Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Security Hole In Windows 7 UAC

kdawson posted more than 5 years ago | from the cancel-or-allow dept.

Security 388

An anonymous reader writes "A prolific blogger is warning of a possible security hole in the latest beta version of Windows 7. Long Zheng has posted both a description and a proof of concept for an issue that could allow an attacker to skirt the User Account Control component in the new version of Windows. The problem, explains Zheng, is that UAC itself is controlled through system settings. This can allow an attacker to completely disable the protections without user notification. Zheng notes that the issue can be easily fixed by changing the UAC setting to notify users when Windows settings are altered, and that Microsoft could remedy the problem by prompting the user when the UAC setting is altered."

cancel ×

388 comments

Sorry! There are no comments related to the filter you selected.

The first of many? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26692099)

No, it isn't the 1st, it isn't the 2nd and it isn't the 70th issue with Windows (Beta or not) products. But really, is it a big deal? It is Beta. This isn't a 'the sky is falling' issue.

"The solution is trivial" the article quotes. No worries. Not news.

Don't use Windows says one crowd.

Don't judge the Beta says the others.

Screw it, let's just all agree that Paypal sucks.

Nothing is going to change!!!!

"Everything is different, but the same.. things are more moderner than before.. bigger, and yet smaller.. it's computers.. SAN DIMAS HIGH SCHOOL FOOTBALL RULES!!!"

-Ox

Re:The first of many? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26692113)

I agree, Paypal sucks.

Re:The first of many? (0, Offtopic)

Goose In Orbit (199293) | more than 5 years ago | (#26692573)

You missed the gratuitous goatse link ;^)

"Gerald" (5, Funny)

plasmacutter (901737) | more than 5 years ago | (#26692117)

Everyone knows from recent news that microsoft has removed the innards of windows 7 and replaced them with "gerald", a lovable computer literate field mouse.

Gerald is cheap, congenial, and zippy, but unfortunately has very poor judgment.

Security hole in the White House... (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26692919)

So much for "change." The cabinet's been loaded up with former lobbyists, tax cheats, and women whose husbands will be soliciting donations for their private charities from the countries whose arms are being twisted by his wife. I guess that's what happens when you elect a guy based on a word that he never clearly defines. And now he's shuckin' and jivin' for us while Pelosi and Reid load up a so-called "stimulous" package with hundreds of billions of dollars for every failed liberal pet cause from the last 60 years. What everyone in the Obamarama media choir has failed to report, though, is that none of this money exists yet. We're relying on the developing world to buy more of our debt, yet again, and on our great-great-grandchildren's ability to repay that debt. Folks, the pyramid is about to come tumbling down. The world is tired of supporting our financial shell game. It's time to stop spending money that doesn't exist if we want to remain a solvent nation. Oh, but we mustn't listen to Rush and criticize our Dear Leader in his moment of triumph! LOL, very Presidential, getting in a pissing match with a radio talk show host.

Re:Security hole in the White House... (-1, Offtopic)

PopeRatzo (965947) | more than 5 years ago | (#26692975)

And now he's shuckin' and jivin' for us

You're a racist piece of shit.

Short: Don't work as Administrator (3, Insightful)

Anonymous Coward | more than 5 years ago | (#26692119)

This was discussed elsewhere (heise.de) earlier...

Short answer: this only works iff you are logged in as Administrator already...

Prompting the user when this setting is altered is quite worthless - if I have a script on my computer that can simulate keypresses and mouse clicks *nothing* will hinder it to click on "I've read the warning". Even adding captchas/moving the warning around/whatever will only be a fake-solution that will only work 'till there's a better script.

Re:Short: Don't work as Administrator (2, Funny)

ta bu shi da yu (687699) | more than 5 years ago | (#26692281)

Apparently Raymond Chen posted a response at http://blogs.msdn.com/oldnewthing/archive/2009/01/21/9353310.aspx [msdn.com]

It appears that they are getting a "Service unavailable" prompt. Could it really be that they are running their blogs on an IIS server that is running Windows 7? Shock horror, it appears that someone has elevated privileges using vbscript to bypass UAC and has changed the IIS app pool to run under a guest account!

Re:Short: Don't work as Administrator (5, Informative)

Anonymous Coward | more than 5 years ago | (#26692331)

if I have a script on my computer that can simulate keypresses and mouse clicks *nothing* will hinder it to click on "I've read the warning"

That's completely wrong. The entire point of the UAC prompt is that it can't be automatically dismissed by simulated user input. The UAC prompt runs on a separate virtual desktop from everything else (which is why it flickers), and the kernel enforces that only real user input can touch it, and you can't run your own code in the kernel without going through a UAC prompt, so it's secure.

If this guy is right and UAC can be disabled without user input, then the entire UAC system instantly becomes pointless. Saying that you shouldn't be running as administrator is stupid; UAC's purpose was to make it safe to use administrator accounts. If you can't do that, then UAC has failed. Anyway, Administrator accounts are the default and therefore what 99% of users are going to be using.

Re:Short: Don't work as Administrator (4, Insightful)

nstlgc (945418) | more than 5 years ago | (#26692423)

Saying that you shouldn't be running as administrator is stupid; UAC's purpose was to make it safe to use administrator accounts.

Uh no. UAC's purpose is to make it possible (in practice) not to use administrator accounts. Pretty much the complete opposite.

Re:Short: Don't work as Administrator (4, Informative)

Anonymous Coward | more than 5 years ago | (#26692567)

I'm afraid you're wrong. When UAC is on programs you execute are run under your user account which is normally (by default) a member of the Administrators group. However, the programs are run in a special mode where they are prevented from actually using most of the administrative rights granted to your account. (You can read all about it in Wikipedia [wikipedia.org] .) When a UAC prompt comes up you don't have to type a password because you're not logging in to a different account; you're just granting permission to use the full administrative rights your account already has.

It is also possible to use UAC from a non-administrator account. In this mode you must type a password every time a UAC prompt comes up, instead of just clicking "continue". Few people do this because it is not the default setup and it's even more annoying than regular UAC.

Re:Short: Don't work as Administrator (3, Insightful)

Darkon (206829) | more than 5 years ago | (#26692505)

Anyway, Administrator accounts are the default and therefore what 99% of users are going to be using.

And only when Microsoft change this will Windows be half way towards being secure.

Re:Short: Don't work as Administrator (0)

drsmithy (35869) | more than 5 years ago | (#26692847)

And only when Microsoft change this will Windows be half way towards being secure.

Which was done with Vista.

Re:Short: Don't work as Administrator (2, Insightful)

Darkon (206829) | more than 5 years ago | (#26692929)

Which was done with Vista.

No it doesn't. If you install Vista with all the defaults then you are a member of the Administrators group. You still have to go out of your way if you want to start out with a plain old unprivileged user.

Re:Short: Don't work as Administrator (5, Insightful)

Kjella (173770) | more than 5 years ago | (#26692957)

The real problem, and one that doesn't have a good techincal or sociological fix, is that most windows users are doing administration duties that far exceed their skills. Users get confronted with all sorts of dialogs they don't understand but just want to get on with it. I bet you, that if you popped up a page to someone saying "This video needs a newer version of flash" and redirected them to some completely bogus page that gave them a plugin with a completely bogus signature most people would go ahead and install it anyway. What is the latest version anyway? Couldn't even remember who makes it, and those companies keep on merging and rebranding and whatnot. No amount of UAC, or running as an unprivilidged user could possibly fix that because they are the ones with the admin keys and they're handing them out too easily.

Most users don't understand trust, they want to see a nice little lock icon telling them this site is safe, this site is bad. Same goes for plugins. Same goes for software. If you try educating them they'll just go blank *bad thing* *bad thing* *REALLY bad thing* but they won't understand and just want the simple answer. There's some very professional looking sites out there that appear to give you good software. They often even look better than the real deal because the frauds are all about appearances while the real sites focus on delivering good software, no offence intended. While it does amount to some degree of security scissors, most users would be better of if they only downloaded from safe, verified sources of software and plugins. If only Linux would stop asking all the other technical questions, the repository model would be much better for these people. It's not the end-all and be-all of security but it concentrates 99% of the superuser tasks in one place and makes it that much harder for some random application to throw up a superuser prompt.

Re:Short: Don't work as Administrator (1)

Yvanhoe (564877) | more than 5 years ago | (#26692363)

I wholeheartedly agree : don't work as administrator on windows systems.

Re:Short: Don't work as Administrator (5, Insightful)

drsmithy (35869) | more than 5 years ago | (#26692777)

Prompting the user when this setting is altered is quite worthless - if I have a script on my computer that can simulate keypresses and mouse clicks *nothing* will hinder it to click on "I've read the warning".

You mean apart from the inability of your script to interact with the separate Desktop that UAC prompts occur on ?

The beta worked! (5, Funny)

jamesmcm (1354379) | more than 5 years ago | (#26692121)

The beta worked perfectly!
Even the malware will be ready for Windows 7!

Microsoft already replied (5, Informative)

DavidR1991 (1047748) | more than 5 years ago | (#26692127)

MS have already said that this flaw is "by design" to stop the appearance of too many UAC prompts when users alter their own system settings

http://www.istartedsomething.com/20090131/microsoft-dismisses-windows-7-uac-security-flaw-insists-by-design/ [istartedsomething.com]

Re:Microsoft already replied (2, Insightful)

jamesmcm (1354379) | more than 5 years ago | (#26692179)

That's the problem with UAC. Too many prompts and users will just get frustrated and either disable it or blindly hit Ok.

Really, they should make it just notify the user when any software changes any vital settings, it's just too slow otherwise (Try moving Admin, read-only files on Vista, it took ages messing about with permissions and hundreds of UAC windows before it'd move - slowing file management horribly).

Re:Microsoft already replied (4, Insightful)

Jurily (900488) | more than 5 years ago | (#26692329)

That's the problem with UAC. Too many prompts and users will just get frustrated and either disable it or blindly hit Ok.

I disagree. I used Vista exclusively for 5 months, and I only ever got a UAC question when I was trying to change some system settings, and that one time when I didn't, it turned out to be a trojan.

It's not that hard to anticipate a UAC question, really. Just ask yourself: "Would Linux require root for this?"
Actually, UAC is much more permissive.

And the people who get frustrated with it, shouldn't have admin rights in the first place.
Sure, the initial setup and configuration is packed with these, but it's worth it.

Re:Microsoft already replied (2, Interesting)

Nursie (632944) | more than 5 years ago | (#26692369)

UAC is horrible.

Please, it's not just sudo, it's heap of other crap too. It's "I stopped these things from being launched at startup and there's no way to override this behaviour".

It's "I'm silently going to re-route any writes to the C:\Program Files\X directory to a virtual subdirectory under the user account, so that users can see different versions of files when looking in the same place".

It's a lot of annoying, unnecessary and unchangeable crap. That's why I switched it off anyway.

YMMV, you may not want an ext2 driver (not MS signed/approved!) launched at system startup, and you may not ever want to edit any configuration files stored in program files (or never launch processes as another user) but I consider those pretty important.

Re:Microsoft already replied (3, Informative)

nstlgc (945418) | more than 5 years ago | (#26692439)

Please, it's not just sudo, it's heap of other crap too. It's "I stopped these things from being launched at startup and there's no way to override this behaviour".

Your application is trying to be launched at startup in an fishy way. For some reason, my apps are not. HMM.

It's "I'm silently going to re-route any writes to the C:\Program Files\X directory to a virtual subdirectory under the user account, so that users can see different versions of files when looking in the same place".

There's no good reason for writing there, and doing so is exactly what messed up "running as an administrator" in XP and below. Ask the author of your application to make it less retarded.

It's a lot of annoying, unnecessary and unchangeable crap. That's why I switched it off anyway.

Is it? I've seen many, many ways to reduce or even eliminate the warnings, even without turning of UAC. It's almost like you're being proud of being an idiot.

YMMV, you may not want an ext2 driver (not MS signed/approved!) launched at system startup, and you may not ever want to edit any configuration files stored in program files (or never launch processes as another user) but I consider those pretty important.

Yes, I'd prefer that they would install like normal drivers (not at system startup) and that they go through the effort of getting signed. And if you're still on 32bit Windows, this is not even a problem.

But it kinda confirms my thought that you were running vague software written by Linux people for Windows.

Re:Microsoft already replied (3, Interesting)

Nursie (632944) | more than 5 years ago | (#26692525)

"Your application is trying to be launched at startup in an fishy way. For some reason, my apps are not. HMM."

No, my application is not signed or recognised by MS, who believe they should have the final say over these things. A nice little box pops up saying "your system administrator has set policies to stop these things running at startup" and allowing you to click on them to start them up.

*I* am the system administrator and there was no way I could find to stop this behaviour, despite looking in all the UAC dialogs.

"There's no good reason for writing there,"

Says who? Why is it wrong to keep configuration files, which are changed very infrequently, in with the program? And if you feel that strongly, why not actually stop me writing there instead of mapping it somewhere else without telling me? At the moment, if I alter a file for (say) a service, I get no warning and no indication of anything other than a successful write to the file, but whichever account the service runs as sees something different. Unacceptable behaviour.

"doing so is exactly what messed up "running as an administrator" in XP"

No, what messed up "running as administrator" was "running as administrator". I don't need to write to program files to fuck up your system, if anything you run has admin privileges.

"Is it? I've seen many, many ways to reduce or even eliminate the warnings, even without turning of UAC."

Where did I complain about warnings?
I don't give a crap about warnings.

"It's almost like you're being proud of being an idiot."

And it's almost like you can't read.

"if you're still on 32bit Windows, this is not even a problem."

This is all on Vista 32 bit.

But it kinda confirms my thought that you were running vague software written by Linux people for Windows.

And what *exactly* do you mean by that? WTF is wrong with software not written by a company big enough to pay MS to get things signed? Shouldn't I, as an educated power user, be able to decide to run what I want?

Why shouldn't I have the flexibility to run windows with the UAC security turned on (so I get warned about unautorised system changges), but be able to add startup exceptions of my choosing?

It's a clusterfuck, it's a bad hack which fails to leave any room for flexibility, whilst at the same time implementing dodgy compromises in the name of backward compatibility.

Re:Microsoft already replied (3, Insightful)

macs4all (973270) | more than 5 years ago | (#26692949)

"There's no good reason for writing there,"

Says who? Why is it wrong to keep configuration files, which are changed very infrequently, in with the program? And if you feel that strongly, why not actually stop me writing there instead of mapping it somewhere else without telling me? At the moment, if I alter a file for (say) a service, I get no warning and no indication of anything other than a successful write to the file, but whichever account the service runs as sees something different. Unacceptable behaviour.

Um, isn't that exactly what happens in OS X with Preferences?

In OS X (and *NIX???), USER preferences are stored in the USER's "Home" directory. That way, permissions to write the "Applications" directory can be more tightly controlled, AND the USER can be granted permission to write in a relatively safe place (safe "system-wise", that is).

Far be it for me to laud anything MacroSuck does; but, to me, this "symlink" just appears to be MS's attempt to provide a modicum of security for system and application files, while not breaking backward compatibility for every-single-bullshit-written-app that required Admin privileges just because the DEVELOPER was TOO LAZY to put USER settings in the PER USER "Documents and Settings" Directory(ies), and instead wanted to spray files all over the SYSTEM and APPLICATION directories (which are NOT USER-SPECIFIC, of course). And before you cite the meme that "Windows Vista7 doesn't care about backward compatibility.", keep in mind just HOW stupid and suicidal such a move would be for MS if it were TRULY the case...

With OS X's Package approach, you get the best of both worlds: Dependencies are grouped together for easy maintenance, copying, and REMOVAL; but things like Preferences are not only PER USER, but they are in a place that can be written WITHOUT FEAR OF SYSTEM COMPROMISE!!!

Sheesh! Is it REALLY so hard???

Re:Microsoft already replied (3, Insightful)

Anonymous Coward | more than 5 years ago | (#26692351)

they should really make the user account non admin by default, and fuck up all programs written by twelve years old kids each assuming to be the god of the machine. I did tried to use a non admin account, but almost no game worked correctly, even most of the non Microsoft applications tried to write garbage everywhere in the system; no really, the log file in the program folder or windows directory, the savegame in a profile stored beneath the installation directory....

Re:Microsoft already replied (1)

arogier (1250960) | more than 5 years ago | (#26692253)

Wait Microsoft intentionally made an annoying feature insufficiently annoying to prevent greater annoyance? A hole's a hole.

Re:Microsoft already replied (2, Insightful)

Yvanhoe (564877) | more than 5 years ago | (#26692349)

defectivebydesign, then ?

Re:Microsoft already replied (2, Insightful)

The New Andy (873493) | more than 5 years ago | (#26692381)

From Microsoft's reply:

* The only way this could be changed without the userâ(TM)s knowledge is by malicious code already running on the box.

* In order for malicious code to have gotten on to the box, something else has already been breached (or the user has explicitly consented)

What exactly is UAC then trying to protect people against? If protecting against malicious code isn't in the requirements, then it seems pretty useless.

Re:Microsoft already replied (4, Insightful)

mwlewis (794711) | more than 5 years ago | (#26692447)

Isn't that exactly what you quoted? If it's possible for malware to do this on your machine, then somehow it's already gotten past UAC, whether by some other hole, or by the user allowing it. What, exactly, do you suppose UAC is supposed to do in that case?

Re:Microsoft already replied (1)

LingNoi (1066278) | more than 5 years ago | (#26692619)

block further attacks obviously.

Re:Microsoft already replied (3, Insightful)

MrNaz (730548) | more than 5 years ago | (#26692861)

There is no way to properly prevent further attacks once a box is compromised. That's the nature of being compromised.

Re:Microsoft already replied (1)

The New Andy (873493) | more than 5 years ago | (#26692713)

UAC should prevent it from disabling UAC?

I don't see how UAC was supposed to prevent you from downloading said malware, nor should it prevent you from running it - what it should be doing is preventing it from doing anything you didn't authorize it to do.

Re:Microsoft already replied (1)

myxiplx (906307) | more than 5 years ago | (#26692553)

Protect people? Where on earth did you get that idea?

As far as I can see, UAC is all about protecting *Microsoft*. They've just shifted the responsibility for a whole class of security exploits to the end user:

"Infected by a virus? Oh dear, you must have clicked 'accept' at some point, not our fault."
"What do you mean you have to click 'accept' for everything?"

If they were serious about security they wouldn't have buried things like Winternals Protection Manager. That had the potential to really improve security for Windows XP (you could finally run everything as a limited user, and assign individual applications greater rights if needed, and could also whitelist allowed applications in an easy to use manner), but surprise surprise, within a few months of its launch, Microsoft bought the company and discontinued that product.

Ubuntu is vulnerable! (0)

Anonymous Coward | more than 5 years ago | (#26692685)

Ubuntu won't ask for the password for sudo if it has already been asked in the last few minutes.

In theory, a malicious site(Say a botnet master in n00buntuforums) could get you to run a script that uses sudo to gain control of the machine and it would have a high chance of success.

The instructions could even coerce you into using sudo in a safe-looking command such as sudo apt-get youtube-dl after which you would run dancing_bunnies.vbs^H^H^H.sh.

It wouldn't fool you nor me, but it is a serious security concern for the kind of user that would run the vbs in Win7.

Does this mean Ubuntu is vulnerable? At least as much as windows 7.

Re:Ubuntu is vulnerable! (1)

Drinking Bleach (975757) | more than 5 years ago | (#26692953)

It's for convenience really, and it could be turned off. The idea of the default timeout is really so that if you want to run a few root commands in a row, you won't have to retype your password after every try. If you really want to be sure that you never accidentally run sudo see `man sudoers`

timestamp_timeout
Number of minutes that can elapse before sudo will ask
for a passwd again. The default is 15. Set this to 0
to always prompt for a password. If set to a value
less than 0 the user's timestamp will never expire.
This can be used to allow users to create or delete
their own timestamps via sudo -v and sudo -k respec‐
tively.

Note that most distributions don't enable sudo for the user account per default (not even Ubuntu's parent distro, Debian), it would be interesting what the Ubuntu folks would say if you suggested turning off sudo per default.

Re:Microsoft already replied (5, Interesting)

cgenman (325138) | more than 5 years ago | (#26692395)

I kind of agree with the less-is-more approach to end user interactions. I get a lot of clients who have learned to cope with the modern click-prompt overload by simply clicking somewhat randomly on everything that comes up in front of them. Frequently, this leads to disabling some vitally important part of their computer in a way that any person who actually read prompts would have easily avoided.

Sadly, the less computer savvy you are, the more likely you are to be constantly deluged with upgrade prompts from Adobe, install requests for Safari from Apple, and the multitude of prompts when Hewlett Packard's genuinely awful drivers crash. Prompts to continue subscriptions to Symantec, upgrade to the latest acrobat, log in to windows messenger, etc. And, of course, each separate component has its own prompts. "Click here to upgrade. I see you've clicked here to upgrade, would you like me to go to the internet and upgrade? Upgrade will begin when you click the OK button below. Upgrading... Upgrade has completed, click OK below to continue. Thank you for upgrading, please visit unintelligiblylongwebsite.com/pagenobodywilleverclickon.html to give us feedback on this process. Press Dismiss below to return to the installer. Thank you for returning to the installer. If you are satisfied with this interaction, press OK below."

90% of users have no idea what their computer is doing, or should be doing, under the hood. If they weren't already suffering from click-fatigue, they wouldn't be the right people to decide on technical issues anyway.

Obviously, it shouldn't be possible to disable UAC without actually getting a UAC prompt. But in general, UAC is an annoying system that most users completely tune out. Instead of hightening user knowledge, it simply drowns out any real issues.

Re:Microsoft already replied (1)

netsharc (195805) | more than 5 years ago | (#26692497)

Adobe Acrobat is the stupidest in their upgrade regime... it's a non-vital component, but after it updates itself: "You have to restart your computer in order to complete the updates. Restart now? Yes/No".

F*** you, if you were the kernel I'd understand.. you're just a viewer for an overused document format ffs!

Re:Microsoft already replied (1)

jsoderba (105512) | more than 5 years ago | (#26692937)

Why are you installing Adobe Reader? There are several alternatives, like Foxit, that are far less user-hostile.

Re:Microsoft already replied (1)

kvezach (1199717) | more than 5 years ago | (#26692867)

See, this is why Windows is never going to rule the desktop. It doesn't even have a package manager!

Re:Microsoft already replied (1)

spitzak (4019) | more than 5 years ago | (#26692895)

HP's popups are also on Macintosh. I have not figured out how to log in and not have it pop up a "configure your networked printers" dialog. Oh well, I learned you can cancel it and keep going (and the HP printer+scanner works fine!).

Hole (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26692137)

Hole [goatse.fr]

Mechanical Analog (4, Funny)

pm_rat_poison (1295589) | more than 5 years ago | (#26692161)

So, basically, what they did was build a big sturdy door (UAC) and put the treasure (system settings) behind it. Normally you need magic keys (certificates) to enter the door. Then, they built a button that unlocks the door from the outside. Wow!

Re:Mechanical Analog (5, Funny)

Anonymous Coward | more than 5 years ago | (#26692173)

the worst car analogy I've seen on slashdot for a while.

Re:Mechanical Analog (4, Funny)

pm_rat_poison (1295589) | more than 5 years ago | (#26692177)

It's so bad a car analogy, that it doesn't even have cars.

Re:Mechanical Analog (2, Funny)

Anonymous Coward | more than 5 years ago | (#26692231)

You must be new here, that IS a proper car analogy on slashdot.

Re:Mechanical Analog (1)

JohnBailey (1092697) | more than 5 years ago | (#26692475)

So, basically, what they did was build a big sturdy door (UAC) and put the treasure (system settings) behind it. Normally you need magic keys (certificates) to enter the door. Then, they built a button that unlocks the door from the outside. Wow!

Nah.. it's the new Microsoft advertising slogan.. "Windows without walls"

Re:Mechanical Analog (1)

Drinking Bleach (975757) | more than 5 years ago | (#26692987)

But then there's nothing to hold the windows up! ... wait while I call Jay Leno for putting this in his "Truth in Labeling" part of the show

Re:Mechanical Analog (0)

Anonymous Coward | more than 5 years ago | (#26692803)

Now that sounds like the story of Alibaba to me...

Early (2, Insightful)

TehPhoenux (1467111) | more than 5 years ago | (#26692175)

Hey, at least they found it early - this is what beta's are for - now they can build a lock for that door

Re:Early (1)

aXi (6533) | more than 5 years ago | (#26692241)

Which of course will need a button to be disabled as well..
So now we have a vault with a complex combination, Which can be opened by turning it on it's side. Now we are going to add a second layer to the security, so we are adding a padlock. To make sure the padlock and the safe can be opened in case of emergency, we add as a security feature that the padlock when held upside down will open with the combination/key. All of this will need another security......etc, etc.

The best way to secure a microsoft windows based system, is by leaving the power switched OFF.
On that note the only way to secure any system at all is by leaving it powered off in a vault and throwing away the key, so no one can steal the hardware.

Re:Early (1)

aXi (6533) | more than 5 years ago | (#26692273)

we add as a security feature that the padlock when held upside down will open with the combination/key.

Should have been: we add as a security feature that the padlock when held upside down will open without the combination/key.

Beta != fundamental testing (1)

CarpetShark (865376) | more than 5 years ago | (#26692391)

While betas do help with testing, they're certainly not for such fundamental security testing. If they couldn't prove with hard math that their root access was limited properly, they should at least have had a bunch of unit tests for every variation from the tried and tested unix sudo model.

Fix it FFS. (1, Interesting)

yakumo.unr (833476) | more than 5 years ago | (#26692193)

re. MS's 'By Design' / 'Won't Fix' response, they basically say - 'This doesn't matter as if this happens you are already infected'.

You need the damn UAC setting prompt so you are ALERTED TO THE FACT THAT THIS HAS HAPPENED SOMEHOW ASAP.

Yes the user may have done something stupid to allow infection, but the UAC setting prompt would then protect them from further damage even before the malicious code check package was updated to find whatever was out there infecting systems.

The Highest UAC setting would prevent this but it is not default.

All they have to do to fix this entirely, and make the current default not effected by this flaw, is change the UAC settings security certificate.

Re:Fix it FFS. (2, Insightful)

jamesmcm (1354379) | more than 5 years ago | (#26692213)

Well really there's a compromise between security and usability with the UAC. Given Windows' diverse user base, it must be very accessible and so they lower the security of UAC to stop it interfering.

Of course they should fix this bug, but having too much UAC makes it frustrating and useless as people disable it, and too little obviously doesn't do enough. It's a very hard compromise.

Excuse me (1)

A Wise Guy (1006169) | more than 5 years ago | (#26692205)

But your settings have been altered for better net penetration, do you want to allow?

Not News /. (0)

Anonymous Coward | more than 5 years ago | (#26692227)

It's Still Beta... Why bother with the article

It IS a problem, because it is being rushed out! (1, Troll)

ed (79221) | more than 5 years ago | (#26692237)

Microsoft feel happy wnough with Windows Vista SP2

So much that they are not bothering with a second Beta

So what you have in your hands now is pretty much how it may ship

http://www.theregister.co.uk/2009/02/02/windows_7_no_second_beta/ [theregister.co.uk]

Re:It IS a problem, because it is being rushed out (1)

arogier (1250960) | more than 5 years ago | (#26692301)

Vista service pack 2 seems a rather apt way to describe windows 7. I seem to think rather vista may be a late alpha or early beta or Windows 7 (its not like the number actually has a real sequential meaning).

duh (0)

Anonymous Coward | more than 5 years ago | (#26692233)

its a microsoft windows beta, are you really surprised at all that there is a security breach?!

Re:duh (0)

Anonymous Coward | more than 5 years ago | (#26692283)

its a microsoft windows product, are you really surprised at all that there is a security breach?!

FTFY.

How hard is it to copy something... (5, Insightful)

51M02 (165179) | more than 5 years ago | (#26692245)

correctly.

I mean, Linux and MacOSX (and others) have sudo for years, the original code dating back to 1980 according to Wikipedia.

The concept is not new : type your password to gain access to some privileges. That way bots and virus can't do everything while you can still administrative tasks easily.

My question is how hard is it to copy some 25 years old functionality (marketing it as brand new) and still don't get it right.

whoa, recursive Meta-UAC (5, Funny)

rarel (697734) | more than 5 years ago | (#26692257)

From TFA: Microsoft could remedy the problem by prompting the user when the UAC setting is altered.

==============

"It look like you're trying to alter the UAC settings, Cancel or Allow?"
*click*
"It looks like you've confirmed the change in UAC settings, Cancel or Allow?"
*click*
"The UAC settings have been altered, Cancel or Allow?"
*click**click**click**click**click*-----INPUT DEVICE FAILURE

Re:whoa, recursive Meta-UAC (0)

Anonymous Coward | more than 5 years ago | (#26692451)

"You just clicked 'Allow', Cancel or Allow?"

It's a double-edged sword (3, Insightful)

jimicus (737525) | more than 5 years ago | (#26692261)

With Vista, there's no (official, at least) way to disable UAC except by a user actively going to Control Panel and disabling it.

This breaks a lot of things - particularly a lot of stuff concerning scripted/automated installers.

The obvious solution to this is to provide a way for a script to disable and enable UAC. But as soon as you do that, a lot of the protection offered by UAC disappears.

Re:It's a double-edged sword (3, Insightful)

yakumo.unr (833476) | more than 5 years ago | (#26692335)

The obvious solution to this is to provide a way for a script to disable and enable UAC. But as soon as you do that, ALL of the protection offered by UAC disappears.

Fixed.

Re:It's a double-edged sword (1)

Fackamato (913248) | more than 5 years ago | (#26692473)

With Vista, there's no (official, at least) way to disable UAC except by a user actively going to Control Panel and disabling it.

This breaks a lot of things - particularly a lot of stuff concerning scripted/automated installers.

Hm, that's strange, I've never used UAC and I've used Vista since SP1 came out. I've never had any issues with any installers.

Re:It's a double-edged sword (2, Insightful)

Seth Kriticos (1227934) | more than 5 years ago | (#26692479)

Wait a sec. When did the UAC ever provide protection for the system? Even before it appeared, nobody read the waring dialogs. The design failure was to try improving the security by prompting even more dialogs which led to the phenomenon that even less of those dialogs were ever read.

I still think it would be a better way to teach the user about security than to prompt him messages he/she does not understand anyway.

How about including a security and basic computer usage tutorial in the OS? Put in some porn and computer security will rise at once!

In other news, security hole in sudo (1)

mpcjans (1258784) | more than 5 years ago | (#26692269)

Setting sudo settings to NOPASSWD for a user will result in an exploitable security issue. proof of concept:

sudo rm -Rf /

Big deal, just use Vista where you'll get a UAC dialog for everything by default. That will 'fix' this issue.

Pointless. (3, Interesting)

janopdm (1292860) | more than 5 years ago | (#26692291)

Tell me about security holes after Microsoft fix the following UAC issues:
  1. Any process can perform a read on the whole system disregarding integrity levels.
  2. Any installer runs with full access to the system, allowing even kernel modifications.
  3. Any process can send a window message to any other process disregarding integrity levels.
  4. UAC uses heuristics to find out which privileges are required by each program.

UAC (4, Funny)

essence (812715) | more than 5 years ago | (#26692337)

all this talk of UAC makes me feel like playing some doom again.

Security in UAC (4, Insightful)

SeaFox (739806) | more than 5 years ago | (#26692343)

The biggest security hole in Windows 7's UAC is the user.

Re:Security in UAC (1)

jamesmcm (1354379) | more than 5 years ago | (#26692373)

Well I think the UAC triggers a bit too much - this leads users to just hit Ok blindly. At least on OS X if it asks me for my password I know it's serious business.

UAC does seem a bit futile really, like patching a leaking boat.

Re:Security in UAC (2, Insightful)

mrapps (1025476) | more than 5 years ago | (#26692393)

The biggest hole in ANY system is the user. Not particularly a Windows 7 user..

Re:Security in UAC (1, Funny)

Anonymous Coward | more than 5 years ago | (#26692491)

Dude, you're a hole!

Re:Security in UAC (0)

Anonymous Coward | more than 5 years ago | (#26692609)

Dude, you're a a-hole!

Fixed that for you

Re:Security in UAC (0)

Anonymous Coward | more than 5 years ago | (#26692885)

Dude, you're an a-hole!

Fixed that for you

Re:Security in UAC (1)

SirGarlon (845873) | more than 5 years ago | (#26692723)

Well we've got to get rid of that guy then!

Actually, I disagree. Requiring the user to click "I agree" isn't security, it's nagging. A judge might agree that the user's responsible for whatever if he clicks "I agree," but I am less forgiving. If a botnet is trying to take over the system and the only thing standing in the way is a dialog box, then security has already failed.

Long Zheng seems like a nice bloke (3, Informative)

amirulbahr (1216502) | more than 5 years ago | (#26692375)

but is certainly no security expert [istartedsomething.com] .

Re:Long Zheng seems like a nice bloke (2, Funny)

moriya (195881) | more than 5 years ago | (#26692585)

Actually... I doubt I'd call him nice since... well, I'll quote a small excerpt from the link:

First, I was originally going to blackmail Microsoft for a large ransom for the details of this flaw, but in these uncertain economic times, their ransom fund has probably been cut back so I'm just going to share this for free.

Let's see what other people think of him now...

Watchmen (2, Funny)

Thanshin (1188877) | more than 5 years ago | (#26692377)

But... Who controls the user acces to the user access control?

"A prolific blogger ..." (5, Insightful)

timmarhy (659436) | more than 5 years ago | (#26692411)

people if that's not a big big warning sign i don't know what is. you know what this guy has discovered? if you login as administrator, attackers can do the same things you can.

This is no different to me browsing the web as root in linux and running any shit that pops up

Anonymous submitters (4, Interesting)

macraig (621737) | more than 5 years ago | (#26692419)

I wonder if Slashdot should allow anonymous article submissions? Isn't it useful information to know if the submitter is also the subject of the article or its reference source? Shouldn't we be allowed to know that, so we can better judge the credibility of the article and its source(s)? Transparency is ALWAYS good.

What if the anonymous reader who submitted this was Roland P.? Wouldn't we wanna know that?

Re:Anonymous submitters (1)

Zouden (232738) | more than 5 years ago | (#26692521)

I'm sure his widow certainly would.

Re:Anonymous submitters (1)

macraig (621737) | more than 5 years ago | (#26692565)

See, I would, too! A dead guy submitting articles would be actual news. We might have to question the articles a bit more, too.

Re:Anonymous submitters (4, Informative)

MichaelSmith (789609) | more than 5 years ago | (#26692533)

What if the anonymous reader who submitted this was Roland P.? Wouldn't we wanna know that?

That would certainly be something [slashdot.org] .

Re:Anonymous submitters (1)

macraig (621737) | more than 5 years ago | (#26692601)

(I knew he was dead... I was making a point with humor.)

Re:Anonymous submitters (0)

Anonymous Coward | more than 5 years ago | (#26692873)

(I knew he was dead... I was making a point with humor.)

While it is true that Roland P. has passed away, you were not making a point, nor with humor. (1 out of 3 ain't bad, I suppose)

Re:Anonymous submitters (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26692733)

Slashdot's readership seem to be very pro-privacy, and your highly rated comment is contradicting that philosophy. Governments would like every byte on the Internet to be traceable, is that transparent? If they got their wish, and then shared all traces, would that be transparent?

This is an intellectual site, and the articles posted are (ideally) meant to be interpreted objectively -- Slashvertising, astro turfing, and shameless self-promotion are not to be combated with transparency, but with the strength of logic.

My opinion is that Slashdot's article submitters should continue to have the choice to remain anonymous. If a story is crap, the identity of the submitter shouldn't be necessary to detail the ways the story is crap.

This argument is also simply ideological, technically speaking a submitter can create a Wikipedia-style sock puppet and submit the story via an unsecured proxy.

Posting this anonymously for the irony.

Re:Anonymous submitters (3, Funny)

Coppit (2441) | more than 5 years ago | (#26692875)

What if the anonymous reader who submitted this was Roland P.? Wouldn't we wanna know that?

Yeah, I sure as hell would want to know that [slashdot.org] !

Re:Anonymous submitters (1)

Dhalka226 (559740) | more than 5 years ago | (#26692887)

I wonder if Slashdot should allow anonymous article submissions? Isn't it useful information to know if the submitter is also the subject of the article or its reference source? Shouldn't we be allowed to know that, so we can better judge the credibility of the article and its source(s)? Transparency is ALWAYS good.

If two stories are submitted on the same subject, one with an anonymous submitter and one without, then they should use the non-anonymous one. This I can agree with; as you say, transparency is good.

But if it's a choice between seeing a story with an anonymous submitter and not seeing it at all, I'd rather we see it. Ultimately, there's nothing wrong with bias. The only issue is whether or not it affects the information. So, look at the information and judge for yourself. If there's not enough to make a guess, default to whatever position you prefer. In this particular case I don't see how somebody saying there's a security hole in a product suffers from bias; there's a security hole or there's not. If there's not, well, that's not bias, that's an outright lie, and it's an entirely different problem--one that wouldn't have been fixed by knowing the Internet alias of the person who submitted it. (Surely you're not suggesting people be forced to give their actual names if they aren't comfortable with that, right?)

What if the anonymous reader who submitted this was Roland P.? Wouldn't we wanna know that?

Nope. In a case like that, I think it being anonymous would actually be a good thing. I never understood the furor; I'm interested in what someone's posting or I'm not, and the answer to that has absolutely nothing to do with who that someone is.

Re:Anonymous submitters (0)

Anonymous Coward | more than 5 years ago | (#26692905)

What if the anonymous reader who submitted this was Roland P.? Wouldn't we wanna know that?

No.

Hmmm (2, Insightful)

Mr_Silver (213637) | more than 5 years ago | (#26692501)

Seems like an odd bit of "by design".

Unless i'm mistaken, I (as a user) could download an application and run it on the mistaken assumption that my UAC settings would alert me if anything suspicious is going to happen.

The application could then drop my security level to the lowest possible (without me knowing) and then start silently installing a bunch of other stuff with no UAC prompts. If it was particulary careful, it could then reset the UAC level back to the what it was before it started.

I'm now completely compromised without the slightest indication that anything suspicious happened.

Article titled is inaccurate (0)

Anonymous Coward | more than 5 years ago | (#26692535)

It should read, "Security Hole in Windows 7 BETA UAC". I know that it's hard to believe, but beta code is not the same as gold code, and consequently there may be a number of issues. Anyone who finds a bug or hole in a beta version of software and then trumpets it as proof of anything is clearly just trying to make sensationalist headlines.

Heh (1)

glwtta (532858) | more than 5 years ago | (#26692589)

Even the anonymous submitter can't muster up a more flattering adjective for the author than "prolific" - I'm sure I am about to enjoy a quality article.

YES YES YES (1)

Karem Lore (649920) | more than 5 years ago | (#26692677)

Another UAC prompt...Yes, by all means, not like there isn't enough of them already!

Why does Windows make such a meal of user security (1)

Viol8 (599362) | more than 5 years ago | (#26692835)

I don't use Windows much so perhaps I'm missing something obvious, but why is it so hard for MS to implement this sort of system? Unix has managed it with root, groups since the 70s and with ACLs, su, sudo etc since the 80s so why can't MS manage to get right something so simple and so fundamental to a multi user OS in 2009?? And why would you need it much anyway? If you're simply installing an app (as opposed to an OS/library update) why would you need administrator/root type access anyway?

UAC is a stupid idea (2, Insightful)

Peaker (72084) | more than 5 years ago | (#26692883)

If you look at the computer as a whole, it is incredibly stupid that after the user selects some option, the computer will pop up a dialog asking the user if he is indeed the one who selected this option.

I realize the series of historic accidents that led to this absurd situation - but couldn't they figure out a better way that does not make the computer behave so incredibly stupidly?

Another Cycle (1)

WheelDweller (108946) | more than 5 years ago | (#26692965)

This is a usual, start-of-life report. Keep in mind: if Microsoft should ever be competent at patching the holes in their OS, Russian mobsters will probably put out a hit on him. Too much money is made on this broken OS.

Just as AVG, McAffee and more.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>