoying something or someone is, the less likely people are to pay attention to what it/they are saying."

So you're saying less annoying = more secure?

Sorry, but you must be taking IT hints from Lindy on that one....

Look, the way that malware gets on the box is if the user actually allowed it.  Since the software can't modify system settings by itself under the privilege level, the user would've purposefully launched it within the browser, or downloaded and executed it.  At that point, the malware would've been able to drop the security settings because the app inherited admin privileges by the admin that ran it manually.

To change this, Microsoft would have to code extra exclusions into UAC so that the UAC slider would need special exemptions to bypass UAC's policies.

How do you code something to be exempt from it's own security policy?  Create a safe list?  That opens up a whole other can of worms.  Look at what happens when a browser hijacker infects a system - it will add sites into IE's own safe list.

@Waethorn

There are people who place malwares in free programs. You expect a 12-16 year old to know?

Ever heard of drive-by malware sites? Most people find out about these after they ahve "accidentally" visited them.

Frankly speaking if someone wants to break into your computer, no amount of security is going to stop him/her. Well, just one, unplug the computer and stop using it.

Lol Waethorn and your small time computer shop thinking/MS has the answer for everything.

UAC is busted in 7.  If I ever let Vista (never) or 7 touch my AD environment even Admins will be forced to use a password with UAC forced by a GPO.

UAC is good, they just need to make it like OS X or Linux

"Look, the way that malware gets on the box is if the user actually allowed it.  Since the software can't modify system settings by itself under the privilege level, the user would've purposefully launched it within the browser, or downloaded and executed it.  At that point, the malware would've been able to drop the security settings because the app inherited admin privileges by the admin that ran it manually."

Okay. How many of the average consumer you know actually knows what each component of an installation does?

Pingback from  Windows 7 UAC - we have a problem « Longing for a break

I am willing to bet they make some changes so that this sort of breech does not happen.

My feeling is that the security should be annoying...to a point. I don't mind the long TSA lines at the airport if it means that a terrorist is not boarding the plane. I do mind that many of the people running the checkpoint are lackeys that know nothing about law enforcement, though.

UAC in Vista had it about right. There was room for improvement, butcContrary to what most people have heard...Vista UAC worked pretty well and did not annoy endlessly. I also like the way OS X lets you lock the system settings, requiring the admin password to make changes. That would be a good additional step.

As for people not knowing what each step of the installation process is doing...there is no need to. There has been enough information available to average users to know not to visit p o r n sites and to only open email attachments from trusted sources, etc. If that advice is ignored, they deserve what they get. I ahve told some people that I will no longer "fix" their computer, because I know that they are ignoring my advice.

All of that said....yes, Microsoft's answer is lame, especially the first bullet. That should be a default setting...if you are going to change security settings...I need, not only an OK...but a password. Like Waethorn said...this is one that they should not be trying to appease the public, but keeping Windows secure as it has been and even more secure.

--tayme

@darkmax - the average user is supposed to use common sense and do his/her best not to get infected.

I'm currently running Vista with UAC, however if I were to install something right now, click-through the little UAC prompt that told me I may be doing something retarded it could install itself as a driver, service or some other component requiring administrative access and change all the settings it likes.

As for drive-by downloads: they were a major issue in pre-SP2 XP running IE6. They're not anymore. There's a reason there's an annoying little yellow bar that pops up at the top of your internet explorer when a file wants to download itself. MOREOVER: kindly recall that IE runs as a least privileged user and thus can't do jack to your system even if something does happen to compromise it.

Finally, while I disagree with Microsoft's decision to change the default UAC level, do note that the option to change it to the strictest possible is still there.

Long story short, I think the following quote still summarizes the situation perfectly:

"Social engineering...

because there is no patch for human stupidity."

For the last few years, I've run into many pieces of malware that continually reach out and seek to install other malware programs. That's why it's not sufficient for Microsoft to respond that this could only matter on a system that is already compromised. Although that's true, this opening will make it possible for the system to have additional malicious programs installed without the default Windows 7 UAC protection. Microsoft's response seems ill-considered.

You guys do know that UAC is not a security boundary right?

Thus, why Microsoft stated what they have!

@war59312  "User Account Control (UAC) is a technology and security infrastructure introduced with Microsoft's Windows Vista operating system. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase in privilege level."

Its a protection layer, or stop gap.  Take the average home XP user, they probably dont even have a password and they are running at full admin rights.  Malware just walks in.  Vista and UAC turned on prevent this, but a user can OK it threw.

UAC is the same thing that OS X and Linux have except they are less annoying and always require a password.

UAC is highly configurable.

www.howtogeek.com/.../make-user-account-control-uac-stop-blacking-out-the-screen-in-windows-vista

Registry settings that can be forced by GPO....

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=dword:00000002

"ConsentPromptBehaviorUser"=dword:00000001

"EnableInstallerDetection"=dword:00000001

"EnableLUA"=dword:00000001

"EnableSecureUIAPaths"=dword:00000001

"EnableVirtualization"=dword:00000001

"PromptOnSecureDesktop"=dword:00000001

"FilterAdministratorToken"=dword:00000000

"LocalAccountTokenFilterPolicy"=dword:00000001

I don't understand this. First UAC was too annoying, now that everybody has complained about and Microsoft decided to change it, it's broken. Like it's says in the statement: "This is not a vulnerability. The intent of the default configuration of UAC is that users DON'T GET PROMPTED when MAKING CHANGES to Windows settings"

So if you write a script to change windows settings and you have the UAC settings not to prompt  when you make changes, what do you expect!!

Everybody complained about UAC, now that it has been changed Microsoft isn't doing it's job. Come on people. You asked for this. Now who's fault is it??

And I do understand why Microsoft would say that something else would have been breach for malware to be on the system. Ask any IT how many people just install crap on there computer. And blame Microsoft for getting all sorts of malware. For me UAC was fine like it was in vista. It protected people who didn't have a clue on what is good and what is not. The only change  they had to make, could have not to darken the whole screen, that's it.

Wow. That response of Microsoft is shameful and disheartening. You're going to leave a potential backdoor for code writers and cracker's to blatently breech Windows 7? This is very disappointing, considering the fact that so many millions of users have put hours of time, testing, observations, and you're going to allow a simple VB script to have that much power to compromise the system?

I'm sorry but thats pathetic. That means anyone taking High School Visual Basic and is competent writing in VB will have the ability to make changes in Windows 7 and Vista. You could mimic something thats very common and implement a breech.

This is some of the same boneheaded decision making that makes people really hate Microsoft. This decision might just have handed the keys of PC kingdom over to anyone who wants to step up to the public OS market. However, I do not think Apple will go that route and Linux doesn't have the collective will to do it. So, the status quo in the PC industry remains.

Now, if Apple really wants to take Windows Marketshare, Snow Leopard will have to have to show security improvements plus much greater stability. A price cut on the hardware would really help.

It seems simple to fix. Require full admin rights to move the damn slider. Of course people will whine but they did the right thing with Vista and idiots either turned it off,(if they could) or complained. If MS doesn't fix this someone, like Norton with their  UAC utility will.

But companies are like everyone else, the pendulum swings toward secure and they get slammed for UAC, They try to "fix" UAC and the security geeks complain.

@whiplash55

I agree with you. But I would really not want to start using Norton again. I stopped using them in 2003 and really have no desire to.

Maybe AVG will come up with something.

However, VB is taught in High School. I shudder at the possibility of some loser with too much spare time compromising Windows 7. Or the proof of concept code falling into worse hands.

I did post a blog response on the Engineering Windows 7 blog. I hope many on here will follow suit and let Sinofsky and Company some pressure to change this.

http://blogs.msdn.com/e7

It's very clear that Microsoft's explanation is quite correct. Period. End of story. It was more than a bit alarmist to have presented the original "vulnerability" in the context of some kind of breach or flaw.

Since UAC was originally announced its role and function within user space has been clear and this nonsense that it is a boundary has to stop. It is an alerting mechanism designed to inform the logged user of impending changes - and nothing more.

Similarly, the idea that what appear to be similar functions in OS X and other *nix are somehow superior, seems silly - they are entirely different things. On the *nix privilege elevation takes place and persists opposite a simple read, write, execute model. Unlike on Windows where UAC may be exposed to policy objects and much more granular control, OS X and other *nix adhere to an archaic model that is not only less secure, it is far more difficult to manage centrally.

I can imagine that more than one fist found its way to slamming more than one desk up in Redmond when this matter was presented here and elsewhere as it was. I was equally miffed - explaining things in a way small business customers understand well is hard enough and that kind of rubbish made 07 and 08 hard enough on partners in the channel with Vista. As an industry, we have to beg two things: "If you do not know what you're writing about, don't publish it" and "if you do not know what you are talking about, ask questions." - less clickety clickety and more journalism, please.

Sub, MS was referring to me, and people like me. We're the doofuses that install stuff without much thought. Even though I scanned the 'free disc utility' twice, I still installed a trojan. It was my fault. So maybe MS is not too far off the mark on this one. We shall see.

Go Steelers!

@subzerohitman

I believe you can get the Norton UAC tool stand alone .www.nortonlabs.com/.../uac.php  I have to say after being a Norton hater for years the 2009 version is quite good. I think it might use less resources than the new AVG with seemed to have gained a little bloat. If I pay for security software I like Eset NOD 32 been using it for years, and it has always done a good job.

tayme, you mentioned that OS X lets you lock the system settings so that you require a password and you stated that it would be nice if Windows did the same.  Windows already does.  If you make everyone use a limited account, then if they change a setting they will have to put in a password.  No changes to Windows are needed.

I understand why Microsoft gave the opportunity to tamper UAC with Windows 7 but it is the wrong approach.

A significant share of people who have been complaining about UAC,since Vista release, were among those  who complain about the lack of security of pre Vista version of Windows.They would be also among those who would complain the loudest about the security problems brought by the optional tampering of UAC. Thus they would complain whatever Microsoft did. Considering this the best Microsoft can do is to do what is right. In the context they should let UAC behave like it behaves with Vista or even make it more "annoying" by requiring password for some critical tasks even for administrators.

Then Microsoft must find smart and innovative way to deal with the problems linked to legacy Windows versions behavior and legacy applications which are,among other things, responsible of the true troubles linked to UAC.

I hope that they will find them before releasing Windows 8.

"This is not a vulnerability. The intent of the default configuration of UAC is that users don’t get prompted when making changes to Windows settings.  This includes changing the UAC prompting level."

This is an example of if you say something with sufficient self-confidence and assertiveness it will cause others to suspend common sense and agree, but it's still wrong.  In fact it's offensively stupid.

Oh dear. I just ran the code that Raf has posted on his blog. The scary part is, like Long Zheng says, that even a low privileged application can turn off UAC.  This is serious. I hope Microsoft fixes it before Windows 7 is RTMed.

Pingback from  Security Cadets » WinPatrol v16 Monitors Changes to UAC

Pingback from  WinPatrol v16 Monitors Changes to UAC « BFC Blog

Pingback from  Links for February 2, 2009 (Ground Hog Day) « Steve Mullen’s Blog

Pingback from  4sysops -   visionapp vRD 2009 released - Windows 7 UAC issue - Windows 7 RTM - Vista SP1 and XP SP3 blocker tool expires

Pingback from  Windows 7 Help & More

Pingback from  4sysops -   Windows 7 UAC vulnerabilities

Pingback from  Twitter Trackbacks for                 Microsoft response to UAC 'issue' - SuperSite Blog         [winsupersite.com]        on Topsy.com