Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Very Severe Hole" In Vista UAC Design

Posted by kdawson on from the she-said-he-said dept.

Cuts and bruises writes "Hacker Joanna Rutkowska has flagged a "very severe hole" in the design of Windows Vista's User Account Controls (UAC) feature. The issue is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges — and gives the user no option to let them run without elevated privileges. This means that a freeware Tetris installer would be allowed to load kernel drivers. Microsoft's Mark Russinovich acknowledges the risk factor but says it was a 'design choice' to balance security with ease of use."

7 of 813 comments (clear)

  1. So no extra security after all? by thsths · · Score: 0, Troll

    This is kind of a funny statement from the Microsoft guy. After all, one of the main draws of Windows Vista is supposed to be "more security".

    And now this guy says that there is not actually a "security boundary". So he agrees that there are "implementation issues" in the security features, but he declares them to be ok, and not bugs.

    So what is the point of security when it is not actually working? From what I can understand, MIC is fundamentally flawed, because it does not block read access. And UIPI has holes, so it is not actually effected. Oh, and UAC can be tricked by calling your exploit install.exe.

  2. Sophisticated attack? Inconceivable! by Volante3192 · · Score: 0, Troll

    One thing that stood out in Russinovich's explanation is an admission of sorts that the default configuration of UAC puts the user at risk of a sophisticated code execution attack.

    Sophisticated? SOPHISTICATED? Isn't this the guy that sniffed out the Sony Rootkit? I don't think that word means what you think it means, Mr Sysinternals.

    You're giving admin privileges to an installer. It can do whatever it bloody well wants and you can't stop it. Hardly sophisticated code needed there. All you need is a user to hit 'Allow' after they try running 'IAmNotAVirus-2.0.1.exe.'

    Course, UAC's getting disabled by default anyway, so I don't see what the problem is... Anyone who actually wants to get stuff done will turn it off cause Limited users are still basically worthless outside of maybe surfing the net...

  3. Re:Apple got it right by ThinkFr33ly · · Score: 1, Troll

    Funny, that's exactly the way that Windows Vista works.

    The problem is that most Windows *applications* want to do things that require admin privs because they're poorly written.

    There is nothing inherent to the Windows architecture that requires an application installer to have admin privs. It's just that most applications were written that way.

    UAC is an effort to preserve compatibility while making the default user experience safer, and that's exactly what it does.

  4. Re:It's not the software. by Traiklin · · Score: 0, Troll

    Just remember the way you feel when your computer is suddenly over-run with spyware/adware/virus' cause Microsoft was actually thinking about your saftey.

    People bitch when it's so easy to get this stuff on a windows machine, Microsoft finally does something about it and people decide to bitch about that.

    I have yet to experience these supposed headaches with Vista yet, the only time that shield pops up is when I run a program that is potentially harmful to my computer, I can copy text just fine, move files just fine but when I goto run something in admin mode it will pop up a window to let me know that a program want's to have admin privileges, what's so wrong with that? I've heard people bitching about that for years, saying you should never run in admin mode, yet microsoft finally decides to do that and people bitch cause they are now asked if they trust a program from somewheres.

    How many story's were posted about programs looking like they came from an official place only to release a trojan? sure you get a program from download.com and figure it's safe but after installing a program it suddenly fucks up your PC, with Vista it will actually ask if you trust it let you know where it came from the works.

    Yet if Mac or Linux did the exact same thing people wouldn't be bitching about it, they would be saying Microsoft should of done this (or they stole it).

  5. Re:It's not the software. by ThinkFr33ly · · Score: 0, Troll

    Fuck you buddy. I'm just trying to dispel all the FUD.

    Are you so arrogant that you think people must be getting paid if they disagree with you?

  6. Re:Apple got it right by Overly+Critical+Guy · · Score: 0, Troll

    Windows doesn't have the modern concept of application bundles. It's still living in the 1990s where program folders and their internal files are still exposed, and it uses "installers" and "uninstallers" for everything. The installers access a system-level installer service, which is the whole point of this article.

    Hell, Microsoft still hasn't introduced 32-bit/64-bit universal binary technology...not that it matters since 64-bit Windows can barely run anything, unlike 64-bit OS X Leopard which is fully backwards compatible including 32-bit drivers. Everything about Windows development feels ancient and backwards to me.

    --
    "Sufferin' succotash."
  7. Re:What? by trifish · · Score: 0, Troll

    > but installing something doesn't?!

    Installing something actually does bring the UAC pop up. I'm not sure why your post is modded +5 Interesting.