Well here is another UAC tool from Vista.

October 11, 2008

http://www.betanews.com/article/New_Norton...back/1223668881

There was another one presented here a couple of months ago.

October 11, 2008

"Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message

news:%23TuMMP1KJHA.4708@TK2MSFTNGP02.phx.gbl...

> http://www.betanews.com/article/New_Norton...back/1223668881

>

> There was another one presented here a couple of months ago.

Why would any NORMAL person need a UAC tool? Apart from those who just

tinker with their machines and don't actually do any WORK with them?

October 11, 2008

"Gordon" <gordonbparker@yahoo.com.invalid> wrote in message

news:%23RRNt64KJHA.5692@TK2MSFTNGP04.phx.gbl...

> Why would any NORMAL person need a UAC tool? Apart from those who just

> tinker with their machines and don't actually do any WORK with them?

You do realize that applies to 90% of computer nerds, right? I have a friend

who is like that and I am always asking him when he is actually going to use

his computer as a tool (as it was intended to be used) instead of playing

program manager on it. He buys new hardware just to geek out on upgrading

when he has no actual use or need for the hardware.

October 12, 2008

Security is such a bother...

It's so annoying to have to click again after I already

clicked such a short time ago...

All I wanted to do was execute a program - one click

should be sufficient for the task...

After all, It's not like I'm trying to delete something...

(which should take eleven clicks to make sure I really meant

to delete what I'm trying to delete because I don't have any

backups in case the file I delete is needed later )...

Leave it to Symantec to "give the people what they want"

with no regard for the security implications.

After the recycle bin there should be a truck and then a

waste management distribution center and a landfill where

I could still go to get back that file should the need arise.

The consequences of deleting a file IMO are far less than

the ones of executing a program (seeing as the program

could then effectively delete everything ) so why all the

complaints about an extra click when a user (or something

else) invokes a program?

"Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message

news:%23TuMMP1KJHA.4708@TK2MSFTNGP02.phx.gbl...

> http://www.betanews.com/article/New_Norton...back/1223668881

>

> There was another one presented here a couple of months ago.

October 12, 2008

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

news:eiArA7$KJHA.5704@TK2MSFTNGP02.phx.gbl...

>

> Leave it to Symantec to "give the people what they want"

> with no regard for the security implications.

I wouldn't use the thing. It's about as bad as Application Control in 3rd

party personal FW(s) or other such nonsense snake-oil solutions. One wants

the mouse click on the accept button when it's malware that was accepted

and remembered so that one is not asked about it again.

It's just below this one. Hey, I turned UAC off, because I have ran this way

for 25 years from Win 9'x as root admin, and I have ran as user/admin on Win

NT 4.0, Win 2k, and XP with full admin rights. I am good man. I am so good,

computer savvy, and it can't happen to me on the Internet. Hey, so what if I

get some malware that something detected. I'll wipe out the machine if it

happens.

But little did I know that a whole boat load of malware has come past my

little security blanket, planted itself deep and can't be detected by my

detection security blanket, and it's been this way for a long time. I

don't even know how to go check things out for myself with other tools

manually and look around and see what is running on the machine from time to

time.

Hey, I am good and my security detection blanket is good too. Everything is

okay-dokey! :-P

October 12, 2008

If I really wanted secure, I wouldn't use windows at all. Do you

REALLY trust microsoft to keep your data safe? I know I don't.

I use this tool, and it's definetely worth the "risk". I don't need

to disable the prompts entirely, and I dont need to see the darn thing

every single time I want to open up a command prompt (as I always run

the prompt elevated).

--

mike-cow

- -While I try to give as safe advise as possible, and use alot of

effort in making sure it's accurate, I can't take responsibility of

problems arising from the help I give. In the end it's you who need to

decide what's the safest way to manage your computer.-

October 12, 2008

"mike-cow" <guest@unknown-email.com> wrote in message

news:9ece02bab2705bb54262bbe9e4ba911e@nntp-gateway.com...

>

> If I really wanted secure, I wouldn't use windows at all. Do you

> REALLY trust microsoft to keep your data safe? I know I don't.

>

I don't trust Microsoft, Linux, Apple or any other O/S to keep my data safe,

because none of them are bullet proof O/S(s). They are all written by and

used by fallible human beings. When we as human beings become perfect, then

you can expect that anything we create or do will be perfect, and that's not

happening in your life time.

As far as security is concerned, the buck stops with the user, and it

doesn't stop any where else. If the machine gets compromised, then the user

had involvement in it someway that lead to the compromise. It doesn't happen

by itself.

October 12, 2008

In message <9ece02bab2705bb54262bbe9e4ba911e@nntp-gateway.com> mike-cow

<guest@unknown-email.com> was claimed to have wrote:

>If I really wanted secure, I wouldn't use windows at all. Do you

>REALLY trust microsoft to keep your data safe? I know I don't.

>

>I use this tool, and it's definetely worth the "risk". I don't need

>to disable the prompts entirely, and I dont need to see the darn thing

>every single time I want to open up a command prompt (as I always run

>the prompt elevated).

And that means you're as good as a full administrator, all malware needs

to do is take a guess (or sit back and learn) what programs

automatically elevate, then exploit them.

Command prompt is a perfect target, since the malware can literally

launch "%systemroot%\system32\cmd.exe /c %malware.exe%", thereby

promoting itself to running with an administrative token, all without

asking you.

October 12, 2008

DevilsPGD;859187 Wrote:

> Command prompt is a perfect target, since the malware can literally

> launch "%systemroot%system32cmd.exe /c %malware.exe%", thereby

> promoting itself to running with an administrative token, all without

> asking you.

Yes it would be, but I'm not running cmd. Cygwin ftw! 'Cygwin

Information and Installation' (http://www.cygwin.com/)

--

mike-cow

- -While I try to give as safe advise as possible, and use alot of

effort in making sure it's accurate, I can't take responsibility of

problems arising from the help I give. In the end it's you who need to

decide what's the safest way to manage your computer.-

October 13, 2008

In message <0c8e7ade6544fc13118dcc1031a3f593@nntp-gateway.com> mike-cow

<guest@unknown-email.com> was claimed to have wrote:

>DevilsPGD;859187 Wrote:

>> Command prompt is a perfect target, since the malware can literally

>> launch "%systemroot%system32cmd.exe /c %malware.exe%", thereby

>> promoting itself to running with an administrative token, all without

>> asking you.

>

>Yes it would be, but I'm not running cmd. Cygwin ftw! 'Cygwin

>Information and Installation' (http://www.cygwin.com/)

Yes, and?

A similar command line parameter would do the trick for Cygwin.

October 13, 2008

DevilsPGD;859420 Wrote:

> A similar command line parameter would do the trick for Cygwin.

Ofcourse... If the malware knows where to find it... Security by

obscurity works well on software.

--

mike-cow

- -While I try to give as safe advise as possible, and use alot of

effort in making sure it's accurate, I can't take responsibility of

problems arising from the help I give. In the end it's you who need to

decide what's the safest way to manage your computer.-

October 13, 2008

In message <ecdc523b65aa148cc4699ef14b2c4456@nntp-gateway.com> mike-cow

<guest@unknown-email.com> was claimed to have wrote:

>DevilsPGD;859420 Wrote:

>> A similar command line parameter would do the trick for Cygwin.

>

>Ofcourse... If the malware knows where to find it... Security by

>obscurity works well on software.

There are already some nice exploit kits out there that are almost drag

and drop simple, you pay up front and get a kit that handles the exploit

and hands off to your code.

The backend guys specialize in finding exploits, and despite all of

cygwin's flaws, I wouldn't bet my security on whether it's that

obscure.

More importantly, it's not really about what you and I would list as

always-approved, it's more about what your average end user would list.

This would include nearly any app who's authors are too lazy or stupid

to make their software run without administrative rights, since said

applications would either simply list themselves in the "always

authorized" group, or instruct users to do the same.

If you were Microsoft, would you consider that sufficient to encourage

lazy and stupid software authors to change their behaviour?

Remember, this isn't a new thing, user permissions have been around in

Microsoft operating systems since the mid 90s. Any author who hasn't

caught on yet needs some encouragement, and nothing quite like user

pressure to make it happen.

October 13, 2008

On Mon, 13 Oct 2008 05:01:58 -0700, DevilsPGD

<spam_narf_spam@crazyhat.net> wrote:

>Remember, this isn't a new thing, user permissions have been around in

>Microsoft operating systems since the mid 90s. Any author who hasn't

>caught on yet needs some encouragement, and nothing quite like user

>pressure to make it happen.

Yeah, like 99% of the users having problems with UAC contact the

software authors.

Riiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiight.

Dream on.

October 13, 2008

I agree with you. I just don't think it's justifiable with all those

securitymeasures in this computer. It's mainly for hacks and games. I

don't think windows is justifiable at all if I require a secure

workstation though.

I'm careful with what I run on my computer, I haven't had a single

(unintentional) problem with malware in years.

I should add that the norton tool is as bad as elevating the uac

entirely if used carelessly though... (I don't see a way it could be

WORSE than that though, unless norton start abusing it, when it comes to

that it's a question of how much you trust them)

--

mike-cow

- -While I try to give as safe advise as possible, and use alot of

effort in making sure it's accurate, I can't take responsibility of

problems arising from the help I give. In the end it's you who need to

decide what's the safest way to manage your computer.-

October 13, 2008

"mike-cow" <guest@unknown-email.com> wrote in message

news:ecdc523b65aa148cc4699ef14b2c4456@nntp-gateway.com...

>

> DevilsPGD;859420 Wrote:

>> A similar command line parameter would do the trick for Cygwin.

>

> Ofcourse... If the malware knows where to find it... Security by

> obscurity works well on software.

>

Here you go on the security, if you bother to read it.

<http://technet.microsoft.com/en-us/library/cc709691.aspx>

<http://news.softpedia.com/news/Admin-Approval-Mode-in-Windows-Vista-45312.shtml>

<http://technet.microsoft.com/en-us/magazine/cc138019.aspx>

<http://technet.microsoft.com/en-us/magazine/cc160882.aspx>

<http://msdn.microsoft.com/en-us/library/aa382503.aspx>

October 13, 2008

"Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message

news:uwxqSpBLJHA.1500@TK2MSFTNGP06.phx.gbl...

>

> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

> news:eiArA7$KJHA.5704@TK2MSFTNGP02.phx.gbl...

>>

>> Leave it to Symantec to "give the people what they want"

>> with no regard for the security implications.

>

> I wouldn't use the thing. It's about as bad as Application Control in 3rd

> party personal FW(s) or other such nonsense snake-oil solutions. One wants

> the mouse click on the accept button when it's malware that was accepted

> and remembered so that one is not asked about it again.

Yes, one might as well just silently elevate as with UAC turned off.

Allowing UAC to partially function is just lending users a false sense

of security. True, other aspects of UAC still enhance security if this

portion is circumvented, but the false belief that a whitelist won't be

abused by malware is damaging.

I hope I am correct in assuming the whitelist isn't based simply on

filenames, and that there is protection against it being edited by

malware. Even so, what is so bad about being asked if you really

intended to execute a particular program - especially since there

are no complaints about the ubiquitous 'confirm delete'. There is

much more power in execute than there is in delete especially

if cryptovirology is involved.

> It's just below this one. Hey, I turned UAC off, because I have ran this

> way for 25 years from Win 9'x as root admin, and I have ran as user/admin

> on Win NT 4.0, Win 2k, and XP with full admin rights.

Three cheers for Microsoft for making it more difficult to do this

in Vista. This split (or filtered) token and the default hiding of the

(non-filtered token) admin account makes it much harder for the

malware to entrench itself in the system - and more difficult for the

average user to circumvent this security enhancement.

> I am good man. I am so good, computer savvy, and it can't happen to me on

> the Internet. Hey, so what if I get some malware that something detected.

> I'll wipe out the machine if it happens.

The focus on recovery only is misplaced. Recovery should be

risk mitigation in the event of some failure in the primary preventive

measures. Avoidance measures aren't perfect, so recovery is a

necessary aspect - but shouldn't be relied upon. Besides, what

about the data leakage that could happen between infestation and

recovery? What about the harboring of malware that uses their

computer to dDoS others' and/or spread further? Individual users

should have more concern about the community of which they are

a part.

Vista's security by default and the difficulty in circumventing it

is a step in the right direction - and making it easier to circumvent

is a step backward.

> But little did I know that a whole boat load of malware has come past my

> little security blanket, planted itself deep and can't be detected by my

> detection security blanket, and it's been this way for a long time.

Perhaps undetected long enough to poison the backups within their

recovery plans.

> I don't even know how to go check things out for myself with other tools

> manually and look around and see what is running on the machine from time

> to time.

>

> Hey, I am good and my security detection blanket is good too. Everything

> is okay-dokey! :-P

In some cases, even tools can be lied to by the system.

I suppose their ignorance is bliss, right up until it kills them.

--end soapbox mode--

style_emoticons/)

October 13, 2008

I don't have much to comment on this issue anymore, but I'd like to ask

you a question:

Do you wear a helmet when riding your bike? (the question is void if

it's required by law though...)

--

mike-cow

- -While I try to give as safe advise as possible, and use alot of

effort in making sure it's accurate, I can't take responsibility of

problems arising from the help I give. In the end it's you who need to

decide what's the safest way to manage your computer.-

October 13, 2008

"mike-cow" <guest@unknown-email.com> wrote in message

news:fb10edd4ca36a39d5cb03146ca232984@nntp-gateway.com...

>

> I don't have much to comment on this issue anymore, but I'd like to ask

> you a question:

>

> Do you wear a helmet when riding your bike? (the question is void if

> it's required by law though...)

>

>

Why must you act an a$$ about it? Just because you like to fly with no

safety-net and with your draws down at your ankles does that mean that

anyone else should follow in your foot steps.

The thing about Linux users on Linux machines, which makes that system less

susceptible to attack used by the ignorant is that the user never runs as

root admin.

They run as non-root admin until an admin task is encountered, and then

they must give a root admin user-id and psw to escalate to root admin rights

to perform the task. They are then returned to being a non-root admin.

Yes, the ignorant masses my not be getting attacked like they use to be on

Vista, but on the other hand, on any previous version of the NT based O/S,

their linen was dropped to their ankles, and they had to keep on grinnin.

Now, they have a choice to leave the security on or turn it all off, if he

or she chooses to do either one.

October 13, 2008

In message <s9f6f4h70hob0edov29i3gp539v7ese64n@4ax.com> Paul Montgomery

<i.m.nonnymous@NOSPAMgmail.com> was claimed to have wrote:

>On Mon, 13 Oct 2008 05:01:58 -0700, DevilsPGD

><spam_narf_spam@crazyhat.net> wrote:

>

>>Remember, this isn't a new thing, user permissions have been around in

>>Microsoft operating systems since the mid 90s. Any author who hasn't

>>caught on yet needs some encouragement, and nothing quite like user

>>pressure to make it happen.

>

>Yeah, like 99% of the users having problems with UAC contact the

>software authors.

>

>Riiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiight.

>

>Dream on.

Maybe not, but the results speak for themselves, take a look at

http://blogs.msdn.com/e7/archive/2008/10/0...nt-control.aspx

The "Number of unique applications and tasks creating UAC prompts" line

speaks for itself, having gone from 800,000 to a little under 200,000 in

a 12 month period.

October 13, 2008

On Mon, 13 Oct 2008 15:41:54 -0700, DevilsPGD

<spam_narf_spam@crazyhat.net> wrote:

>>>Remember, this isn't a new thing, user permissions have been around in

>>>Microsoft operating systems since the mid 90s. Any author who hasn't

>>>caught on yet needs some encouragement, and nothing quite like user

>>>pressure to make it happen.

>>

>>Yeah, like 99% of the users having problems with UAC contact the

>>software authors.

>>

>>Riiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiight.

>>

>>Dream on.

>

>Maybe not, but the results speak for themselves, take a look at

>http://blogs.msdn.com/e7/archive/2008/10/0...nt-control.aspx

>

>The "Number of unique applications and tasks creating UAC prompts" line

>speaks for itself, having gone from 800,000 to a little under 200,000 in

>a 12 month period.

Those results don't say (as in "speak for themselves") that the

reduction is because of a surge of user complaints to software

developers as you initially implied.

You missed TWO other possibilities, each more credible than yours, and

each clearly explained in the article:

Quoting from that article:

"... we also expect that as people use their machines longer they are

installing new software or configuring Windows settings less

frequently, which results in fewer prompts, or conversely when a

machine is new that is when there is unusually high activity with

respect to administrative needs."

Also:

"Customer Experience Improvement Program data indicates that the

number of sessions with one or more UAC prompts has declined from 50%

to 33% of sessions with Vista SP1."

October 13, 2008

In message <efk7f45no5ues981h5n0utihig3pi31ci3@4ax.com> Paul Montgomery

<i.m.nonnymous@NOSPAMgmail.com> was claimed to have wrote:

>On Mon, 13 Oct 2008 15:41:54 -0700, DevilsPGD

><spam_narf_spam@crazyhat.net> wrote:

>

>

>>>>Remember, this isn't a new thing, user permissions have been around in

>>>>Microsoft operating systems since the mid 90s. Any author who hasn't

>>>>caught on yet needs some encouragement, and nothing quite like user

>>>>pressure to make it happen.

>>>

>>>Yeah, like 99% of the users having problems with UAC contact the

>>>software authors.

>>>

>>>Riiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiight.

>>>

>>>Dream on.

>>

>>Maybe not, but the results speak for themselves, take a look at

>>http://blogs.msdn.com/e7/archive/2008/10/0...nt-control.aspx

>>

>>The "Number of unique applications and tasks creating UAC prompts" line

>>speaks for itself, having gone from 800,000 to a little under 200,000 in

>>a 12 month period.

>

>Those results don't say (as in "speak for themselves") that the

>reduction is because of a surge of user complaints to software

>developers as you initially implied.

>

>You missed TWO other possibilities, each more credible than yours, and

>each clearly explained in the article:

>

>Quoting from that article:

>

>"... we also expect that as people use their machines longer they are

>installing new software or configuring Windows settings less

>frequently, which results in fewer prompts, or conversely when a

>machine is new that is when there is unusually high activity with

>respect to administrative needs."

The "new machine" effect would be seen in "Percentage of sessions with

prompts over time", if the problem is applications that need elevation

on a regular basis without any need (games, Quickbooks, etc), those

applications would likely exist both on mew machines and day to day

activity.

What might be an interesting stat would be "percentage of sessions with

UAC prompts over time-since-Windows-installation"

Regardless, stat I quoted is "number of unique applications and tasks

creating UAC prompts", which indicates that either applications are

changing their behaviour, or that users are moving to limited-user

compatible software.

>Also:

>

>"Customer Experience Improvement Program data indicates that the

>number of sessions with one or more UAC prompts has declined from 50%

>to 33% of sessions with Vista SP1."

SP1 came out in May, so again looking at "number of unique applications

and tasks creating UAC prompts", excluding SP1, that's down from

800,000 in Aug/07 to 300,000 in Apr/08.

I stand by my comment that the results speak for themselves.

October 15, 2008

FromTheRafters wrote:

> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message

> news:uwxqSpBLJHA.1500@TK2MSFTNGP06.phx.gbl...

>> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

>> news:eiArA7$KJHA.5704@TK2MSFTNGP02.phx.gbl...

>>> Leave it to Symantec to "give the people what they want"

>>> with no regard for the security implications.

>> I wouldn't use the thing. It's about as bad as Application Control in 3rd

>> party personal FW(s) or other such nonsense snake-oil solutions. One wants

>> the mouse click on the accept button when it's malware that was accepted

>> and remembered so that one is not asked about it again.

>

> Yes, one might as well just silently elevate as with UAC turned off.

> Allowing UAC to partially function is just lending users a false sense

> of security. True, other aspects of UAC still enhance security if this

> portion is circumvented, but the false belief that a whitelist won't be

> abused by malware is damaging.

You might find some interesting reading here about Vista's kernel.

http://technet.microsoft.com/en-us/magazine/cc162458.aspx

<http://www.securitypronews.com/news/securitynews/spn-45-20060601ASLRJoinsVistasBagOfTricks.html>

You know, I just don't see posts about malware issues with Vista users

that much.

October 15, 2008

"Mr. Arnold" <Arnold@Arnold.com> wrote in message

news:OFn92gsLJHA.4772@TK2MSFTNGP03.phx.gbl...

> FromTheRafters wrote:

>> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message

>> news:uwxqSpBLJHA.1500@TK2MSFTNGP06.phx.gbl...

>>> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

>>> news:eiArA7$KJHA.5704@TK2MSFTNGP02.phx.gbl...

>>>> Leave it to Symantec to "give the people what they want"

>>>> with no regard for the security implications.

>>> I wouldn't use the thing. It's about as bad as Application Control in

>>> 3rd party personal FW(s) or other such nonsense snake-oil solutions. One

>>> wants the mouse click on the accept button when it's malware that was

>>> accepted and remembered so that one is not asked about it again.

>>

>> Yes, one might as well just silently elevate as with UAC turned off.

>> Allowing UAC to partially function is just lending users a false sense

>> of security. True, other aspects of UAC still enhance security if this

>> portion is circumvented, but the false belief that a whitelist won't be

>> abused by malware is damaging.

>

> You might find some interesting reading here about Vista's kernel.

>

> http://technet.microsoft.com/en-us/magazine/cc162458.aspx

>

> <http://www.securitypronews.com/news/securitynews/spn-45-20060601ASLRJoinsVistasBagOfTricks.html>

>

> You know, I just don't see posts about malware issues with Vista users

> that much.

Probably they're all too busy configuring Vista for less security to

do anything about infecting their system. style_emoticons/)

Thanks for the links.

Sign In

Well here is another UAC tool from Vista.

Recommended Posts

Guest Mr. Arnold

Popular Days

Popular Days

Guest Gordon

Guest Rotten Ronny

Guest FromTheRafters

Guest Mr. Arnold

Guest mike-cow

Guest Mr. Arnold

Guest DevilsPGD

Guest mike-cow

Guest DevilsPGD

Guest mike-cow

Guest DevilsPGD

Guest Paul Montgomery

Guest mike-cow

Guest Mr. Arnold

Guest FromTheRafters

Guest mike-cow

Guest Mr. Arnold

Guest DevilsPGD

Guest Paul Montgomery

Guest DevilsPGD

Guest Mr. Arnold

Guest FromTheRafters

Join the conversation

Browse

Activity

Support