Slashdot Mirror
"Very Severe Hole" In Vista UAC Design
Cuts and bruises writes "Hacker Joanna Rutkowska has flagged a "very severe hole" in the design of Windows Vista's User Account Controls (UAC) feature. The issue is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges — and gives the user no option to let them run without elevated privileges. This means that a freeware Tetris installer would be allowed to load kernel drivers. Microsoft's Mark Russinovich acknowledges the risk factor but says it was a 'design choice' to balance security with ease of use."
So let me get this straight... deleting a shortcut brings up a pile of popups, but installing something doesn't?! Who's trading security for annoyance here?
... particularly because Vista was supposed to address some of the problems Microsoft had when trying to balance security and ease of use in XP. We now live in a very dangerous time as far as digital stuff is concerned, and I think continuing to hide as much security from people as possible (while paying lip service to it in other ways like UAC) is foolish. End users are going to have to learn to be careful, and learn a little bit about security. Cars didn't used to have locks, either. Times change, and people have to adapt to it to some extent.
That said, I personally very much liked the Vista user experience (I'm back to XP for now, but I had the beta and RC1). But after the first couple of days, I turned off UAC (and besides, I like to manage my security myself). It did nothing but ask me if I wanted to do what I was doing. Like another early poster here, I almost immediately reverted to clicking any damn OK button I saw. And God knows, I turned the sound off almost immediately. Moreover, I turned it off because it seemed like a talented Bad Guy would simply bury his Evil Code in something that seemed benign, and Joe User would just click through it. But all of that has been covered at great length in these hallowed halls already.
My point is still this: the bad guys are out there now. That's just reality. Telling people not to worry and to go back to sleep doesn't serve anyone anymore. I don't think power user knowledge is necessary for the average person, but frank awareness of basic online safety puts it in the hands of the individual user to some extent, and eases some of the strain for the OS designers/engineers. Because while MS has made some dumb and dangerous mistakes in the past, I still think of it this way: when you're designing any piece of software, you can't completely anticipate the security issues that will come up a year down the road, and you can't reduce how hard a user will work to circumvent your attempts to protect them, no matter how inobtrusive they may be.
I'm not defending MS for its past mistakes, oversights, poor execution, and so on, but I do think people need to pony up a little more energy to protect themselves. I'm no security expert, but it just seems like responsible living to me.
It is pitch black. You are likely to be eaten by a grue.
I had probably the most frustrating ten minutes i have ever spent on a computer before.
.... .... ..... .... ... .... ... .... .... .... ...
Start, typed in regedit enter.
Vista:Are you sure you want to run this program?
Me: Yes. I went OUT of my way, hit start, run and typed in the pogram name I wanted. Thanks for checking though. (click)
Edit the registry, close it. That was easy.
double clicked on setup. Stupid shield on my icon, what does that mean?
Vista: are you sure you want to run this? it's a program, you know.
Me: Oh that must be what the shield is for. Vista feels like it should protect me from software!
Vista: This is from AMD. Do you trust AMD?
Me: yes, they pay me. I trust them. (click)
Install......that was easy.
Oops, there's a problem. Well, let's grab the correct file from the build server and copy it over
Open my computer, go to program files
Vista: Are you sure you want to go there?
Me:Yes (click)
open up the application folder
drag a file from a network share to the application folder....
Vista: Are you sure you want to overwrite this file?
Me: Yes (click)
Vista:A program wants to write to the Program Files folder. Is this ok?
Me: Yes (click)
Vista:You are trying to copy from a network share to the program files folder. This isn't allowed. Hit ok.
Me: (Pounds head) (click)
Drag to Desktop.
Drag from desktop to application folder.
Vista:
Are you sure you want to overwrite this file?
me: for the love of god yes
Vista:A program wants to write to the Program Files folder. Is this ok?
Me: Die.Die.Die.Die.
The truth is out. Microsoft didn't kill clippy in MS Office, they just moved him upstairs to an entire operating system designed to ask unwieldy and confusing questions.
This link allegedly tells you how to turn the questions off , but unfortunately I can understand the words, even most of the sentences, but the whole thing is just dreadful, "As a result, IT departments often cannot gauge the holistic health and security of their environments." Can anyone help?
Reduce, reuse, cycle
I know, I know, it is still not as good as *nix security, and there are lots of programs that need admin privileges to run properly (fewer these days, though), but it isn't that bad.
Take care
-mat
weirdest thing I ever saw: scientology advertising on slashdot.
Most of those prompts were redundant, either because they enforce things guaranteed by the underlying file permissions, or because the authorization could've been cached.
Vista:Are you sure you want to run this program?
Of course! It's got +X set!
Vista: are you sure you want to run this? it's a program, you know.
Ditto.
Vista: This is from AMD. Do you trust AMD?
Redundant. If I didn't trust them, I wouldn't have set +X.
Vista: Are you sure you want to go there?
Since Program Files shouldn't be world writable, this should prompt you for the administrator password. This authoriation should then be cached for Explorer.exe.
Vista: Are you sure you want to overwrite this file?
I'll let this slide, because even 'cp' prompts for that.
Vista:A program wants to write to the Program Files folder. Is this ok?
Should've grabbed cached authorization for Explorer.exe. Unless Explorer.exe was compromised in the 30 seconds between this action and the previous one, no security is lost here.
Vista:You are trying to copy from a network share to the program files folder. This isn't allowed. Hit ok.
That's just idiotic.
Are you sure you want to overwrite this file?
Again, I'd let it slide depending on preference.
Vista:A program wants to write to the Program Files folder. Is this ok?
Cached authorization again.
It's really not that hard. UNIX/sudo got this right god knows how long ago. Apple did the right thing and just copied the sudo mechanism wholesale. Microsoft should to.
A deep unwavering belief is a sure sign you're missing something...
You were lucky. Try logging into Vista using a domain account. Then try copying a file from a restricted share to which the local machine users are not automatically authenticated but to which the logged in domain user is. Try to copy the file to a restricted destination like C:\. You go to do the copy, get all of the prompts you listed and then guess what: when you authenticated to the remote share by logging into the machine you authenticated as the domain user, but the local administrator under whose context the elevated copy is being performed never authenticated to the remote share and you get prompted yet again for credentials.
This is an annoyance for an end user but a major pain in the neck for software. I develop software that does not run elevated that accesses a remote file and the passes the file path into an out-of-process server that is running elevated. We either had to make the server no longer run elevated or prompt the user for credentials they already used to log into the machine (and which they don't think they need because they can get to the files just fine themselves) and then pass these credentials to the server with the path. Fortunately our architecture allowed us to have our server to not run elevated and get some other server to do the tasks that needed to be done elevated.
Vista is really a pain in the neck. What's funny about it is that I was at a Vista iterop event at Microsoft last November (yes I sometimes have to fraternize with the enemy) and every MS developer I worked with had to tell me how much they loved working on Vista and that they had been using Vista on their development machines for months. I asked them if they had disabled UAC and they said "no, why would you want to do that?" I then asked them if it wasn't annoying to be prompted all the time and they said "no." I can only assume that they must have been brainwashed.
Sounds like Clippy has been re-incarnated.
The sad thing is that I've seen Clippy like once or twice years ago, and that is what I thought this dialog reminded me of, but worse because from what I remember Clippy would start yelling at you when you did anything, and you could just tell him to go away, but now its worse because the operating system blocks and asks you to click a bozo box every time you do anything?
* smashes head on desk *
Let me be clear, I don't use MS software because it is not designed for a computer professional like myself. To be honest, I don't know who its designed for, or if its even designed at all.
The first time I heard Windows was having this UAC thing, I knew that it would suck as only Microsoft could make it suck. I knew it would annoy the hell out of the user so bad that it would do one of two things. 1) annoy them to the point that they just turn it off (I understand this is allowed in Vista) 2) annoy the user and they don't turn it off, they just bend over and take it, and the 1 out of a million clicks when your supposed to say No, you click Yes because that is what you ALWAYS HAVE TO DO TO GET ANYTHING DONE.
* smashes head on desk again *
Microsoft can't even rip off existing security models that work like the elevated priveledges in OS X. Microsoft embarasses me as a computer professional, and I don't even use their stuff, because people associate MS with computers.
Thanks for the grandparent post for sharing their experience, and thank you Apple, Linux, and Sun for making computers usable.
Oh, and I almost forgot.
Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges -- and gives the user no option to let them run without elevated privileges.
Isn't this the case where 99.9% of the time YOU WANT TO BE ASKED? Didn't Microsoft invent the term "driveby install"?
* smashes head on desk again *
Microsoft embarasses me as a computer professional
Wow, I had never heard anyone said it so succinctly, but that's it, baby. I always felt an unrecognized sense of shame for the state of computers today, and I never quite realized why. This is it. Things should be *soooo* much further along today, if it weren't for the predatory monopolistic effects of MS. Throughout so much of the short PC history, there were rays of sunshine (Quarterdeck's multitasking DOS thing, many IP stacks, etc., etc), that were quashed by their monopoly. To see this happen, and realize their mediocracy, and not have done anything about it, definitely brings a sense of shame.
Love many, trust a few, do harm to none.