I read today, that Windows 7 UAC is vulnerable to an escalation attack (see here). To sum this up in a few words, Windows 7′s UAC is basically Windows Vista’s UAC, but Microsoft tried to make it easier on the user, meaning less UAC prompts, so people will not get bored of all these prompts and click without reading or disabling UAC altogether. The attack shows that some system processes use UAC to “auto-elevate” privileges and of course a non allowed admin (PA) process would be able to inject these processes and gain full unrestricted admin privileges. The bottom of the problem is that people expect UAC to protect them when they are administrators.
- make people more aware of the “security” problem. It really is a windows security problem. Microsoft did not enforce separation between user and administrators since the dawn of time. Hell, they just could not guess that home users would actually use their computer (huhumm)!!! Problem is Microsoft Windows is everything to most of this world’s users, they don’t know nothing else! Microsoft may have gotten it wrong, but helped people actually use their PC… well, you can’t blame them, afterall they did create this market!!
- make Windows 7′s UAC more “user friendly” than Vista’s, for broader adoption and efficient use. Well at least the base idea is good… but actually pulling the level down is not such a good idea. Oh well, for these MS folks, UAC is not a security feature, it’s just to help people migrate from the old-bad-smelly-full-powered admin user to the classical user. But, well, you know, people are so used to install stuff all the time, it’s just crazy! They need that admin access! Hell, they install so many software and all the cracks that go with them, of course you expect them to be administrator! And malware expect this too ;) Seriously, I think UAC for the user (some kind of more intelligent/dangerous SUDO for windows) is quite right, almost OK ;) But really, putting UAC for the administrator is just a bait. It really is not a security barrier as told by MS teams themselves. The point is not here, the point is that MS should not encourage people to use the administrator account on a day-to-day basis! Letting people think they are now safe to run as administrators with UAC is just false! It’s “better than nothing” but it does not help make progress on the first point stated above, which is the announced and defended position by technical MS teams.
I understand MS did all (in fact almost) the work with Vista to enhance security, but by lowering the UAC bar from Vista to Windows 7, MS is bending to user demands by actually making it easier for people to run as administrators, and that is just history repeating my friends.
So is Windows 7′s UAC worse than Vista’s, well it actually is a little bit, not from a technical point of view, but because of the so famous “default policy”. Default policy is everything these days. Technology evolves so fast, not all businesses have the time and skills to “fix” what was wrong in the first place. I guess some guys at MS really believe in the future of the IS security market ;)
Still, for me the point is UAC entirely. MS cannot make a user understand the subtle differences between a security barrier and levels, and why UAC does not protect them entirely. Either you close your eyes and say to yourself: it’s better than nothing. Either you drop UAC and enforce clear user/admin separation.
There really is no easy answer on this. Having an OS for businesses and for home users really is a pain in the ass! (that’s yet another example why monopoly is “bad”)
Make people mad with Vista, they will shout and kill, begging you for something else…
Answer prayers and make people happy with Windows 7, after so much Vista-crap, people will take anything shiny and easier on them. They will think you do good things again and worship you forever and ever (until their wallet is empty)…
So much for “trying to improve security”… but you know, it’s just good business :).
After all, these little security guys will be so happy to see this shiny new OS and be able to find holes in it (be it hard to find or not is not an issue, preferably make it easy, so most security companies will get it, not just that random blackhat hacker using grandmothers’ bank accounts), it will make for good business for them (uh, no, not the random hacker….. oh well) also! It’s a win-win! Playing on people’s fear etc humm but that is so another topic :)
Business is business!