Text 16314, 158 rader
Skriven 2007-02-20 00:40:22 av Rich Gauszka (1:379/45)
  Kommentar till text 16309 av Rich (1:379/45)
Ärende: Re: Legacy setup program behavior
=========================================
From: Rich Gauszka <gauszka@-nospam-hotmail.com>

I can understand why the criticism though as when one is the dominant vendor as
is Microsoft one is also the chief target of Malware. I tend to agree with the
views expressed in the blog below

http://blogs.zdnet.com/Ou/?cat=8

While it's true that Vista UAC is no different from Mac or Linux privilege
escalation, we must remember that the old argument that "everyone else is doing
it" just doesn't cut it when you're the most dominant desktop operating system
in the world and the biggest target for Malware.  While Vista's security record
in the first three months (referring to enterprise and MSDN rollout) in public
has been stellar by any standard on any operating system, we have to expect
that Malware pushers will be using a lot more social engineering as their
weapon of choice against Vista once it inevitably becomes the dominant
operating system led by the retail sector.  There are simply too many people
downloading "warez" (pirated software), applications and games that people
think will be cool to try out, and "free" adult videos that require one of
those "special" root me Codecs in order to "play" and your average Joe or Jane
won't know any better.  While one might be tempted to say "it's their problem",
it eventually becomes everyone's problem because those suckers become a massive
army of zombies that can spew spam and DDoS (Distributed Denial of Service)
attacks.

What Rutkowska suggests is that UAC should have more than just a yes/no option
on privilege escalation but a yes, limited yes, and no option. Under Windows
XP, Rutkowska is able to run as a limited user with add only privileges to the
"Program Files" directory and the HKLM Software registry hive but Vista takes
this choice away from her because of the way that UAC works.  I would add to
that add only permissions list the "Public Desktop" so that launch icons can at
least be installed for everyone.  The vast majority of applications shouldn't
need any more privileges than what's listed here and they certainly shouldn't
ever have the ability to modify the OS kernel unless they're signed by a
trusted Certificate Authority.  If Microsoft would adopt this as the standard
permission model for the vast majority of applications then it would vastly
improve the Trojan Malware situation

Rich wrote:
>    This is entirely an app compat issue for legacy installers not
> anything that should be relevant as ISVs release new products.  There is
> a mechanism defined for any application to declare its elevation
> behavior and one specifically for installers that use Windows
> Installer.  See
> http://msdn2.microsoft.com/en-us/library/aa372468.aspx for Using Windows
> Installer with UAC.  See
> http://msdn2.microsoft.com/en-us/library/aa480150.aspx for info on
> developing applications.  The Certified for Windows Vista logo requires
> that all EXEs declare their execution level.  See
> http://download.microsoft.com/download/8/e/4/8e4c929d-679a-4238-8c21-2dcc8ed1
f35c/Windows%20Vista%20Software%20Logo%20Spec%201.1.doc.
>
> Rich
>
>
>     "Rich Gauszka" <gauszka@dontspamhotmail.com
>     <mailto:gauszka@dontspamhotmail.com>> wrote in message
>     news:45da0ce1$3@w3.nls.net...
>     I don't read that in Russinovich's response as he does admit there is a
>     problem and admit that Vista's administration escalation on the
>     installer is
>     intentional. Only time will tell if Vista's 'usability' makes for a
>     happy
>     hacker and Microsoft's design choice was poor .
>
>     It does seem though that Microsoft's security concern these days is
>     more
>     with tightening the screws to wga rather than worry about mundane user
>     related security issues
>     http://crunchgear.com/2007/02/19/microsofts-ballmer-blames-poor-vista-sal
es-on-piracy/
>
>
>     "Gary Britt" <GaryNOSPAMBritt@generalcogster.com
>     <mailto:GaryNOSPAMBritt@generalcogster.com>> wrote in message
>     news:45da06e5$1@w3.nls.net...
>      > Its said to see Russinovich lend his credibility to the spin
>     machine at
>      > Microsoft.  Am I the only one who thinks this?  I'm sure he's
>     getting paid
>      > really well and any of us would have sold out just like him, but
>     its still
>      > sad nonetheless.
>      >
>      > Gary
>      >
>      > Rich Gauszka wrote:
>      >> "I would like to be offered a choice whether to fully trust a given
>      >> installer executable [and run it as full administrator] or just
>     allow it
>      >> to add a folder in C:\Program Files and some keys under
>     HKLM\Software and
>      >> do nothing more."
>      >>
>      >> "I could do that under Windows XP, but apparently I can't under
>     Vista,
>      >> which is a bit disturbing."
>      >>
>      >>
>      >>
>     http://www.itnews.com.au/newsstory.aspx?CIaNID=46057&src=site-marq
>     <http://www.itnews.com.au/newsstory.aspx?CIaNID=46057&src=site-marq>
>      >>
>      >> Rutkowska discovered that when Vista detects that the user is
>     running an
>      >> installation file it kicks into full admin mode.
>      >>
>      >> If a user wishes to install a new program they are presented
>     with the
>      >> option either to allow the installer complete system privileges
>     or not to
>      >> run the program at all.
>      >>
>      >> Rutkowska wrote on her Invisible Things blog: "That means that
>     if you
>      >> downloaded some freeware Tetris game, you will have to run its
>     installer
>      >> as administrator, giving it full access to all your file system and
>      >> registry, and allowing it to load kernel drivers! Why should a
>     Tetris
>      >> installer be allowed to load kernel drivers?
>      >>
>      >> "I would like to be offered a choice whether to fully trust a given
>      >> installer executable [and run it as full administrator] or just
>     allow it
>      >> to add a folder in C:\Program Files and some keys under
>     HKLM\Software and
>      >> do nothing more.
>      >>
>      >> "I could do that under Windows XP, but apparently I can't under
>     Vista,
>      >> which is a bit disturbing."
>      >>
>      >> A few days after her posting there was a lengthy and detailed
>     response
>      >> from Mark Russinovich, a Technical Fellow at Microsoft.
>      >>
>      >> Russinovich essentially admitted that, while the problem exists,
>     it was a
>      >> design choice that stemmed from the balance between security and
>      >> usability.
>      >>
>      >> "Because elevations and integrity levels do not define a security
>      >> boundary, potential avenues of attack, regardless of ease or
>     scope, are
>      >> not security bugs, " he said.
>      >>
>      >> In light of the huge security campaign surrounding Windows Vista
>     in 2006,
>      >> Rutkowska said in a follow up posting that this explanation
>     simply is not
>      >> good enough and that Microsoft should attempt to solve the
>     problem rather
>      >> than try and dismiss the issue.
>

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)