Slashdot Mirror
Microsoft Pitches LUA Security Repository
corp-dollar writes "According to this eWEEK story on the poor adoption of LUA (least-privileged user account) in Windows, a pair of Microsoft security consultants are pitching the idea of a security deployment repository to serve information and tools to handle LUA bugs and other problems businesses are facing. Sounds like a decent enough idea to cut back on the compatibility problems when trying to run business apps in no-admin mode."
I'd like to sign Adobe up to that right away.
Those who do not understand unix are condemned to reinvent it, poorly.
I dont' think I've ever seen a more apt example of this aphorism.
"Those who do not understand unix are condemned to reinvent it, poorly."
So when's Unix going to invent "capabilities", and why did it take the NSA to "invent" SELinux?
Oh right, Unix security is perfect. That's why we keep hearing that damn saying every time we have a Windows story.
Is ridiculous how one app can screw your whole managed environment.
Some applications wont run if the user is not local admin and you know how much users can be trusted.
The best test environment is production. - Me
chrome://browser/content/browser.xul
The first bit of that plan went down very well - they love having their own user accounts. However almost none of their games/software run as anything except Administrator, even games which say on the box "designed for windows XP".
I end up having to make a custom runas command for each one with /savecred - the windows equivalent to chmod u+s. This is a PITA to setup, insecure and doesn't work for all their software. There is some we've just had to abandon since it just won't work like that.
So please, software developers, check your software works without admin priviledges!
Every man for himself, all in favour say "I"
Because as the world's biggest software company they should have done something like this a very long time ago instead of bullying everyone else in the PC industry, breaking the law and pointlessly fighting a court case instead of settling and behaving at least a bit co-operatively with the people that are stuck with their shoddy software.
Does a Christian soccer team even need a goalkeeper?
Lots of things a software should be able to do can't happen in LUA mode. So we have few solutions, like popping up admin password boxes (which can be exploited on its own with fake pop-up boxes prompting us to enter our admin login/pass), or having broker processes with higher privileges do the job. But it's important to understand that low-privilege IE and LUA for users is not removing the attack surface, just recucing it significantly and presenting few new ways to exploit the situation... Also it'll be significantly more annoying to deal with it when performing regular operations, like install/update software.
The two chief problems with LUA in Windows are:
- The Windows programming culture assumes a single user, single tasking computer.
- Users on Windows are administrator by default
The first is the developers fault, the second is Microsoft's. At least Microsoft are trying to fix their end. But even 4 years after Windows XP was released, software is being released by developers who should know better that still require either admin rights or much tinkering to get to run as non-admin. The most recent one I encountered was an application for BACS payments a couple of weeks ago - their tech support's answer was "run as admin". I managed to get it to work for non admins (since this was on a Windows domain) only by caclsing (aka chmodding) the application's directory writeable by all!
It's obvious that the developer had simply not tested the program as non admin.
Oolite: Elite-like game. For Mac, Linux and Windows
Also, what is the point of the pre-generated Administrator account for which you can place a password, or not, during OS installation? ...By default the user account you create already has admin privileges.
It leads me to believe that the system was either (1) not well thought out, or (2) not finished. I don't fault them for trying to improve the situation, though.First all this malware spreading around was because we didn't have firewalls. Now it's because we're all running with admin rights. Never mind that it's the OS default, it's obviously our fault that all these bugs keep surfacing.
Of course, the next whipping boy is that faceless developer out there who wakes up one morning and decides to violate basic programming principles like Least Privelege. But it's not the developer's fault.
The problem for the developer is that Windows makes it difficult to do anything but run as admin. The environment assumes single-user, multiple apps, but not multiple users. It was designed with one user in mind, and the multi-user stuff layered on later.
But the real problem with complaining that we're violating Least Privilege is that it's a Redmond Herring (TM). It's ignoring the big problem, which is that since Windows source code is closed, no one without a vested interest in keeping bugs hidden can look at it.
You want a security principle violation? Hiding your code is the biggest one there is.
Raise your children as if you were teaching them to raise your grandchildren, because you are.
the whole thing is MS's fault. not the users. The app developers have secondary responsibility but MS caused the problem in the first place. Their developer resources promote doing all kinds of bogus things in their apps. For years MSDN has gone out of its way to promote all the OS level hooks that are available to developers, many of which only work as admin.
here's an example from a couple of months ago:How to capture the print screen key and totally change how your user's GUI works. Just what I want, the ability for some random application to subvert basic elements of the system interface.