Coding Around UAC's Security Limitations

Mariam writes "Free software developers from the non-profit NeoSmart Technologies have published a report detailing their experience with coding around Windows Vista's UAC limitations, including the steps they took to make their software perform system actions without requiring admin approval or UAC elevation. Their conclusion? That Windows Vista's improved security model is nothing more than a series of obstacles that in reality only make it more difficult for honest ISVs to publish working code and not actually providing any true protection from malware authors. Quoting from the post: 'Perhaps most importantly though, is the fact that Windows Vista's newly-implemented security limitations are artificial at best, easy to code around, and only there to give the impression of security. Any program that UAC blocks from starting up "for good security reasons" can be coded to work around these limitations with (relative) ease. The "architectural redesign" of Vista's security framework isn't so much a rebuilt system as much as it is a makeover, intended to give the false impression of a more secure OS.'"

Re:UAC is shite

[syousef]

If you're copying the file into a place that you dont have permissions to (ie, C:\program files\ or the all users part of the desktop or start menu), then you will get a UAC prompt. And that is correct behavior.

Garbage. How does that make me more secure? By fucking desenitizing me from actual warnings that require my attention so I end up programmed to press "Allow" like Pavlov's dog? Listen to what you're fucking saying man! It doesn't make sense.

Typically only one person uses a machine and has installed all the software. Occassionally there is a genuine multi-user environment on a home PC, and more commonly some work machines are shared, but for the most part this is computer security theatre at it's finest.

Try copying files into /etc on linux or the OS folders in OSX and you'll get the same response

Again, that makes sense in a genuine multi-user environment. If 20 users share the Linux machine, fine. Otherwise escalating privs every 5 minutes to do common tasks defeats the purpose of having a higher priv level. On my LInux machines, I run as admin. So do a lot of people. It's not that I don't care about security, it's that for practical everyday operation on a single user machine, constant prompts or use of pseudo is nonsense.

On the other hand, if you're concerned that you're running as admin but dont want UAC prompts, then just configure the OS to operate that way.

That is EXACTLY what I do! Turn off UAC. It's useless crapola.