| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Second Windows 7 UAC security flaw: malware can silently self-elevate with default UAC policy | |
|
||
| Time: 00:39 EST/05:39 GMT | News Source: istartedsomething | Posted By: Kenneth van Surksum | ||
|
Long Zheng: Soon after writing my last blog post on the potential security vulnerability to autonomously disable Windows 7 beta’s UAC system, I had realized that flaw was just one piece in a string of dominoes that fell much earlier when the new tiered-UAC system was introduced in Windows 7. In summary, a second UAC security flaw in the Windows 7 beta’s default security configuration allows a malicious application to autonomously elevate themselves to full administrative privileges without UAC prompts or turning UAC off. A result I’m sure cannot be classified as “by design”. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 220 Last | Next |
The time now is
9:48:29 AM
ET.
Any comment problems? E-mail us |
| #1 By 12071 (124.168.173.210) at 2/4/2009 6:21:07 AM |
|
There's nothing to see here - the design is perfect... Lloyd said so! It's impossible for this bad code to exist on your pc in the first place so we should just ignore it and move on.
On a slightly less sarcastic note, Microsoft seems to have some really brilliant architects - the design of this system is flawless! |
| #2 By 23275 (24.196.4.141) at 2/4/2009 6:37:38 AM |
|
Good Morning, Chris,
Not being a fan of decaf, I'm not going to recommend it, but perhaps a bit of sugar in yours will help ease your day. Now, I'll say this again here and as often as it takes - and this is for all users, but especially very young people who may read this site and our missives... UAC is not a boundary - don't think that it is. It was never designed to be. Run any Vista, or Windows 7 computer as a standard user - Microsoft recommends this and Vista and Windows 7 were designed with this intent. Create only one "Protected Admin" account on Vista, or Windows 7 - the root admin account is disbaled by default. I temporarily elevate my account to protected admin when I set my profile up and lower it when I am done - using the single protected admin account I create. Day to day - when not installing new software, I never see a UAC escalation. While expert computer users run as I do, forget names - like expert, or noob, or any other nonsense. Operate a computer is a responsible way - a way that is much less likely to result in it being compromised by malicious software, or people. When you run across grumpy young men like Chris, smile and keep moving - try and offer something better and don't let all the noise prevent you from enjoying computing. |
| #3 By 16797 (65.93.29.112) at 2/4/2009 7:21:28 AM |
|
Lloyd, then why do we have UAC available to admin users too, in first place? Clearly, this thing is not working as people expect it to, by design, unless UAC is set to max.
They went one step too far in reducing UAC prompts in Win7 beta. We'll see, but I think they'll have to change it. UAC settings dialog should be an exception: it should always display UAC prompt before changes to UAC level are applied. |
| #4 By 26048 (68.238.135.26) at 2/4/2009 8:27:07 AM |
| This is still a BETA, correct? |
| #5 By 23275 (24.196.4.141) at 2/4/2009 8:52:47 AM |
|
Gonzo,
Because in Vista and 7 "Administrators" do not really exist at all - not in the context that people seem to insist must exist - e.g., simple read, write execute permissions with super, or root level user elevations to access and or adjust them. Windows is far more granular - object centric. Le me splain... ("Ricky" Ricardo was a genius). UAC does one thing by design (how well is the subject of the debate and manufactured controversy). UAC advises and alerts. Period. UAC monitors change. UAC advises through different types of alerts and hands any action over to the actual boundary that is relevant - the user context and their permission to allow a change to be affected. If, as designed and recommended, people run as standard users, UAC works identically as it does for "Protected Admins" - those requiring no password to approve escalations. There is one very important difference... as a standard user, escalations may not be approved in the context of the logged user, and must me approved by a user in the right security context - like a signature authority. The same is true of authorized changes requiring no escalation - those signed and trusted bits where Microsoft signed code is trusted. I agree that the fix is clear - do as you suggest and take changes to UAC out of that trusted context and require explicit consent by an authorized user. Regardless, users running as they should - as standard users, can skip this debate and take some satisfaction that they are operating their PC's responsibly and in a manner consistent with recommended settings. |
| #6 By 113862 (74.204.153.254) at 2/4/2009 8:55:45 AM |
|
UAC is just one more tool in the ever-needed arsenal against malware, not a "magic bullet". Plus, as Windows 7 is in beta (early beta, even) I'm sure these issues will be addressed in some manner. (That's the whole idea behind a beta, right?)
It's also important to remember that being secure must be balanced against functionality. I've used some systems with so much security and/or malware protection that they are virtually unusable for anything beyond "basic stuff" (and even that was a struggle at times). And, as lketchum mentioned (in so many words), nothing can substitute for being an "educated user" (engage automatic updates, put downloads into some sort of "sandbox" [e.g. on an external drive] and never open them until they've been scanned, don't click on 'You just won a thousand dollars! Click here to claim!" ads or emails, etc.). This post was edited by fewiii on Wednesday, February 04, 2009 at 09:00. |
| #7 By 23275 (24.196.4.141) at 2/4/2009 9:07:48 AM |
|
BTW, what Long has done, or rather the way he has done it has really disgusted me.
There are proper and effective channels for reporting issues like this - especially in BETA. The term: "Pissing Outside the Tent" applies and publicly addressing these matters as they have been disturbs me greatly. Though I have tried in an article I am preparing, I have not done a good job of explaining the role of UAC as part of the Windows Integrity Mechanism. I'll work on that and publish it and perhaps help people understand WIM and UAC's role. One MUST begin by not comparing it to the *nix - comparisons simply do not apply. Now that the faux outrage and controversy are all out there and we're all standing in a yellow stain, the science is entirely lost and we're reduced to swatting one another with feathers - shills on one side (MS Partners, Professionals and their internal engineers) and the righteous on the other. There was a time when you could slap such people in the mug. I miss it. |
| #8 By 16797 (65.93.29.112) at 2/4/2009 9:32:05 AM |
|
#4: Yes, Win 7 is still beta and obviously now is the right time to complain, while there is still time to fix this.
#5: Lloyd, everyone agrees that if you run system as standard user --- that this is not a problem. But it's not what people are complaining about. Finally, this is comment made (just this morning) by Chief Security Advisor of Microsoft EMEA related to this issue: "As I said: I got it. But I cannot change it right now Roger" This post was edited by gonzo on Wednesday, February 04, 2009 at 09:32. |
| #9 By 23275 (24.196.4.141) at 2/4/2009 9:36:56 AM |
|
See Long?
Microsoft’s worst nightmare: Windows 7 deemed less secure than Vista - http://blogs.zdnet.com/microsoft/?p=1898 Good stuff, huh? How much of this "Pure'D Bovine Scatology" can any of us take? Windows 7 deemed vice Windows 7 BETA Don't bust that arm patting yourselves on the back. All of these experts on the sidelines should spend their time teaching people how to properly and easily operate a Windows Vista and or Windows 7 computer in the intended and proper context. But gosh, they don't even step into the ring, do they? They don't build software exposed to commercial review and standards; they don't build networks, or systems, or manage them for a living. They don't step up and do a thing that exposes them to any risk at all. They crank out one bad piece of non-journalistic cruft after another and collect money based upon ad supported hits from Microsoft's competitors - all while convincing themselves how much of a good service they are providing users of Windows. The one line Long offers about standard users is to say that most people do not run that way - as if by saying that it's okay? Is this really the world you all want? Where we sit around doing our best to make it worse? For money? Sum budy need a whoopin! |
| #10 By 16797 (65.93.29.112) at 2/4/2009 9:40:57 AM |
|
#7 "BTW, what Long has done, or rather the way he has done it has really disgusted me.
There are proper and effective channels for reporting issues like this - especially in BETA. " Oh yeah? Have you missed the part where Long said that this issue has been *properly* reported by others too and that all those reports have been closed with simple "This is by design, so not an issue." Long did the right thing and Roger's comment proves it. |
| #11 By 62611 (24.20.194.33) at 2/4/2009 9:42:39 AM |
| It can elevate itself because YOU set UAC to allow system changes without notifying you. If you don't set UAC that low you won't be affected by this potential issue. |
| #12 By 16797 (65.93.29.112) at 2/4/2009 9:45:21 AM |
| #11 No. The UAC level setting that allows this is by default. |
| #13 By 23275 (24.196.4.141) at 2/4/2009 10:16:00 AM |
|
Gonzo, so Long's receives a reply he doesn't like and publishes it. I didn't miss the observation. I disagree with the action entirely. You see, he makes an assumption that Microsoft will do nothing further with it, or other BETA tester feedback. He seems to expect a singularly focused response when providing such a response would not be appropriate.
If I had to guess, and it is only a guess, I think Long and others are operating based upon an assumption that Windows 7 BETA is a BETA in name only. Perhaps that's true - perhaps they are right about that. |
| #14 By 16797 (65.93.29.112) at 2/4/2009 10:37:08 AM |
|
#13 "Gonzo, so Long's receives a reply he doesn't like and publishes it."
Well.. it is not Long only. Many others have reported this directly to MS. And it is not like MS said "OK, this is a bug, we'll fix it as soon as we have resources available." They said that there is nothing wrong with it. Oh, really? After all, a) Long didn't publish this before it was discussed internally and b) since Win 7 is still in beta --- why not? It is BETA, so yeah, let's discuss it now, now is the right time, while there is still time to fix this. "You see, he makes an assumption that Microsoft will do nothing further with it, or other BETA tester feedback." Not an assumption. They practically said that there is nothing to fix there. Please read Roger's blog post on this issue, here: http://blogs.technet.com/rhalbheer/archive/2009/02/03/the-windows-7-uac-vulnerability.aspx See, first he too said that there is nothing to be fixed. BUT then later, he actually changed his mind and commented: "As I said: I got it. But I cannot change it right now" So, he got it. Why can't you? |
| #15 By 23275 (24.196.4.141) at 2/4/2009 12:23:07 PM |
|
14, I read it. Maybe I am just dense today, but I don't see where he's saying anything differently.
I still think it should have stayed internal - I mean, it is not like as if guys like Long do not have a greater share of voice than people like you and I... The man's got much better access and the only thing most of us get from MS are invoices. (not that we're asking them for anything, either) I don't think any of us "should get it" - what I think we need to do is to get people to run not is "Admin Approval Mode" but as Standard Users. We really have ot get past the idea that we can expect Microsoft, any government, or any other party to take care of us no matter what we decide to do. As IT Pros/Enthusiasts we need to communicate with a very clear and consistent voice about how easy and proper it is to run computers in the right and limited context. If we do not do this we're not doing our jobs and none of us will ever get off of the treadmill we're on - constantly waiting on someone else to "fix us". So if there is a thing for us/me "to get" I agree - I just think what we need "to get" is different. IF we stop running as admins (XP) or in Admin Approval Mode (Vista/Win7Beta Defaults) Devs and ISV's will "get it" too and stop writing apps in any context requiring elevation outside of standard user space. |
| #16 By 12071 (124.168.173.210) at 2/4/2009 3:29:07 PM |
|
#2 umm, yeah... okay... good analogy - you get a gold star!!
I don't drink decaf and I prefer my coffee without any sugar - I like the taste of coffee not sugar but to get back on topic after you've swerved us off the road... you're a funny funny man! You say... "I agree that the fix is clear - do as you suggest and take changes to UAC out of that trusted context and require explicit consent by an authorized user." which sounds like something I said a few days ago: http://www.activewin.com/awin/comments.asp?HeadlineIndex=46147&Group=1 "I believe a better fix to this is slightly different to what the author presents. The trust subsystem can remain as is with the exception that the UAC component (and in fact any component that can modify the UAC default setting) needs to be untrusted!" to which your ingenious response was: "Oh good grief... Nonsense." And now the turn around... funny funny man! #13 "You see, he makes an assumption that Microsoft will do nothing further with it" You see, Microsoft are like you, stubborn, when they say this is not a bug, it's a design feature, they actually believe it... like you actually believe them, even with evidence showing the exact opposite. Finally, the last comment is probably the most important one and it's the number one issue that so many people have with not only Microsoft but most closed-source software - they want everything kept quiet, hush-hush so no-one ever finds out! You've mentioned on at least two occasions here that Long should have kept quiet about this... why? so that Win 7 doesn't get bad press? isn't security more important? why are you (and Microsoft) so anti public disclosure? perhaps if Microsoft had dealt with this problem appropriately rather than dismissing it as a "design feature" then it might have ended up quiet - which is a bad thing. Stuff like this needs to be exposed regardless of the software or who makes it. The consumer should be aware (as much as possible) of potential issues, especially ones relating to security. So it's great that this is all out in the open - and you should say a small thank you too - because now is the best chance you have of it being fixed before they call it RTM. |
| #17 By 432 (64.56.251.131) at 2/4/2009 5:36:51 PM |
|
My comment does not directly relate to the Win7 UAC bug, but rather Microsofts overall handling of bug reporting. I have many open bugs on MS Connect where the MS employee or Team responsible either has never responded or simply stop responding for no apparent reason. Leaving you wondering if they got hired by google or Apple or they just quit caring about your issue. A major one on my list is that MS Visual Studio 2008 from beta forward to SP1 has a bug in which if you have third party controls (which include MS official AJAX controls) added to the tool box and are using an MS Wireless Keyboard or Mouse, then your third party controls do not load and become unavailable in the Tool box. (yes you read that right...if you have MS hardware, running MS visual studio, you can't use MS software controls...or disconnect your MS hardware, and all is well)
I have been reporting this since BETA... because that would be a time to fix such bugs.. but guess what, even after RTM and SP1 it is still not fixed. An just so everyone knows this is a legit issue I will add a source or two: 1 - http://social.msdn.microsoft.com/forums/en-US/vssetup/thread/ae3c3178-3837-4a78-9eba-331b46e61289/#page:1 2 -https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=360777 So, I guess what I am saying is that I agree with Chris and Long, sometimes going public is the only way to get noticed, even after following the official channels. Thus maybe my comment here will generate some google buzz and they will have another look at the VS 2008 bug..maybe fix it in SP2 or maybe if we are lucky in VS 2010. |
| #18 By 82766 (211.26.160.18) at 2/4/2009 7:48:01 PM |
|
Lloyd, I think you're missing the point that Microsoft have known about this issue since last October.
Long and Rafael have had conference calls with numerous Microsoft staff. These staff have all basically said the same thing... we are not going to fix this. Long has kept the UAC information "under wraps" for a long time... he (and others) have now given up all hope trying to get Microsoft to fix this issue, and so now they're trying to use the power of media to influence Microsoft. BTW, this IS an issue. You speak of "use a standard user" etc... now if only Microsoft would FORCE everyone to do this, that'd be great. |
| #19 By 37 (192.251.125.85) at 2/5/2009 7:43:46 AM |
| We wouldn't need UAC if they built Windows SECURE. |
| #20 By 16797 (65.95.24.183) at 2/5/2009 7:50:59 AM |
|
#19 Don't other operating systems have something like UAC too?
Troll, GO AWAY :) |
| #21 By 15406 (216.191.227.68) at 2/5/2009 9:06:59 AM |
| Sweet. Ketchum can't shovel fast enough to keep the walls of BS standing. But, in the end, he's right. All you need to do is run Vista x64 with DEP, ASLR and every other acronym you can find. Run MS OneCare and Windows Defender. Make sure you only use the Guest user account. Make a monthly appointment with your nearest MS Partner for a system diagnostic. Lastly, disconnect the keyboard, mouse, monitor, network and power cables. If you follow the preceding steps, your Windows installation will be as secure as advertised. |
| #22 By 37 (192.251.125.85) at 2/10/2009 8:42:37 AM |
|
#20, we are not talking about other operating systems. Keep up here.
Cheers. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 220 Last | Next |
The time now is
9:48:29 AM
ET.
Any comment problems? E-mail us |
