Some weeks ago, I blogged about a security bug in Windows 7’s UAC that allows malware to exploit the new auto elevation feature to run with administrator privileges without issuing a UAC prompt. A few other sites also took up this issue discovered by Leo Davidson. Ever since then I have been waiting for a response from Microsoft, and now it is out. No less a person than Mark Russinovich covered the topic in a lengthy and highly technical article in TechNet Magazine. He doesn’t explicitly mention Leo, but it is obvious that he is quite aware of this issue. Actually, it appears that he always knew about it. In other words, it is a feature, not a bug.

Microsoft officials already had made similar statements about former UAC issues. But I think this is the first article that is not just a marketing text. It explains in great detail why UAC actually is no security boundary. And this is not just about Windows 7; it also applies to Windows Vista:

From the perspective of malware, Windows 7’s default mode is no more or less secure than the Always Notify mode (”Vista mode”), and malware that assumes administrative rights will still break when run in Windows 7’s default mode.

(more…)

Last week, I discussed some popular myths about the built-in Administrator account. Today, I will talk about a related myth. This myth isn’t spread by secret revealers, Microsoft’s marketing is the origin of this rumor. It is about this big change that UAC (User Account Control) supposedly brought to the Windows world. Security expert have always criticized that in Windows end users usually are logged on as administrators. This is very different to the UNIX world where even system administrators log on as root only every now and then. It appears that in Windows Vista everything is different because the default user type is now the standard user.

Darren Canavor, a Microsoft program manager wrote almost three years ago about Vista:

In Windows Vista we made numerous changes to our user account model. Standard users are now the default user type for new accounts created after initial setup.

Is this really true? I seriously doubt that.

(more…)

I somehow must have missed this discussion about this serious Windows 7 User Account Control (UAC) security hole (perhaps “barn door” is a more appropriate term). Leo Davidson published his findings in the beginning of February. I wouldn’t bring this up now if this UAC vulnerability had been fixed in Windows 7 RC. Note that this issue is only remotely related to another Windows UAC flaw I covered a while back. Leo was kind enough to send me his proof-of-concept program so I could try it with the current Windows Release Candidate. I must admit I was quite surprised that it really worked because it proves that the default setting in Windows 7 makes UAC absolutely useless. In my opinion, UAC in Windows 7 even reduces overall security.

I really can’t believe that Microsoft just ignored Leo’s findings. Leo has contacted the company and offered his proof-of-concept program’s source code. Moreover, major news sites such as The Register have reported this issue; thus Microsoft must be aware of this serious security problem. This indicates that there is a design flaw in UAC that probably can’t be fixed easily. Therefore, it is quite likely that Windows 7 will be released with this vulnerability.

(more…)

Some days ago, I stumbled across an article over at MS Windows Vista Compatible Software that explains how to enable or disable the Windows 7 built-in Administrator account. At first I thought that Microsoft must have changed something in Windows 7 with regard to the local administrator account. However, after reading the article, it became clear that everything is as is in Vista.

But, this is not the topic of this post. It is about the “word of caution” at the beginning of the article. Sekhy, the author of the article, warns his readers not to “tamper around” with the Administrator account. Ever since Microsoft decided to disable the built-in Administrator account in Windows Vista, there is a myth about the magical powers of the “true administrator account” circulating on the net. Hence, those people who don’t really know about these true powers should not dare to use the supersecret administrator account.

(more…)

Steel Run As solves a problem that every Windows administrator faces sooner or later. It allows you to let standard users run a specific program with administrator privileges. This works in login scripts, in Windows domains or on standalone workstations. Important is that the user doesn’t have to know the administrator’s password, like with the Windows runas command. Best of all is that Steel Run As is very easy to set up.

When I first heard that Microsoft was going to introduce UAC in Windows, I thought it would be something similar to sudo in Linux. Unfortunately, UAC is no match at all for sudo. The feature I miss most is the ability to allow certain end users to manage specific operating system features that require administrator rights.

(more…)

Rate this tool: (4 votes, average: 4.00 out of 5)

 Loading ...

Submit favorite free admin tool | Free tools ranking list | Descriptions of all tools

There is an interesting debate going on between Microsoft and two bloggers (Long Zheng and Rafael Rivera) who both claimed that they found serious vulnerabilities in Windows 7 UAC. When I read about the first UAC security flaw and Microsoft’s response to it, I thought this issue would be settled. Only after I had a closer look at the second security issue did I realize that Windows 7 Beta UAC has indeed “vulnerabilities by design”.

The whole discussion is about the new UAC setting “Notify me only when programs try to make changes to my computer“. It is the default configuration what makes this issue even more problematic.

The first Windows 7 UAC vulnerability

The main point about the first vulnerability is that third party software is able to disable UAC without giving UAC the chance to prompt the user for consent. Rafael Rivera wrote a proof-of-concept VBscript program that demonstrates how malware could disable UAC. Basically, the program emulates a sequence of keyboard inputs that turn off UAC.

(more…)

Some days ago I reviewed Smart UAC, a replacement for Vista’s UAC (User Account Control). Symantec is working on a similar tool, Norton Labs UAC (NUAC). The tool is currently in beta and I am not sure if this will be its final name. As with Smart UAC, the main feature of NUAC is its ability to suppress future prompts from the same action.

NUAC’s setup asks you if you want to submit UAC prompts. This means that NUAC will send metadata about your actions to Symantec. This metadata contains information such as the filenames and the hashes of the executables and the DLLs involved in the action. Symantec intends to build a white and a black list for UAC prompts. I think this is an interesting idea. This technique works very well for SPAM and I believe it could improve security significantly on Windows PCs. If people know that a UAC alert has never shown up somewhere else, they will be extra careful. Moreover, UAC will be less likely to get on our nerves. Note that the current beta doesn’t use these lists yet.

(more…)

Rate this tool: (3 votes, average: 4.33 out of 5)

 Loading ...

Submit favorite free admin tool | Free tools ranking list | Descriptions of all tools

Smart UAC is a free tool that replaces Vista’s UAC (User Account Control). It allows you to mark certain programs as safe, so you won’t be bothered with UAC prompts anymore in the future. You can also add applications to a deny list which will prevent them from being executed. Furthermore, Smart UAC has a built-in malware scanner.

One of the features that’s missing with Vista’s UAC is the ability to disable UAC prompts for particular applications. Sometimes you have to configure a Vista feature that requires admin privileges several times because you want to try out something. That’s when UAC can really get on your nerves. Even more annoying are auto-starting apps that initiate a UAC prompt whenever you boot up. Why should I need to confirm that a program is trustworthy more than once?

(more…)

Rate this tool: (2 votes, average: 3.50 out of 5)

 Loading ...

Submit favorite free admin tool | Free tools ranking list | Descriptions of all tools

Microsoft’s Windows 7 blog has an interesting post about UAC (User Account Control). Ben Fathi, vice president for core OS development, reveals some data from Vista’s Customer Experience Improvement Program about UAC and describes how Microsoft intends to change Windows 7 UAC. This is the essential information Microsoft gathered in one year (May 07 – May 08, Aug 07 – Aug 08):

• The number of applications and tasks generating a prompt has declined from 775,312 to 168,149
• The number of sessions with one or more UAC prompts has declined from 50% to 33% of sessions with Vista SP1
• Windows itself accounts for about 40% of all UAC prompts
• Windows components accounted for 17 of the top 50 UAC prompts in Vista and 29 of the top 50 in Vista SP1
• In one lab study we conducted, only 13% of participants could provide specific details about why they were seeing a UAC dialog in Vista

(more…)

• Download Server Core CoreConfigurator. The developer removed the download temporarily. As long as nobody complains you can download it at 4sysops.
• Five Microsoft Exchange Server backup worst practices. I don’t share the skepticism about disk backups, but 5 (testing Exchange Backups) is important.
• Enable or Disable UAC (User Account Control) From a Batch File in Windows Vista. Sooner or later you will need this.
• The Stupidity of Microsoft’s Mojave Experiment I have to agree with the analysis at PCMech. It is funny anyway.
• Good review about VMware ThinApp at PC World. This HTTP-based synchronisation feature is interesting.
• Mary Jo Foley discussed scope, Microsoft’s scripting language for the cloud. This sounds all quite interesting.

The Windows Server 2003 and Server 2008 Shutdown Event Tracker is a little like the UAC prompts. It gets on my nerves with a prompt whenever I have to reboot a server. What comment do you usually enter in the Shutdown Event Tracker? My favorite comment is “a” because it is the first character in the alphabet. You can disable this prompt easily with Group Policy or locally with gpedit.msc.

Shortly after this feature was first introduced, I always tried to think of a reasonable comment. But I have never needed to look up the reason why a server had to be rebooted. The problem is that Windows servers have to be rebooted so often, that it doesn’t matter anyway. However, I am sure this feature makes sense in some environments.

(more…)

Some weeks ago, I blogged about a little script that allows you to turn off Vista’s UAC temporarily by killing the Windows Explorer process and restarting it with administrator rights. In a comment, Marty remarked that one doesn’t have to kill the Explorer process if one configures Windows Explorer to start in a separate process. Now, I just stumbled across a blog post that explains how to elevate Windows Explorer, which is essentially the same topic. I suppose many of you didn’t follow the discussion in my original post, so I thought I would repeat it here with some new insights.

This is not only about disabling UAC, though. It is also helpful if you want to edit a file in the Windows or Programs directory. You probably know that you can’t just do that by opening the file through Explorer. If you try it this way, your editor won’t be able to save the file. It doesn’t help if you elevate Explorer before you open the file, either. The reason for this is that Explorer is already running, since the Windows desktop is also an Explorer process.

(more…)

• 41% had no direct experience of Vista, but are offering an opinion on Vista’s suitability in a business context. http://snurl.com/2aduv #
• Configuration Manager 2007 SP1 available: Intel AMT support, new Inventory capabilties, Vista SP1+Server 2008 support http://snurl.com/2adx7 #
• Technet and MSDN are now hosted on Hyper-V. They have 4 million hits daily. Guess the final will be released soon. http://snurl.com/2adxo #
• New white paper from Microsoft comparing Vista SP1 with XP SP3. This is highly recommended for Windows XP fans. http://snurl.com/2adyf #
• Just tried Hyper-V-Manager for Vista SP1 that was originally released for Hyper-V RC0 with RC1. No problems so far. http://snurl.com/2apw9
• PCWorld has an interesting article according to which UAC helps better against rootkits than anti-virus software. http://snurl.com/2apuv

One of the features Vista’s UAC lacks is a way to temporary disable it without reboot. Under Linux you can just run the su command if you to have to accomplish several tasks that need root privileges. Vista and Windows Server 2008 don’t have such a feature. The only way to get rid of the UAC prompts temporarily is to logon with a domain administrator account. But sometimes this is very inconvenient. This is where a nice workaround, which I found in the Windows IT pro magazine (April 2008, p. 10) can be quite useful.

The trick is to elevate the desktop shell (explorer.exe), temporarily. Any tool that is launched from an elevated application will run with administrator rights. And best of all, UAC will not display its disturbing prompts from then on. The downside of this solution is that you have to kill the explorer process, first. You can just imagine the problems, it might cause. So I would recommend using this workaround with caution.

(more…)

The results of my poll about Vista’s User Account Control (UAC) are quite impressive. More than 2000 4sysops readers voted so far. 67% have disabled UAC altogether, 5% disabled the elevation prompts, 3% changed other UAC settings and only 24% use the default UAC settings.

(more…)