Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Hole In Windows 7 UAC

Posted by kdawson on from the cancel-or-allow dept.

An anonymous reader writes "A prolific blogger is warning of a possible security hole in the latest beta version of Windows 7. Long Zheng has posted both a description and a proof of concept for an issue that could allow an attacker to skirt the User Account Control component in the new version of Windows. The problem, explains Zheng, is that UAC itself is controlled through system settings. This can allow an attacker to completely disable the protections without user notification. Zheng notes that the issue can be easily fixed by changing the UAC setting to notify users when Windows settings are altered, and that Microsoft could remedy the problem by prompting the user when the UAC setting is altered."

12 of 388 comments (clear)

  1. "Gerald" by plasmacutter · · Score: 5, Funny

    Everyone knows from recent news that microsoft has removed the innards of windows 7 and replaced them with "gerald", a lovable computer literate field mouse.

    Gerald is cheap, congenial, and zippy, but unfortunately has very poor judgment.

    --
    VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
  2. The beta worked! by jamesmcm · · Score: 5, Funny

    The beta worked perfectly!
    Even the malware will be ready for Windows 7!

  3. Microsoft already replied by DavidR1991 · · Score: 5, Informative

    MS have already said that this flaw is "by design" to stop the appearance of too many UAC prompts when users alter their own system settings

    http://www.istartedsomething.com/20090131/microsoft-dismisses-windows-7-uac-security-flaw-insists-by-design/

    1. Re:Microsoft already replied by cgenman · · Score: 5, Interesting

      I kind of agree with the less-is-more approach to end user interactions. I get a lot of clients who have learned to cope with the modern click-prompt overload by simply clicking somewhat randomly on everything that comes up in front of them. Frequently, this leads to disabling some vitally important part of their computer in a way that any person who actually read prompts would have easily avoided.

      Sadly, the less computer savvy you are, the more likely you are to be constantly deluged with upgrade prompts from Adobe, install requests for Safari from Apple, and the multitude of prompts when Hewlett Packard's genuinely awful drivers crash. Prompts to continue subscriptions to Symantec, upgrade to the latest acrobat, log in to windows messenger, etc. And, of course, each separate component has its own prompts. "Click here to upgrade. I see you've clicked here to upgrade, would you like me to go to the internet and upgrade? Upgrade will begin when you click the OK button below. Upgrading... Upgrade has completed, click OK below to continue. Thank you for upgrading, please visit unintelligiblylongwebsite.com/pagenobodywilleverclickon.html to give us feedback on this process. Press Dismiss below to return to the installer. Thank you for returning to the installer. If you are satisfied with this interaction, press OK below."

      90% of users have no idea what their computer is doing, or should be doing, under the hood. If they weren't already suffering from click-fatigue, they wouldn't be the right people to decide on technical issues anyway.

      Obviously, it shouldn't be possible to disable UAC without actually getting a UAC prompt. But in general, UAC is an annoying system that most users completely tune out. Instead of hightening user knowledge, it simply drowns out any real issues.

      --
      The ______ Agenda
  4. Re:Mechanical Analog by Anonymous Coward · · Score: 5, Funny

    the worst car analogy I've seen on slashdot for a while.

  5. How hard is it to copy something... by 51M02 · · Score: 5, Insightful

    correctly.

    I mean, Linux and MacOSX (and others) have sudo for years, the original code dating back to 1980 according to Wikipedia.

    The concept is not new : type your password to gain access to some privileges. That way bots and virus can't do everything while you can still administrative tasks easily.

    My question is how hard is it to copy some 25 years old functionality (marketing it as brand new) and still don't get it right.

    --
    --- Bouh !!! ---
  6. whoa, recursive Meta-UAC by rarel · · Score: 5, Funny
    From TFA: Microsoft could remedy the problem by prompting the user when the UAC setting is altered.

    ==============

    "It look like you're trying to alter the UAC settings, Cancel or Allow?"
    *click*
    "It looks like you've confirmed the change in UAC settings, Cancel or Allow?"
    *click*
    "The UAC settings have been altered, Cancel or Allow?"
    *click**click**click**click**click*-----INPUT DEVICE FAILURE

  7. Re:Short: Don't work as Administrator by Anonymous Coward · · Score: 5, Informative

    if I have a script on my computer that can simulate keypresses and mouse clicks *nothing* will hinder it to click on "I've read the warning"

    That's completely wrong. The entire point of the UAC prompt is that it can't be automatically dismissed by simulated user input. The UAC prompt runs on a separate virtual desktop from everything else (which is why it flickers), and the kernel enforces that only real user input can touch it, and you can't run your own code in the kernel without going through a UAC prompt, so it's secure.

    If this guy is right and UAC can be disabled without user input, then the entire UAC system instantly becomes pointless. Saying that you shouldn't be running as administrator is stupid; UAC's purpose was to make it safe to use administrator accounts. If you can't do that, then UAC has failed. Anyway, Administrator accounts are the default and therefore what 99% of users are going to be using.

  8. "A prolific blogger ..." by timmarhy · · Score: 5, Insightful
    people if that's not a big big warning sign i don't know what is. you know what this guy has discovered? if you login as administrator, attackers can do the same things you can.

    This is no different to me browsing the web as root in linux and running any shit that pops up

    --
    If you mod me down, I will become more powerful than you can imagine....
  9. Re:Short: Don't work as Administrator by drsmithy · · Score: 5, Insightful

    Prompting the user when this setting is altered is quite worthless - if I have a script on my computer that can simulate keypresses and mouse clicks *nothing* will hinder it to click on "I've read the warning".

    You mean apart from the inability of your script to interact with the separate Desktop that UAC prompts occur on ?

  10. Re:Short: Don't work as Administrator by Kjella · · Score: 5, Insightful

    The real problem, and one that doesn't have a good techincal or sociological fix, is that most windows users are doing administration duties that far exceed their skills. Users get confronted with all sorts of dialogs they don't understand but just want to get on with it. I bet you, that if you popped up a page to someone saying "This video needs a newer version of flash" and redirected them to some completely bogus page that gave them a plugin with a completely bogus signature most people would go ahead and install it anyway. What is the latest version anyway? Couldn't even remember who makes it, and those companies keep on merging and rebranding and whatnot. No amount of UAC, or running as an unprivilidged user could possibly fix that because they are the ones with the admin keys and they're handing them out too easily.

    Most users don't understand trust, they want to see a nice little lock icon telling them this site is safe, this site is bad. Same goes for plugins. Same goes for software. If you try educating them they'll just go blank *bad thing* *bad thing* *REALLY bad thing* but they won't understand and just want the simple answer. There's some very professional looking sites out there that appear to give you good software. They often even look better than the real deal because the frauds are all about appearances while the real sites focus on delivering good software, no offence intended. While it does amount to some degree of security scissors, most users would be better of if they only downloaded from safe, verified sources of software and plugins. If only Linux would stop asking all the other technical questions, the repository model would be much better for these people. It's not the end-all and be-all of security but it concentrates 99% of the superuser tasks in one place and makes it that much harder for some random application to throw up a superuser prompt.

    --
    Live today, because you never know what tomorrow brings
  11. Re:Short: Don't work as Administrator by mpeskett · · Score: 5, Interesting

    When has a windows administrator account ever meant that you could do whatever you please?

    I'm sat here right now, running an admin account on XP, and if I try to delete the "Desktop" folder in my own account, I can't. It tells me "Desktop is a Windows system folder and is required for Windows to run properly. It cannot be deleted". Never mind the fact that I've changed the location of that folder by fiddling with the registry to put it on a separate hard drive, the redundant copy on C:\ is still protected against deletion.

    Contrast this against the stories about *nix systems where some fool runs rm -rf as admin and it only stops deleting things when it deletes the delete command itself... that is being allowed to do whatever you want.