×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Users' Admin Logins Make Most Windows Malware Worse

samzenpus posted more than 5 years ago | from the protect-yourself-at-all-times dept.

Microsoft 420

nandemoari writes "A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges — an issue Microsoft has been hotly debating recently. According to BeyondTrust Corp., the result of the analysis of the 154 critical Microsoft vulnerabilities indicated that a full 92% could have been prevented if users were not logged into their systems with administrator status. BTC believes that restricting the number of users who can log in with these privileges will 'close the window of opportunity' for attackers. This is particularly true for users of Internet Explorer and Microsoft Office."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

420 comments

Frosty piss! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26734143)

I suck nigger dicks for fun and profit!

Re:Frosty piss! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26734289)

Sure I will skull fuck you for 25 cents.

First (-1, Troll)

kboodu (927349) | more than 5 years ago | (#26734145)

Oh, come on. I can't be first, can I? Not with all the people out there. This can't possibly be Windows 1.0?

Cancel or Allow (5, Funny)

Anonymous Coward | more than 5 years ago | (#26734153)

Would you like to install a virus? [Cancel/Allow]

Re:Cancel or Allow (5, Interesting)

flowsnake (1051494) | more than 5 years ago | (#26734637)

"Polite [clem-digital.net] ", a virus for Microsoft Word, already did this back in the mid 90's! When you try to save a file the virus macro asks "Shall I infect the file?", and kindly refrains from doing so if you click say no.

Re:Cancel or Allow (1, Informative)

Anonymous Coward | more than 5 years ago | (#26734663)

But with Microsoft's track record, would they be as kind as to do that?

TFA mentions the dup (2, Informative)

Anonymous Coward | more than 5 years ago | (#26734169)

From TFA:

In recent news, two bloggers were able to demonstrate the threat posed by the Vista's Windows User Accounts Control (UAC) feature. UAC, a feature that provides a prompt when users attempt to perform tasks such as installation of new programs or changes to settings, is meant to provide added security to the system. (Source: computerworld.com)

In other words, it's a dup of the recent disussion about the Security Hole In Windows 7 UAC [slashdot.org] .

Recycle your old comments here.

Gerald (3, Funny)

Anonymous Coward | more than 5 years ago | (#26734187)

Everyone knows from recent news that microsoft has removed the innards of windows 7 and replaced them with "gerald", a lovable computer literate field mouse.

Gerald is cheap, congenial, and zippy, but unfortunately has very poor judgment.

-my apologies to plasmacutter

You mean... (5, Insightful)

laughingcoyote (762272) | more than 5 years ago | (#26734173)

Not running as a fully-privileged user reduces your security risk? Who knew!

This is not news. The question is why it hasn't been meaningfully addressed in Windows for such a long time.

Re:You mean... (5, Insightful)

Urd.Yggdrasil (1127899) | more than 5 years ago | (#26734229)

It would be a hell of alot easier of software developers didn't require administrative privileges when they really don't need them. I tried to run in a "user" usergroup when I replaces win2k pro with win xp pro but nothing ran correctly. I tried using the "run as" menu and a program called sudo-win which would elevate my privs temporarily then reduce them again. Nothing would install correctly, nothing would run correctly. Even programs that don't use any administrator functions or zones wouldn't work correctly. Realistically, running in a non-admin account is a pain in the ass.

Re:You mean... (4, Insightful)

Spit (23158) | more than 5 years ago | (#26734389)

Realistically, running in a non-admin account is a pain in the ass. ...in Windows.

Re:You mean... (3, Insightful)

Z00L00K (682162) | more than 5 years ago | (#26734435)

Running a non-admin account works fine if you only run the office package, but as soon as you plan to do something slightly advanced you end up with failed permissions and other types of obnoxious behavior - which is hard to figure out because Windows won't tell you because you don't need to know.

Re:You mean... (3, Informative)

93 Escort Wagon (326346) | more than 5 years ago | (#26734437)

Realistically, running in a non-admin account is a pain in the ass. ...in Windows.

It's absurdly easy to do in Mac OS X - you don't even have to think about it. If you need to run as an admin, the OS figures it out and prompts you.

Actually it's so easy that it drives me nuts Apple hasn't taken the next step - something XP actually does - and have you first set up an admin account, then set up a "normal" account for day to day activities. If any single thing contributes to the first widespread Mac virus/worm/whatever, I bet it'll be the number of unnecessary admin accounts being used.

And before someone brings it up - it's not that difficult to work around the "it'll prompt you for your password" protection that supposedly will warn you if something tries to take advantage of your admin status. You just need to know a bit about the command line, since the Applications directory is writable to anyone in the admin group.

It's going to take a moment... (5, Funny)

symbolset (646467) | more than 5 years ago | (#26734589)

A Mac fan extolling the merits of the command line.

It's going to take some time to get used to. Forgive me.

Re:You mean... (0)

Anonymous Coward | more than 5 years ago | (#26734591)

Dang! According to you sig you must've just got a circumcision! Yow!

Re:You mean... (1)

philspear (1142299) | more than 5 years ago | (#26734459)

Realistically, running in a non-admin account is a pain in the ass. ...in Windows.

...on a computer.

(was today "add an ellipsis and then point out something obvious" day and nobody told me?)

Re:You mean... (1)

lorenzo.boccaccia (1263310) | more than 5 years ago | (#26734599)

Realistically, running in a non-admin account is a pain in the ass. ...in Windows. ...on a computer.

...turned on.

felicitations! and now, what would we use for the Google homepage logo?

Re:You mean... (4, Interesting)

shutdown -p now (807394) | more than 5 years ago | (#26734541)

It would be a hell of alot easier of software developers didn't require administrative privileges when they really don't need them. I tried to run in a "user" usergroup when I replaces win2k pro with win xp pro but nothing ran correctly. I tried using the "run as" menu and a program called sudo-win which would elevate my privs temporarily then reduce them again. Nothing would install correctly, nothing would run correctly. Even programs that don't use any administrator functions or zones wouldn't work correctly. Realistically, running in a non-admin account is a pain in the ass.

For all the flak that it (mostly rightly) gets, Vista did change that for good. Since its release, the percentage of apps that require admin privileges to run dropped very significantly - so much so that the only one I still have installed on my desktop is Acronis True Image, and that one actually needs it, as it does disk-level backup (though it should really rather pop up the UAC prompt when it actually starts backing up, and not on startup).

Re:You mean... (1)

ion.simon.c (1183967) | more than 5 years ago | (#26734567)

I tried to run in a "user" usergroup when I replaces win2k pro with win xp pro but nothing ran correctly.

My anecdotal experience does not match your own.
I have a Windows Server 2003 machine that I use to play video games at home. My primary user account is unprivileged. The only non-installer app that I've run into that required Admin privs was Quake (3? 4?)'s PunkBuster. (Why the fuck it needed privs, I have no idea. It didn't get em, and was shitcanned before the day was out.)
Run As... works for everything but launching Windows Update, or running an app that lives on a mapped network share.

I have a Windows XP Pro machine that I use to do development at work. Company policy dictates that I run as a limited user. (VS 2003 and up dictate that I have be a member of the Debugging Users group. This is the only concession that the Company is willing to make.) I am able to do development work in this environment. I've been able to run every piece of development-oriented software that I've come across. I'm able to run all of the MSFT Office suite. If I need an app installed, I get a Sysadmin to install it for me. (This process is really less painful than it sounds.)

Anecdotal evidence sucks.

Re:You mean... (1)

maskedbishounen (772174) | more than 5 years ago | (#26734617)

I recently set up a secondary gaming box with a limited user account for a MMO that has to be constantly updated else it won't run. It was a bit of a pain since it insists on writing a cache file in %WINDIR%. Then it has a registry setting that, by default, limited users cannot change. After a few more bumps, it has worked flawlessly.

For the most part, it's just lazy development teams who can't be arsed to "fix" their code. There's probably a moral here about open source. Who knows.

Also... (1)

symbolset (646467) | more than 5 years ago | (#26734233)

Having no open ports.

Having a reliable software repository.

Sanitizing your inputs.

The question is why it hasn't been meaningfully addressed in Windows for such a long time.

I can agree with that if by "for such a long time" you mean since before Microsoft was a company [wikipedia.org] . They've ignored security best practice for their entire history. It's been a winning strategy before now. Why change?

It's a conspiracy! (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26734571)

They're paid off by the Anti-Virus companies. If not for administrative login, who would buy their crap?

Re:Also... (1)

ion.simon.c (1183967) | more than 5 years ago | (#26734575)

Having no open ports.

This is overkill. If your software will only accept connections from whitelisted hosts (or subnets, you get the picture), then one can have all of the open ports that they wish. The app on the other side of em won't give attackers the time of day. :)

Re:You mean... (4, Insightful)

EvolutionsPeak (913411) | more than 5 years ago | (#26734271)

The question is why it hasn't been meaningfully addressed in Windows for such a long time.

This question has long been addressed as well. There are several reasons, but I'd say the primary one is that it breaks compatibility with too many applications. Since Windows has given administrative privileges by default for so long, programmers have assumed that the user will have them and do things that require those privileges, like write into the Program Files directory.

Vista took many steps to meaningfully address the issue.
UAC has been part of an attempt to rectify the problem by not allowing the administrative privileges to be used without user intervention.
It also acts as a form of "sudo" so that its possible to run as an unprivileged account. However, it is a giant pain because the aforementioned coding practices induce a million popups.

Re:You mean... (5, Insightful)

LoadWB (592248) | more than 5 years ago | (#26734311)

Seconded. When you have mainstream applications like Peachtree, QuickBooks, Timberline, and even some of Microsoft's own products, requiring administrator access to a workstation, limiting rights is difficult.

(Mind you, I speak from a purely XP-standpoint. We have had so many problems with Vista at sites which have tried to implement it that we do not use it. And others do not have the hardware to run Vista.)

IIRC, I have also run into issues with AutoCAD, some network scanner drivers, and the like.

Mostly, the ways around these requirements are convoluted or require in-house admin staff to handle minor requests which need immediate attention.

Re:You mean... (3, Funny)

gmack (197796) | more than 5 years ago | (#26734453)

UAC's constant nagging is actually there to piss off users of bad software and put pressure on application makers so they will go through the trouble of designing software that doesn't need constant admin access.
 

Re:You mean... (0)

Anonymous Coward | more than 5 years ago | (#26734521)

Ya, that worked out well.

Microsoft Legacy is Microsoft's biggest problem (3, Interesting)

erroneus (253617) | more than 5 years ago | (#26734357)

I am sure this is not news to anyone whether you love or hate Microsoft. The fact is the coding practices commonly followed under DOS and then under Windows have been rather poor. The reasons for it are many, but largely because of a thirst for performance. But in order to keep people hooked on Windows, they have to keep supporting the mistakes of others as well as their own. This is what they call "backward compatibility."

But there is a way out of it and for some reason they seem unwilling to do it. Write a new OS, virtualize old Windows for "legacy support" and eventually all the software vendors will port their code to work with the new Microsoft OS natively just as they did with Mac OS X. I can't imagine why Microsoft is unwilling to do that... got any suggestions anyone?

Re:Microsoft Legacy is Microsoft's biggest problem (2, Insightful)

gmack (197796) | more than 5 years ago | (#26734479)

Microsoft's biggest market advantage is the amount of legacy software that supports their platform.

Rewriting an app to be cross platform is not much more work than rewriting for a single OS so if they force application makers to do a complete rewrite they risk having them rewrite using cross platform libraries.

Re:Microsoft Legacy is Microsoft's biggest problem (5, Insightful)

Tatsh (893946) | more than 5 years ago | (#26734551)

I am sure this is not news to anyone whether you love or hate Microsoft. The fact is the coding practices commonly followed under DOS and then under Windows have been rather poor. The reasons for it are many, but largely because of a thirst for performance. But in order to keep people hooked on Windows, they have to keep supporting the mistakes of others as well as their own. This is what they call "backward compatibility."

But there is a way out of it and for some reason they seem unwilling to do it. Write a new OS, virtualize old Windows for "legacy support" and eventually all the software vendors will port their code to work with the new Microsoft OS natively just as they did with Mac OS X. I can't imagine why Microsoft is unwilling to do that... got any suggestions anyone?

I have been suggesting this for years. Enterprise (Microsoft's most important customer base), in general, does NOT want it. Seemingly they want the 'good ole' x86 to live forever and Windows to run programs written for DOS 5.0 even in 2009 and beyond. Ridiculous, but it is true.

If you are a business who relies upon some certain software to get work done and do NOT have the time, money or resources to switch to something else, it is in your interest to demand your software vendor (in this case Microsoft) NOT to remove compatibility for X application.

If you look at the Windows 2000 leaked source code, you can find plenty of comments about VERY specific application fixes. Yes, XP broke stuff. Vista broke more. But it probably did not break what the enterprises care about (Vista likely did break many things, hence why 7 is being rushed and so many enterprises skipped Vista and will go to 7 after some extensive testing).

Today I experienced a game that does not work on Vista. Microids' Corsairs from 1998, made for Windows 9x. Tried compatibility modes, the latest patches, etc. It just kept crashing. Microsoft does not care about your 'classic' games at all. All they care about is the enterprises who actually buy the expensive volume licenses Microsoft is always trying to sell.

suits, end-users dont grok security (0)

Anonymous Coward | more than 5 years ago | (#26734647)

suits make purchase decisions.
end users make no decisions - purchase or whatever.
"Where's my Word?"
And those people keep buying without asking.
Hail the free market economy!

When I had applications like that in UNIX-Linux .. (1)

jotaeleemeese (303437) | more than 5 years ago | (#26734649)

I sent them back to the company that develops the software to fix it.

I would do the same if I was working with Windows.

I know not everybody can do this, but tech heads working in big companies have a moral duty to force manufacturers to change their insecure ways.

Re:You mean... (1)

GF678 (1453005) | more than 5 years ago | (#26734287)

The question is why it hasn't been meaningfully addressed in Windows for such a long time.

They tried with Vista. It failed for the most part because running in a standard user account with UAC was annoying for a lot of people, so they turned UAC off (which turns the standard account into an administrator account pretty much).

Now most of the blame here should go to apps which insist on using admin access for regular operations (not including installation or maintenance). The rest should go to Microsoft for having UAC so insistent on things that shouldn't matter. A slightly more relaxed UAC would work very well, which is what I'm hearing in Windows 7.

Re:You mean... (1)

i.of.the.storm (907783) | more than 5 years ago | (#26734401)

I agree, although by the way you've got it a bit backwards. UAC makes admin accounts run as a regular user by default, and elevates privileges when they are needed. It also lets you elevate privileges from a standard account to an admin by entering an admin's password, but that's not the usual setup I guess. Unless by standard account you mean the default account when you install Windows, in which case I just misunderstood you.

Re:You mean... (1)

Dyinobal (1427207) | more than 5 years ago | (#26734299)

Not running as a fully-privileged user reduces your security risk? Who knew! This is not news. The question is why it hasn't been meaningfully addressed in Windows for such a long time.

Indeed this has been known for ages. I'm surprised it's made it to the front page of /.

Re:You mean... (5, Interesting)

Opportunist (166417) | more than 5 years ago | (#26734439)

The question is why it hasn't been meaningfully addressed in Windows for such a long time.

Because it would break compatibility. Actually, and I hate to say it, it ain't MS's fault. Or at least not only theirs.

A simple example: In the good (bad) old days of 95 and 98 and the lack of sensible rights management, it didn't matter whether you use the HKLM or the HKCU registry branch. Both were equally unprotected, and since your software worked with every user (and you needn't care about such trivialities as watching out for a lack of reg keys), software vendors simply dumped their registry junk into the HKLM tree.

The same applies to access to sensible system areas, like drivers (copy protection crapware) or code injection. Programmers simply assumed it is possible because hey, the system didn't really care about it!

In comes Win2k and suddenly, when you are not logged in as admin, your games don't work. Now why the hell does a friggin' game need admin rights, you ask? Because it wants to load a copycripple driver, because it wants to write in the HKLM (or similar sensible) hives or because of other things that didn't matter earlier due to a lack of rights management and due to being the easy way out of a programming problem.

MS is to blame to allow this for far too long. Users are to blame to put up with it and accept that they're "forced" to use admin privs to run programs. And most of all, programmers are to blame that took the easy way out and ignore rights. No, they needn't be able to forsee it (even though they should have). But since the practice still prevails (run a copy protected game without admin rights, see if you succeed), the blame is squarely on third party software. Not MS this time.

I hate to say it, and I know it's unpopular on /. to "defend" them. But it's not MS that has dropped this ball.

Re:You mean... (0)

Anonymous Coward | more than 5 years ago | (#26734507)

The question is why it hasn't been meaningfully addressed in Windows for such a long time.

Because it would break compatibility. Actually, and I hate to say it, it ain't MS's fault. Or at least not only theirs.

Is a design failure from Microsoft. They take the easy way and now it becomes the ugly way.

Re:You mean... (1)

ion.simon.c (1183967) | more than 5 years ago | (#26734587)

In comes Win2k and suddenly, when you are not logged in as admin, your games don't work.

All of my games work as a limited user.
I've been running some old and some new games.

(I might be biased, though. I can't imagine that I would keep playing a game the required me to run as Admin.)

Re:You mean... (1)

LordLucless (582312) | more than 5 years ago | (#26734593)

Sort of. If 95, 98, etc had had proper user segregation, the proliferation of poorly-written software would never have happened. MS wrote an OS that allowed developers to take insecure shortcuts. Now that they're trying to shore up their system, their previous lack of security is holding them back. Now, it's not MS' fault in that their modern OSes generally try and do the right thing in regards to user privelege. But their old systems don't, and it's their own past actions that are biting them in the backside now.

Simple prevention... (2, Informative)

Anonymous Coward | more than 5 years ago | (#26734199)

Run anything internet-facing with DropMyRights.exe.

http://voices.washingtonpost.com/securityfix/2006/04/windows_users_drop_your_rights.html

Re:Simple prevention... (2, Informative)

Anonymous Coward | more than 5 years ago | (#26734253)

Microsoft link to dropmyrights:

http://msdn.microsoft.com/en-us/library/ms972827.aspx

Re:Simple prevention... (4, Funny)

symbolset (646467) | more than 5 years ago | (#26734291)

Or you could use a modern antivirus like antivirus2009 [google.com]

It stops everything.

Re:Simple prevention... (0)

Anonymous Coward | more than 5 years ago | (#26734573)

I've had to clean that piece of crap malware off of seven different peoples machines in the last 15 days.

As the qoutable Dan Quayle said... (1)

symbolset (646467) | more than 5 years ago | (#26734655)

About the position of Vice President of the US: "It's indoor work with no heavy lifting."

Dupe (4, Insightful)

Anonymous Coward | more than 5 years ago | (#26734201)

The vulnerability is in Windows 7's UAC, not Vista's, so that part of the story is not only wrong but a dupe of the previous "UAC vulnerability" article. As for the rest of the story, it's just marketing copy for BeyondTrust Corp. Congratulations samzenpus, you've posted perhaps the first article that's wrong, dupe, blogspam, and slashvertisement all at the same time!

Re:Dupe (0)

Anonymous Coward | more than 5 years ago | (#26734631)

you've posted perhaps the first article that's wrong, dupe, blogspam, and slashvertisement all at the same time!

YMBNH

Windows "Run as Root" Culture is the Problem (4, Insightful)

CodeBuster (516420) | more than 5 years ago | (#26734203)

The history and culture of Windows is at least as responsible for the "run as root" problem as any shortcomings, and there were many over the years, in the OS itself and although Windows OSes has progressively improved security over the years there is only so much to be done, on any system, when users have been trained to run as root and click "yes" everytime. Of course, malicious programs like downadup and the infamous ClickYesToContinue ActiveX certificate debacle don't help matters.

Re:Windows "Run as Root" Culture is the Problem (1)

magamiako1 (1026318) | more than 5 years ago | (#26734247)

Uhm...

Microsoft has had Windows setup to not require administrative privileges for many, many, many years.

I blame software developers who abused the fact that people did.

Re:Windows "Run as Root" Culture is the Problem (1)

Opportunist (166417) | more than 5 years ago | (#26734487)

It's not MS that requires it. It's moronic third party programs that want to write to protected registry hives, install drivers (copy protection is notorious for this) or alter system libraries, all things they should not require usually. Of course, updating the graphics drivers does. But what does a simple game need admin privs for?

Re:Windows "Run as Root" Culture is the Problem (0)

JohnFluxx (413620) | more than 5 years ago | (#26734517)

> But what does a simple game need admin privs for?

To write directly to the video card

Re:Windows "Run as Root" Culture is the Problem (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26734629)

Thanks for the laugh.

The days of games writing directly to the video card ended ohhh lets see, about 13 years ago...

Re:Windows "Run as Root" Culture is the Problem (3, Interesting)

donaldm (919619) | more than 5 years ago | (#26734493)

Uhm... Microsoft has had Windows setup to not require administrative privileges for many, many, many years. I blame software developers who abused the fact that people did.

You are right and some companies do actually force this on all their corporate desktops. In the majority of cases this is not done and most people especially home computer owners don't do this. As for blaming developers well you could lay some of the blame at them but that is really unfair since it was Microsoft who made it so easy for people to give themselves administer privileges.

Looking at Linux/Unix security. Basically from inception a normal user only had limited privileges and to do anything as a system admin required knowing the root password or being a member of a sudo (1980's) group that had particular privileges. This was instilled in Unix and now Linux users from the time they started using the system. This is not to say that some users are stupid enough to work as root, however those that do this, especially in the corporate world are usually brought to task very quickly. The same has never been true with Microsoft OS's.

When a vendor writes software for Unix/Linux they should know and if not are usually told in no uncertain terms that requiring root access for their particular product requires a "please explain" because most applications don't require root privilege although there are exceptions. Even installation especially if the software is being tested is normally set up in what is called a "sand-box". Again Microsoft fails on enforcing this (Vista was an attempt).

Re:Windows "Run as Root" Culture is the Problem (1)

magamiako1 (1026318) | more than 5 years ago | (#26734557)

UAC was not a failure to enforce this. And there are plenty of linux applications that *require* root to be installed. In fact, many of these applications will run in whatever context of whatever user is logged in at the time of launching them. This isn't entirely different from how Windows handles the situation.

If anything, it's typically the distribution teams that go out of their way to ensure that when an application compiles it follows a convention (for example, Gentoo uses the user "apache" to start processes for apache while Ubuntu uses "www-data").

However, outside of a couple of applications that really complain, linux apps are more than happy on doing what you tell it to do--including running it as root.

Re:Windows "Run as Root" Culture is the Problem (1)

Haiyadragon (770036) | more than 5 years ago | (#26734549)

And yet, accounts made during install have admin privileges. Microsoft haven't exactly encouraged non-admin accounts.

Re:Windows "Run as Root" Culture is the Problem (1)

magamiako1 (1026318) | more than 5 years ago | (#26734569)

The accounts are an Administrator account but within the context of UAC and Vista this simply means whether or not you're forced to enter a password to elevate.

That's the only difference. Otherwise the Administrator account by default on Vista is a limited account.

Re:Windows "Run as Root" Culture is the Problem (2, Insightful)

symbolset (646467) | more than 5 years ago | (#26734323)

The history and culture of Windows....

This is unfortunately correct, if not a bit vague. That's what happens I guess when the problems are too numerous to list.

although Windows OSes has progressively improved security over the years there is only so much to be done...

Until they've done what can be done, we're still entitled to gripe. Does it take thirty years to figure out end users don't log in with admin privileges? Because that's how long it's been best practice. Was it two decades ago "no open ports by default" became the standard shipping configuration of a real OS? Was it Wirth who said "sanitize your inputs" or does that wisdom predate even him?

Microsoft is doing fine. See? They've taken over the desktop market. They're making money like they own the mint. They must be doing it right. Let's leave the chef to his muttons.

Re:Windows "Run as Root" Culture is the Problem (0, Flamebait)

Iamthecheese (1264298) | more than 5 years ago | (#26734561)

What morons are modding posts like this insightful? Anyone with the slightest bit of knowledge on the topic knows that UAC and Microsoft's policy of requiring admin privilages for admin level access by programs WAS the way microsoft fixed their shit. You know, back when they made Vista.

What? Are you trying to blame Microsoft for problems they fixed a full 2 OSs ago? Shall I start bringing up UNIX problems and saying, "This is the problem with linux"? That is the discrepency here. Vista, while it does have its problems, represents a full departure from the "admin for everything" era.

Until they've done what can be done, we're still entitled to gripe.
Thats right! an OS must conform to the full Orange Book specifications before we can praise it for anything!

You want to blame Microsoft for lazy software companies just asking for admin access for their whole program? Game manufacturers not using the API right? Or maybe, just maybe, you are a karma whore looking for some anti-Microsoft mod. Thats okay, most of the posts in this whole fucking article are equally foolish.

Re:Windows "Run as Root" Culture is the Problem (0)

Anonymous Coward | more than 5 years ago | (#26734527)

Apple have managed to cope. They decided to take action and require a password to install or change many things, and their users seemed to have coped with this addition. Seems more like MS is trying to please both crowds and making things worse as a result.

Comprehension Fail. (0)

Anonymous Coward | more than 5 years ago | (#26734205)

facepalm.jpg

So, where's the vulnerability? (1)

Dogun (7502) | more than 5 years ago | (#26734223)

Idiotic title aside, UAC normalizes the experience for Administrator and for Standard User. With UAC, it's easier than it has ever been before to be a standard user on a Windows platform. I'm not sure what the article is driving at.

Absolute rubbish... (0)

Anonymous Coward | more than 5 years ago | (#26734239)

Two vulnerabilities were found in the beta OS Windows 7, neither of which were present in Windows Vista. One of those vulnerabilities has been remedied in more recent builds.

Unfortunately, the ComputerWorld source for the linked article is no better than what's presented here. How does this rubbish get published?

Simple possible solution (1)

cdu13a (95385) | more than 5 years ago | (#26734267)

Why don't they just add a little code to IE and Office and maybe other microsoft products, that checks for admin privileges and refuses to run and pops up a little message explaining why they should not use a privileged account for day to day stuff, if somebody is logged in with an admin privileged account.

and maybe provide some easy to use graphical sudo type tool, for when they have to do something admin like. maybe even set it up so it virus scans the file before running it as admin, and possibly even a regularly updated black list of programs known to be unsafe.(though I don't trust microsoft not to abuse that)

Re:Simple possible solution (2, Insightful)

magamiako1 (1026318) | more than 5 years ago | (#26734273)

That's what UAC is for. It's there, applications can take advantage of it. IE takes advantage of it. Even Chrome takes advantage of it.

Most software developers are freakin' lazy.

Re:Simple possible solution (2, Interesting)

tftp (111690) | more than 5 years ago | (#26734457)

Most software developers are freakin' lazy.

Most codebases are ancient, and people who wrote them already retired. That's the sad truth of many industry workhorses (Mentor Graphics is one example.) Another sad truth is that many people own and use older releases of major software packages. Modern AutoCAD 2009 will run on Vista perfectly, but can you afford $4,500 per seat to upgrade your old AutoCAD 2007 which still does the job on XP?

Re:Simple possible solution (0)

Anonymous Coward | more than 5 years ago | (#26734697)

So for you, the *simplest* possible solution is to modify a whole bunch of individual programs to include code that has nothing to do with their function?

I think I've seen your code somewhere [thedailywtf.com] before

Installers shouldn't need root (4, Insightful)

Animats (122034) | more than 5 years ago | (#26734279)

What's really annoying is that too many programs still insist on "administrator" privileges for installation. Installation needs to be a far more contained process, with limited authority. Most applications don't really need the ability to manipulate elements of the system outside their own directory subtree and their own subtree of the Registry. Installation of "normal" applications (especially games) should be contained accordingly. Most applications are, in a security sense, "leaf nodes"; nothing else depends on them. But Microsoft doesn't make that distinction. (Nor do most Linux application installers, even though Linux/UNIX doesn't have the registry issues that Windows does.)

Re:Installers shouldn't need root (2, Interesting)

shutdown -p now (807394) | more than 5 years ago | (#26734555)

Technically, it is quite possible to make installers that do not require admin at all - those that install into user data folder. MSI fully supports that scenario, it's just that very few people actually bother to provide this as an option in their installers.

What they need to do... (5, Interesting)

the1337g33k (1268908) | more than 5 years ago | (#26734281)

What they need to do is limit all users to not be administrators. They should create the admin account so that it can ONLY do admin tasks. It cannot run programs like office or games. It can only run security and diagnostic apps, adding-remove apps. If they restricted admin users from using their account for daily use and only for admin use, that would significantly reduce the attack surface for crackers.

Halt (3, Insightful)

bazald (886779) | more than 5 years ago | (#26734391)

What you suggest is either impossible, extremely undesirable, or both, assuming that by "they" you mean Microsoft.

For them to prevent certain classes of applications from running, without special knowledge, would require a kind of analysis similar in nature to solving the halting problem - a problem well known to be unsolvable.

Then the course of action is to require applications requiring root privileges to be signed by Microsoft, essentially making Windows a closed platform for developers. Furthermore, any applications they sign would have to be bullet-proof, getting back to the halting problem.

Re:Halt (1)

the1337g33k (1268908) | more than 5 years ago | (#26734415)

What you suggest is either impossible, extremely undesirable, or both, assuming that by "they" you mean Microsoft.

For them to prevent certain classes of applications from running, without special knowledge, would require a kind of analysis similar in nature to solving the halting problem - a problem well known to be unsolvable.

Then the course of action is to require applications requiring root privileges to be signed by Microsoft, essentially making Windows a closed platform for developers. Furthermore, any applications they sign would have to be bullet-proof, getting back to the halting problem.

It is not impossible, in fact it is very possible. Microsoft would have to create a flag so that programmers can set it to tell the system that it is a security related program and thus should be allowed to execute under the admin account. There is no microsoft involvement there except that they have to create a flag in the API. Not impossibly hard to them do. With that in mind, I don't see how this is impossible. I didn't say we could completely prevent attacks, just make them a hell of a lot harder. I am assuming however that the user that knows how to get in and use the admin account is not a complete retard. If they are and do execute a virus as admin, then they are retarded and deserve to pay me to fix their computer. Yes, I run a computer business. So offering this could hurt me in the long run, but I hate seeing all the pings and scans and attacks against my firewall everyday. Something needs to be done.

Re:Halt (2, Insightful)

bazald (886779) | more than 5 years ago | (#26734451)

Microsoft would have to create a flag so that programmers can set it to tell the system that it is a security related program and thus should be allowed to execute under the admin account.

The problem with your implementation suggestion is that software developers who don't respect good security practices as it is will not respect such an API. If it is easier to set a flag asserting that the program is "security related" than to follow good software development practices, that is what they will do.

Re:Halt (1)

the1337g33k (1268908) | more than 5 years ago | (#26734505)

Microsoft would have to create a flag so that programmers can set it to tell the system that it is a security related program and thus should be allowed to execute under the admin account.

The problem with your implementation suggestion is that software developers who don't respect good security practices as it is will not respect such an API. If it is easier to set a flag asserting that the program is "security related" than to follow good software development practices, that is what they will do.

If the security flag was set then the program would not be available to the standard user, only to the admin. That would defeat that argument. If the admin still used the poorly coded program, thats his fault. I'll be awaiting his payment.

Re:Halt (2, Insightful)

Flwyd (607088) | more than 5 years ago | (#26734455)

So why wouldn't the virus authors set the security-related flag?

More importantly, I hope admins are allowed to run Command Prompt and web browsers. And if you can run those, I don't see how you're going to gain much security. And if you don't let admins download from the web and run DOS scripts, I don't know how you plan to accomplish much as a system admin.

Re:Halt (1)

the1337g33k (1268908) | more than 5 years ago | (#26734499)

1. Im assuming that the virus authors probably would set that flag which goes back to my "the user should not be a complete retard rant"

2. Allowing a web browser to run in admin as a security flagged app! Are you !@#$'ing kidding me!!! Please go shoot yourself, or at least get re-educated in basic security principals. Thats exactly what the system would be aimed at stopping.

Like it was mentioned before, all systems have its pros and cons and when weighed (microsoft controlled vs. developers) I trust that a game developer wouldn't set the security flag. Another thing that I should mention is that apps with the security flag set can only run as admin. So if a web browser had the flag set, not many people would use it then, and vice versa if a virus writer set the flag then only retards could execute it.

Re:Halt (1)

the1337g33k (1268908) | more than 5 years ago | (#26734553)

Also I should explain the last point. Command prompt couldn't be blocked. I need it as an admin. Administrators should always check foreign scripts before executing them. Its not that hard to get the source code to a batch file or VBscript or (insert favorite cmd language here). Admins can always download using their standard accounts and switch users to execute it. Its more inconvenient but it takes almost as long to display and read a UAC prompt anyways. A switch user takes what 10 seconds. Thats a really long time.

Re:Halt (1)

techno-vampire (666512) | more than 5 years ago | (#26734627)

Its not that hard to get the source code to a batch file

I should hope not, considering that a batch file is simply a text file containing commands!

Re:Halt (1)

techno-vampire (666512) | more than 5 years ago | (#26734503)

It is not impossible, in fact it is very possible.Microsoft would have to create a flag so that programmers can set it to tell the system that it is a security related program and thus should be allowed to execute under the admin account.

Once they do that, the game's over, because the malware programmers would all set that flag, run as admin and go right around any anit-virus software you might think you were running to protect your computer. I'm a Linux user and advocate, and I wouldn't want to see that happen.

Re:Halt (1)

the1337g33k (1268908) | more than 5 years ago | (#26734563)

It is not impossible, in fact it is very possible.Microsoft would have to create a flag so that programmers can set it to tell the system that it is a security related program and thus should be allowed to execute under the admin account.

Once they do that, the game's over, because the malware programmers would all set that flag, run as admin and go right around any anit-virus software you might think you were running to protect your computer. I'm a Linux user and advocate, and I wouldn't want to see that happen.

Please read above mentioned points, that topic has already been covered.

To save time ill summarize. Malware authors are going to set that. Its expected, and if an admin executes the bad program without checking it out. You now point I hope...

Re:Halt (1)

techno-vampire (666512) | more than 5 years ago | (#26734619)

You now point I hope...

...that if you have to check out the program before running it, the flag becomes pointless.

Re:Halt (1)

the1337g33k (1268908) | more than 5 years ago | (#26734651)

You now point I hope...

...that if you have to check out the program before running it, the flag becomes pointless.

you should do this regardless of any security. I ALWAYS check programs (if program is small enough I even scan the code) before running it, thats what responsible network administrators do. If you are not checking programs out, then I would not be surprised if you were or are attacked.

Re:Halt (1)

the1337g33k (1268908) | more than 5 years ago | (#26734579)

Also I would like to thank you for using linux, people like you and me are way ahead of the rest of the population still plagued with problems such as the one we are discussing. (not that linux is bulletproof, but it is close). The system I am proposing is close to the linux approach. Only that the admin cannot do daily user tasks in that account. In linux root can do those tasks. In my approach, they cannot.

Re:What they need to do... (1)

donaldm (919619) | more than 5 years ago | (#26734565)

What they need to do is limit all users to not be administrators.

I do this now but with Linux. Many tasks can easily be accomplished without being root. On my laptop (Fedora 10) no one but myself has access to the root password, however I work as a normal user. If I need private software I can still install without privilege (MS Windows can do this as well) although shared software does need to be installed by root.

The problem for MS Window users is many have been brought up to expect having system admin privileges as a right and it is very hard for Microsoft to convince them that they should change. Basically this is a failing on Microsoft's part.

Re:What they need to do... (1)

the1337g33k (1268908) | more than 5 years ago | (#26734659)

Basically this is a failing on Microsoft's part.

Bingo, if this is ever implemented, then there would be a mass-outcry no doubt that its so inconvenient for them.

Everyone wants everything in this world, but the question is: Can we trust them with it all?

Re:What they need to do... (2, Insightful)

dbIII (701233) | more than 5 years ago | (#26734691)

IMHO that is just silly. There should be an account that can do everything (including modifying files that malware has a hold of - this file locking bullshit is very 1980s), however you shouldn't ever have to use it unless you are doing something important. I have personally had to waste a lot of time fixing access to files when people mucked up MS Windows file permissions and I couldn't just do the sensible thing of logging on as Administrator to fix it - it is purely security theatre when you have the rights to change the password of the owner to anything you like but do not have the permissions to get to the file until you log off and back on again as them. The first few days after a long holiday is usually full of rubbish like that even if you don't have many MS Windows machines.

MS Windows are no longer the cheap option in the server room, or thanks to malware, they are not the cheap option on the desktop either. Personally I think it's time to let them go back to their better suited role of hobby machines at home until the first gaming console with more than 4GB buries them in that role.

A Worthless Article (5, Insightful)

rsmith-mac (639075) | more than 5 years ago | (#26734365)

Lame blogs aside, The Fucking Article [computerworld.com] is damn near worthless. Highlights include:

  • The study was done by BeyondTrust Corp. who is looking to push their Privilege Manager software, which shockingly is permissions-management software. Right off the bat we have a dubious study due to the conflict of interest and the sponsor.
  • The article makes no distinction among what OSs were used in the study. Was it Vista? XP? Server 2003?
  • The article also makes no distinction on if UAC was used, if Vista was used at all. Of course why would a company trying to sell security software want to tell people that just enabling UAC and/or setting your users as standard users would fix the problem?
  • The only quote is from the director of marketing.

In conclusion: Running everything with admin privileges is bad, which is why Microsoft fixed this 2 years ago with UAC. It's a lame PR piece about an equally lame study from a company that wants to sell you stuff to do things that MS did years ago. If you are here reading Slashdot, there's nothing here you didn't already know.

Am I . . . (0)

Anonymous Coward | more than 5 years ago | (#26734373)

Am I the only one who finds it odd that the Slashdot RSS headline for this is "UAC Vulnerability Found In Windows Vista" while the actual article headline is "Users' Admin Logins Make Most Windows Malware Worse" ?

And 100% could be prevented (1)

Exp315 (851386) | more than 5 years ago | (#26734393)

if users were not allowed to log on to their computers at all. I've got a better idea, Microsoft: Why don't you fix your crappy insecure software full of C++ holes, and stop trying to tell us how to use our computers to patch over your problems.

Perhaps but for those of us who aren't idiots (0)

Anonymous Coward | more than 5 years ago | (#26734417)

Even admin. level in windows doesn't have the power that I need. This is why I only use windows for taking notes (increased battery life and better tablet support) and a few CAD programs. For everything else I switched to linux because my computer trust me sorta, "sudo" but at least I don't get a million and one messages about "are you sure?" or "this option only for advanced users". I should be allowed to install a program I wrote without being hassled for an hour about safety and all that crap.

Windows is busted (1, Offtopic)

Spit (23158) | more than 5 years ago | (#26734421)

Just look at a windows system:

- Random dlls, configs, assets and exes in WINDOWS dir.

- dlls, data, configs and exes in Program Files.

- Some data and configs in Documents and Settings.

- Registry.

There's no getting past the single user heritage.

Study flawed (5, Insightful)

benjymouse (756774) | more than 5 years ago | (#26734471)

Problem is that they assume that when the security bulletin says that successful exploitation will allow the attacker to run as the current user, this does not mean that the attacker will be able to run as admin, even though the user is an admin.

Indeed (with UAC on) IE7 runs in protected mode which is a "sandbox" where the users' security tokens have very limited rights, thus intrinsically protecting the OS.

The Vista protected mode effectively runs the process as a limited user, even though it preserves the users identity.

Even if the attacker can somehow trick the browser or user into downloading a malicious file and start it, it will still need elevation (yes, the cancel/allow thingy) to assert admin privileges.

So, another way to spin this would be "Vista UAC protects against exploitation of 92% of vulnerabilities".

definitely possible.. (2, Interesting)

seanmoon (1425573) | more than 5 years ago | (#26734473)

It would require far more re-writing of the windows OS than anyone is willing to do. but at least a thin layer of abstraction between standard users and administrators on windows machines is essential. the people who know what they are doing can know how to turn it off, and everyone else needs to be logged in as a regular user. typing your password in when you install something is not the worst thing in the world. the amount of things you're going to need to type in reconfiguring your computer once you have to reformat it is going to be much worse.

Microsoft... (4, Insightful)

Greyfox (87712) | more than 5 years ago | (#26734475)

Ignoring 30 years of accumulated UNIX wisdom... for 30 years.

I swear those guys are like that guy who just installed Linux, runs it as root all the time because he "knows what (he's) doing" and enables telnet and hands out logins to all his friends. Except that guy learns after the first or second time his system gets rooted that maybe he should stop being such a goddamn jackass and run his system the right way from now on. Microsoft never got past the jackass phase. They keep implementing half-assed fixes because they think they can do it better. You'd think 30 years of failure would convince them otherwise...

By itself... (0)

Anonymous Coward | more than 5 years ago | (#26734581)

This isn't Windows' fault. A user with root priviliges on a Linux can be just as dangerous as a Windows user with the admin privileges.

Of course, the difference is that Windows is not usable for anything non-trivial without admin rights. Linux is.

Steam won't run without admin privileges (5, Interesting)

XCondE (615309) | more than 5 years ago | (#26734645)

But Valve will go after you for trying.

My question:

Customer 06/11/2006 04:15 AM

I am not willing to play (and let other people play) HL2 using the Admin account on my computer because of the obvious security implications (I don't want my computer infested with malware).

Is there any way to run it without admin privileges? I installed it using admin privileges and went back to my unprivileged account but turns out it needs to write data to the install folder (bad programmer - no donut for you).

Which are the files STEAM tries to write to in the install folder?

If it turns out to be too complicated I'll just download the no-steam version with BitTorrent ;-).

Their response:

Response (Josh) 06/13/2006 01:34 PM

Thiago, It cannot be run without admin privileges. I know you were probably joking, but I would also encourage you to avoid any product that claims to get around Steam. We take cheating and hacking very seriously.

Fortunately I'm on ubuntu (1)

Lord Bitman (95493) | more than 5 years ago | (#26734687)

Good thing I'm on Ubuntu, which asks for the admin password once, and then silently accepts any "sudo" command sent to it- So I'm safe!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...