Missing the true impact of Vista UAC

Missing the true impact of Vista UAC

Summary: The fact that Windows Vista has UAC turned on by default will force all the major ISVs (Independent Software Vendors) to design their software correctly and not demand administrative privileges. This default setting alone regardless of how many people ultimately turn off UAC is worth the price of admission. The entire Windows community benefits when ISVs start coding responsibly which makes it possible to run Windows Vista in standard user mode whereas it was highly impractical to do so with Windows XP and before. Once we examine the big picture of Window Vista UAC, it is hardly the failure that some would seem to suggest.

SHARE:
TOPICS: Windows
34

There were plenty of stories last week about Microsoft's plea to not turn off Vista's UAC security feature and plenty of criticism that UAC is dead before Vista even arrives.  Not only is this foolish because UAC is still being refined, but it's missing the bigger picture of how the new security feature protects and benefits all Windows users.

Vista's UAC has already had some improvements under the Beta2 build of Vista.  For example, the task manager will now run under a standard user context with administrative capabilities disabled whereas earlier builds of Vista would have demanded administrative escalation before the task manager even launches.  Future builds of Vista will streamline UAC even more and Microsoft's ultimate goal is to never have any UAC prompts for all normal system operations.

Some are also complaining that Vista's new secure desktop prompting feature is too annoying and that other operating systems like Mac OS X don't do this.  Secure desktop prompting will dim out the entire desktop and prevent any interaction with the desktop until the prompt is accepted or denied but this truly is a useful security feature that is leading the way.  There are privilege exploits that will actually attempt to fool the user in to clicking "RUN" by masking out the entire dialog box.  Having a secure desktop prompting mechanism minimizes the possible confusion by locking out the desktop and letting the user know when they're really being prompted for privilege escalation.

While fixing software to behave properly in the first place is ideal, it isn't always feasible.  Microsoft's solution for this is application "shims" that essentially lie to legacy applications to make them believe that they're running with administrative privileges.  There are even applications that don't actually need any administrative access but they will go and check to see if they have it and will fail if the answer is no.  Other applications try to write to protected regions of the system registry and file system which requires administrative access.  A shim will essentially lie to the applications that "yes you are an administrator" and seamlessly reroute any system level registry and file changes to temporary locations.  Microsoft will have thousands of these application specific shims but they may ultimately have to create some sort of automatic shimming mechanism for all the legacy applications.  The great thing about shimming is that it is not a compromise on security because the application is running in a standard user context and only thinks it's running as an administrator.

The most significant part that's lost in the discussion about Vista UAC is that it isn't just about making standard user operation workable.  Internet Explorer 7 running under Windows Vista will operate in a special protected mode that forces IE7 to run in a jail cell.  If IE7 is compromised by a documented or undocumented future exploit, it will not have administrative privileges nor will it have access to your user files.  There have been documented exploits on Mac OS X where a proof-of-concept exploit in Safari's browser will enumerate (lists) user files though it could have easily wiped them out or encrypted them for ransom.  I asked Microsoft if this new protected mode is available to ISVs and they responded that it was available to anyone.  This means that Mozilla Firefox which has had a significant history of exploits could be programmed to run in protected mode in Windows Vista.  If third party web browsers don't employ this new security feature, they will be at a significant disadvantage to Vista's native web browser.

Some people are saying that Vista UAC is annoying so they have turned it off and will never turn it on again.  The truth of the matter is that if they do turn it off then it will only endanger their own computers.  The fact that Windows Vista has UAC turned on by default will force all the major ISVs (Independent Software Vendors) to design their software correctly and not demand administrative privileges.  This default setting alone regardless of how many people ultimately turn off UAC is worth the price of admission.  The entire Windows community benefits when ISVs start coding responsibly which makes it possible to run Windows Vista in standard user mode whereas it was highly impractical to do so with Windows XP and before.  Once we examine the big picture of Window Vista UAC, it is hardly the failure that some would seem to suggest.

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

34 comments
Log in or register to join the discussion
  • Couldn't handle it George?

    "This means that Mozilla Firefox which has had a significant history of exploits could be programmed to run in protected mode in Windows Vista."

    Significant...

    So what's IE? A plethora of exploits?
    ju1ce
    • Good reminder!

      IE security history is "not" good. Right, there is no logic in matching up IE and Firefox. Opera has much less exploits. It's like parking two cars together unlocked with the keys left in. Take your pick?
      xstep
      • Don't be thinking Opera is Perfect

        Opera has had is share of exploits and some exploits that work on explorer also work on Opera. I know because I have been attacked through opera. It is according to secunia the best at the moment tomarrow that could change as operas popularity is very low it is not a favorite browser to attack. The reason it is not a popular browser is well it SUCK's riddled with problems from the get go and it will probably never get popular. Firefox got popular really quick because it is the best of the best. Taking the browser market at 35% Now and the Release of Bon Echo Firefox2 you will see even a greater swing to it as the problems with memory crashing reach an end and what I like is last time I restarted my computer because google earth is locking up my computer all the Bon Echos openend right back up part of their crash recovery they have been working on. Great stuff comming so you might as well give me the Keys I will take the Ferrari Firefox.
        IceTheNet9
    • At last count, IE6 has been bad but not as bad as Firefox

      At last count, IE6 has been bad but not as bad as Firefox.
      georgeou
      • George go to secunia

        Really! Dude you need to do your home work before talking smack on this board. We are a higher educated bread. ok secuina shows:

        http://secunia.com/product/11/
        Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated [b]Highly critical[/b]

        This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

        Currently, [b]21[/b] out of 105 Secunia advisories, are marked as "Unpatched" in the Secunia database.

        http://secunia.com/product/4227/
        Mozilla Firefox 1.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated [b]Less critical[/b]

        This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

        Currently, [b]4[/b] out of 33 Secunia advisories, are marked as "Unpatched" in the Secunia database.

        IE6 has always been worse than Firefox from the begining. Worse on fixing problems it has and worse on severity of problems. The only that you can say is Firefox is not perfect. It is however leaps and bounds above IE on security and conformation to standards. There are some problems that are being addressed like the memory leak problem and phishing but IE has those same problems I guess you learn to ignore them after time. I am using the Bon Echo Alpha3 version and let me tell you "HOT HOT HOT" I have no memory leak problems it spell checks for me unlike this lowsy brower I am using now IE: because hotmail opens it by default and I hate it, lousy browser does nothing for me. Bon Echo is the one with the new Anti-Phising filter and a host of new features better tabs better extention handeling. Truly destin to be the IE Killer
        IceTheNet9
        • Number of advisories != number of vulnerabilities

          When you go to Secunia, they list and chart things by ADVISORIES. The problem is that Mozilla and Apple like to lump dozens of vulnerabilities together. Apple even managed to lump more than 30 vulnerabilities in to a single advisory once and it gets counted in Secunia's graph as one.

          When you look at my chart which I linked to, it actually does use Secunia data except I'm counting individual vulnerabilities, and not these mega-advisories. So I?m not talking ?smack? at all, I?m telling it like it is.
          georgeou
        • The other issue about security...

          Which ones have the most unpatched vs patched? IE is still the leader in this avenue at the moment. Want to use an insecure browser on the web, use IE. Plain and simple.

          Which ones have exploited vs unexploited? IE Wins hands down (for exploited).
          ju1ce
  • UAC

    I think more than anything, UAC is pushing "users" to be more secure. To look at it as a problem is not being responsible. What's more, it's about trust. MS needs it's users more then ever to trust the products.

    I for one won't and don't trust IE or firefox. I have used Opera for years, I got used to it and it's secure. But like most windows users (which I am not) They use IE and are used to using it.

    Even as a Linux user, I look forward to what kind of "impact" vista will make.
    xstep
  • UAC Similarities to sudo (su su sudio)

    UAC is akin to the 'sudo' feature in *ix systems, which is implemented very well in Novell SuSE--you just get used to it--it's there for a VERY good reason.

    Security folks. Security.

    Also, here's another one of my shameless plugs,

    Firefox can be put in a sandbox in Novell's FOSS AppArmor so as to keep the nasties of the internet from propogating into your O/S. Any Linux distro user can avail his/herself to this service.

    It just so happens, AppArmor runs as a kernel service in Novell's SUSE Linux 10.1 against many of the system binaries that are subject to exploits, and you can add as many apps (you train them) as you want and AppArmor will keep a vigilant watch out for your safety 24x7!

    Ok, George that was my plug, thanks for the article on Vista UAC.

    Keep 'em coming!
    D T Schmitz
    • Nice! and good point!

      AppArmor Is great! I think MS is learning a great deal from Open source *nix's
      xstep
      • Mmm ....

        I think sandboxing has been around a lot longer than AppArmor. MS could've learned this years ago from Sun, if they'd been paying attention.
        fredsmith6
        • Agree!

          And the point is MS has no other choice but to model it's software security with the same secure likeness as *nix's. Is there any other way? Well for years they have tried and failed.

          User friendly is limited. I get in my car and put on a seatbelt before I drive.
          xstep
          • Yup

            >> Well for years they have tried and failed. <<

            Yup. It will be interesting to see if they've got it right this time. The UAC is definitely a step in the right direction, and I hope the desktop dimming thing stays in.

            Very much looking forward to it ... :-)
            fredsmith6
        • Is that a reference to 'containers'?

          Thanks Fred :)
          D T Schmitz
      • Microsoft is like an ostrich

        They keep there head in the sand untill some one kicks them in the but really this true. They program offencively! If someone has something better then respond. I am glad linux is around and sad microsoft is. Go to the source get linux it is time tested and true.
        IceTheNet9
    • UAC is similar to Sudo, but the implementation takes it a bit further

      UAC is similar to Sudo, but the implementation takes it a bit further. The automatic jailing of IE7 in protected mode for example is one place it goes further.
      georgeou
      • Great! now,..

        Would you like to expand on this? What can the user expect from the Jailed IE7? Here is where user friendly takes a turn to novice friendly right?

        On topic, (I admit I wonder off hehe..) your talking about the impact of UAC. What can users expect with it on? What will users have to deal with? A dialog pops up and says go get Mommy?

        My point is: If users are bothered or confused and have the option to turn it off.. Guess what? Users, Not me not you. Who may or may not understand.

        I am used to su. It's not a problem for me I expect to be asked for a password before I inst
        xstep
    • ...while on Suse

      While checking out some video demos of Suse 10 on Novell's website I notice that this desktop distribution already appears to have the "wow" features of Vista's desktop that Windows users are still waiting for. I'm thinking here of transparent windows, thumbnail windows, alternative desktops and desktop search.

      The UAC concept sounds unworkable to me. It assumes that users will know how to react to the prompts, which generally they don't.
      ian.edwards9
      • And they would do better on Linux?

        "The UAC concept sounds unworkable to me. It assumes that users will know how to react to the prompts, which generally they don't."

        UAC prompts will be minimized. If they don't know what to do when prompted, it's probably a good idea to say no. But do you honestly think these people would do any better on Mac, UNIX, or Linux prompting them for admin credentials?
        georgeou
        • Yes they would in the long run.

          Look, If Vista (and XP) demand more from the user as far as understanding security (A good thing). Then why not use Linux? It is better and Linux has had sudo pretty much right from the start.

          The more people use Linux, the more it will be supported. Why not? It's free and one can choose the Distro that fits. No pop ups, No viruses/worms, great security.
          xstep