Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says Other OSes Should Imitate UAC

Posted by kdawson on from the bring-'em-down-to-our-level dept.

COA writes "Many Vista adopters find User Account Control irritating, but Microsoft thinks it's an approach other OSes should emulate. Microsoft Australia's Chief Security Adviser Peter Watson calls UAC a great idea and 'strategically a direction that all operating systems and all technologies should be heading down.' He also believes Microsoft is charting new territory with UAC. 'The most controversial aspect of Watson's comments all center around the idea that Microsoft is a leader with UAC, and that other OSes should follow suit. UAC is a cousin of myriad "superuser" process elevation strategies, of which Mac OS X and all flavors of Linux already enjoy. The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

15 of 493 comments (clear)

  1. Re:Or not? by frankie · · Score: 4, Interesting

    How about UAC starts imitating better designed privilege escalation mechanisms from Linux or OS X?

    I'm a card-carrying Mac cultist, but I really can't agree that the root password prompt in OS X is well designed. It could easily be severalfold better if they tried. For starters, it's all or nothing, with insufficient information. The little detail dropdown arrow should open up to an elegantly indented list of what privileged actions the app intends to do. Copy a plugin into /Library/foo? Install a kernel extension? Delete all user documents?

    Also, if memory serves, there are still situations where an installer app is allowed to simply take root access for itself without asking. Only Lord Steve knows why no one has abused that yet. And MAC on Mac awaits its Leopardly debut...

  2. Re:Obligatory by truthsearch · · Score: 5, Interesting

    It's no joke. They really do believe they invented the idea:

    Patent #6,775,781

    --
    Developers: We can use your help.
  3. Summary is Wrong! Wrong! Wrong! by mpapet · · Score: 2, Interesting

    The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"

    No it's not! Not at all. First of all, let's define what sudo should do: Act as a barrier that data and application execution must pass. UAC does not fit the definition.

    "Vista features such as UAC or Protected Mode Internet Explorer that are dependent on limited user privileges -- which Microsoft calls Integrity Levels (IL) -- are designed to allow some IL breaches.

    Because the boundaries defined by UAC and Protected Mode IE are designed to be porous, they can't really be considered security barriers, he said. "Neither UAC elevations nor Protected Mode IE define new Windows security boundaries,"

    Thank you Mark Russinovich for stating what's been clear for quite some time. http://www.networkworld.com/news/2007/021407-micro soft-uac-not-a-security.html

    I wish, for once, everyone and their grandmother would stop assuming Microsoft's security proclamations are reliable information.

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
  4. Re:Hello Microsoft by toadlife · · Score: 5, Interesting

    I manage several labs and have had to deal with this type of crap software for ages. There are better solutions than giving students admin rights and using expensive band-aides like deepfreeze.

    Repackage those programs into msi installers using wininstall (or admin studio if your boss will spring for it). Set permissions on files/directories with a machine startup script using cacls and set registry permissions via group policy or the command line. You can find out where the programs are trying to write with process monitor by sysinternals.

    Students in my labs log on as guests and all of the crap software they have to run works just fine. It takes a lot of work up front, but once you get a piece of software repackaged and proper permissions script worked out, you can deploy it using GPOs and never have to think about it again. Most of my labs, I have not visited in over a year.

    --
    I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
  5. We should go beyond sudo by TheLink · · Score: 4, Interesting

    A modern OS should be having something that's much better than sudo.

    Modern desktop class OSes should have sandbox _templates_, with apps being allowed to "suggest" a template.

    Then if an app claims to be a "plain old screen saver", it only gets "plain old screen saver" rights - which means no network access, no access to the user's files etc.

    If it claimed to be a "standard network game" then it gets different sort of access - file system access to its own "app specific data folder" in the user's home directory, access to full-screen graphics, sound _playback_ (not recording[1]), limited network access (as per requested).

    If some flash applet "game" somehow requires "full administrative system privileges", go figure...

    [1] Only a few apps should be allowed to record sound - stuff like skype, voice chat app for games. Your word processor should not be recording sound. The O/S should handle the voice control stuff if you like that sort of crap. And by default you may not wish to allow an app to record sound while backgrounded or just sitting in the "systray".

    --
    1. Re:We should go beyond sudo by fritsd · · Score: 3, Interesting

      A great idea!
      Let's call it "Role-Based Access Control". I believe that's what SElinux does (and several other systems too).
      According to the wikipedia, also Microsoft Active Directory, so why didn't they use their own existing implementation to put it in MS Vista's UAC?
      Now that I'm posting anyway, can a kind soul explain why spamassassin (scontext=system_u:system_r:spamd_t) gives so many audit errors? Should I add something in its macros?

      --
      To be, or not to be: isn't that quite logical, Slashdot Beta?
    2. Re:We should go beyond sudo by lolocaust · · Score: 2, Interesting

      Excellent idea! You could propose this idea in the ubuntu forums, where they are taking ideas for the next release (http://ubuntuforums.org/forumdisplay.php?f=253). If you don't do it, I will create a thread there myself. Also, I've always thought that a photo management tool should only access the user's photo folder, music player can only access music folder, etc, or something similar that would provide security, and still some flexibility.

      --
      Why does my post history abruptly stop? I want to laugh at the stupid things I posted as a kid.
  6. Re:Obligatory by IWannaBeAnAC · · Score: 4, Interesting

    Right, but that is not why Microsoft have the patent. There is no way they would bother trying to enforce it, they wanted it because it gives them one more patent to say "Linux infringes on N+1 Microsoft patents. It isn't legally safe to use Linux."... And then demonstrate how benevolent they are by choosing not to sue you.

    Aside: what makes you think 'sudo' dates from 1989? Isn't it more like 30 years' prior art?

  7. Re:Obligatory by Hijacked+Public · · Score: 4, Interesting

    I certainly hope so. If this is the direction security needs to go it will have to stop being so annoying.

    I have a collegue (photographer) who bought a new machine with Vista. Had it about a month and called me because he couldn't get Photoshop CS3 to install. We figured out that the problem was that CS3 wants Firefox.exe to close before it will install, which is annoying in the first place because I can't imagine a really good reason a photo editor needs to make modifications to your web browser.

    Anyway, despite shutting down FF and even rebooting CS3 always told him it was running. Turns out he had some variant of a Poison Ivy trojan than resulted in a persistant Firefox.exe process. While he may well have clicked past a UAC prompt in the process of letting this trojan get in Vista still didn't stop it, his AV software didn't detect it, and neither did Windows Defender. While it took a CS3 install to alert him to a problem the very fact that most bits of Windows software all want to modify your registry, play with your browser settings, etc., is why he let it infect him in the first place.

    If you can't stop that stuff with 3 layers of software and who knows how many user prompts then something has to change. It isn't going to be the user.

    --
    "Sacrifice for the good of The State" - The State
  8. Tinyfirewall worked better than UAC by zakezuke · · Score: 2, Interesting

    I've not used vista that much, but I have had the misfortune to try to install hardware under vista. I have to say that "Tinyfirewall" does a better job alterting you that program a is accessing program b. It doesn't make the distinction between something that requires administrator privilages, nor was it decent for average users that don't know what "cryptic-filename" is or does, or if it should access the net, but it was a good stop gap piece of software which took into account the fact that windows wasn't geared for security served as a useful watchdog, esp for windows it self and software which phones home and auto updates.

    --
    There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
  9. A Brief History of Sudo by Kadin2048 · · Score: 3, Interesting
    As referenced in the manpage; available online here

    A Brief history of sudo(8):

    Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer around 1980 at the Department of Computer Science at SUNY/Buffalo. It ran on a VAX-11/750 running 4.1BSD. An updated version, credited to Phil Betchel, Cliff Spencer, Gretchen Phillips, John LoVerso and Don Gworek, was posted to the net.sources newsgroup in December of 1985.

    In the Summer of 1986, Garth Snyder released an enhanced version of sudo. For the next 5 years, sudo was fed and watered by a handful
    of folks at CU-Boulder, including Bob Coggeshall, Bob Manchek, and Trent Hein.

    In 1991, Dave Hieb and Jeff Nieusma wrote a new version of sudo with an enhanced sudoers format under contract to a consulting firm called "The Root Group". This version was later released under the GNU public license. ...
    The original post to Usenet is available in Google's archive here, although I don't know if that URL is stable or not. But the whole thing is there, including the source, all in plaintext, dated Dec 15, 1985. From reading the discussion it looks as if some other people had similar programs earlier, though, including one called "asroot" which seems a lot less robust.
    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  10. Re:Agreed, other OS's need to copy UAC by rrohbeck · · Score: 2, Interesting

    >Hell, they should make them appear so often people completely ignore their content and just blindly click "OK" or "Allow". Yeah, that's the ticket...

    Preferably popping up from a background program and grabbing the focus, so if you're typing in another window and hit Return, you select OK. This just happened to me with Outlook's Autoarchive prompt.

    Can they please force the mouse cursor over the OK button too?

    That way, they can always say "It's not our fault. The user allowed it." and the user can claim that (s)he didn't even notice. Problem solved.

    --
    thegodmovie.com - watch it
  11. Re:Obligatory by el+americano · · Score: 2, Interesting

    Remains to be seen if Vista will ever achieve enough market penetration to apply such pressures effectively

    Once you're unable to buy a new computer with any version of Windows except Vista, the uptake of Vista should be pretty brisk. I just manually installed XP yesterday, and it's a safe bet that Microsoft has guaranteed that no user is going to want to go through that horrible process, assuming they also are willing to pay full retail "nobody really pays this" price to "downgrade".

    Do not underestimate how much Microsoft owns their user base. Did you not get Windows Genuine Advantage?

    --
    Those are my principles. If you don't like them I have others. -Groucho Marx
  12. Re:Obligatory by r3m0t · · Score: 3, Interesting

    The original plan was to require Ctrl+Alt+Del *and* the user's password on every UAC prompt. (See the Vista team blog.) They removed this requirement after user testing, also taking a more lax view of what should require UAC. (In my view, in the Control Panel, not lax enough.)

  13. Re:Obligatory by ShieldW0lf · · Score: 2, Interesting

    Remains to be seen if Vista will ever achieve enough market penetration to apply such pressures effectively

    Once you're unable to buy a new computer with any version of Windows except Vista, the uptake of Vista should be pretty brisk. I just manually installed XP yesterday, and it's a safe bet that Microsoft has guaranteed that no user is going to want to go through that horrible process, assuming they also are willing to pay full retail "nobody really pays this" price to "downgrade".

    Do not underestimate how much Microsoft owns their user base. Did you not get Windows Genuine Advantage?

    Familiar with Dell? Have a problem with the statement "Dell has always been one of Microsofts staunchest supporters"?

    In response to user reaction to Vista, Dell has begun re-offering Windows XP, and has also begun offering Ubuntu pre-installed on desktops and laptops.

    Don't overestimate how much Microsoft owns their user base.

    --
    -1 Uncomfortable Truth