This may be weird, but I like Vista more than Win 7

[Catweazle]

If you want a VERY detailed view of why 7 security is better than Vista's

To be quite honest that rambling discussion merely endorses what I said above, rather than shows Windows 7 'security' to be immensely 'better' than Vista's. The ramblings about fingerprint identification are pretty much a "So What?" and will remain so for years yet. DNSSEC capability in a client doesn't really do diddley-squat until such time as DNSSEC is embraced. The BitLocker/AppLocker stuff is only really relevent to a small proportion of users.


I'm happy to concede ragarding the USB drive autoplay disablement though. That's one I'd not taken particular notice of, and it's an added 'security' which has widespread benefit. But, it must be remembered, it's also something easily achieved in Vista and XP too, simply by a config settings change. I've had autoplay of USB drives disabled in Windows for ages and ages, because it's a silly/useless thing to even have.

 

[heatlesssun]

To be quite honest that rambling discussion merely endorses what I said above, rather than shows Windows 7 'security' to be immensely 'better' than Vista's. The ramblings about fingerprint identification are pretty much a "So What?" and will remain so for years yet. DNSSEC capability in a client doesn't really do diddley-squat until such time as DNSSEC is embraced. The BitLocker/AppLocker stuff is only really relevent to a small proportion of users.


I'm happy to concede ragarding the USB drive autoplay disablement though. That's one I'd not taken particular notice of, and it's an added 'security' which has widespread benefit. But, it must be remembered, it's also something easily achieved in Vista and XP too, simply by a config settings change. I've had autoplay of USB drives disabled in Windows for ages and ages, because it's a silly/useless thing to even have.

The big thing here is that Steve was saying that UAC AS IS in 7 is just fine. And the BitLocker/AppLocker stuff is going to be BIG in corporate environments so maybe not something you use at home but its still going to be widely deployed.

AppLocker though really is cool as hell. I really don't know why AppLocker and BitLocker aren't in ALL versions of Windows 7. AppLocker maybe I can understand but at the same time being able to prevent apps from running has a lot of uses in a home environment.

 

[TechieSooner]

Steve can say what he wants. You can't put pinholes in a dam and not expect water to come through the holes. Same with UAC. You start putting holes into it and you'll have stuff getting through.

 

[Joe Average]

If you want a VERY detailed view of why 7 security is better than Vista's : http://www.grc.com/sn/sn-197.htm

There's some good stuff here, BitLocker, AppLocker (new in 7 Ultimate and Enterprise, this is a KILLER security feature). Steve even defends the changes as UAC as being good and not reducing security.

Fixed your post there...

 

[heatlesssun]

Steve can say what he wants. You can't put pinholes in a dam and not expect water to come through the holes. Same with UAC. You start putting holes into it and you'll have stuff getting through.

First you are making the common mistake of thinking UAC is a security when it’s really nothing more than a UI convenience. Secondly, and this is key, once trusted code is compromised, the game is over. UAC and all security mechanisms outside of an AV scanner become moot. Here’s why.

Let’s say you have developed a killer new piece of malware that compromises systems through the Indexing Options applet. In Windows 7 that applet is trusted and doesn’t generate UAC warnings on at level 3. Let’s say also that your malware utilizes a flaw that for the sake of argument exists in both Vista and 7. So the first thing the malware needs to do install itself or attach itself to some other process running with enough privedlges to do its dirty work. So let’s trace the behavior of the infection on each OS.

In Vista, the malware would need to execute as admin and this generates a UAC prompt assuming that UAC is on. The malware runs and compromises the Indexing Options applet. So next you go into the Indexing Options applet and do something that triggers a UAC. Ok, cool, you got a UAC warning, but at this point the applet is compromised. When you see the UAC warning you’re not going to think anything of it and say ok. So now you’re screwed. But really you got screwed when you installed the malware in the first place. In both cases UAC did nothing other than ask “Hey, is it ok to elevate my privileges”. As a user UAC asked you twice and nothing seemed out of the ordinary.

So let’s install the same malware on a Windows 7 box. You get the first UAC warning in Windows 7 with UAC set to level 3 just as you did with Vista. This is where the real problem occurs. The behavior of UAC is IDENTICAL between Vista and 7. UAC didn’t do a damn thing. At this point you’re screwed. Bringing up the Indexing Options applet in Windows 7 and changing an option that’s now trusted in 7 is the only behavioral difference. No UAC warning on the applet change. But what difference does that make? It’s a trusted app. You thought it was safe to say ok in Vista because YOU TRUSTED that you were not doing something bad. In 7 the OS just trusts something that you would have any way.

Bottom line, what difference does it make if the user of the OS decides to trust something that should be trusted? UAC doesn’t help with making this decision.

 

[heatlesssun]

Fixed your post there...

Which is a shame. BitLocker is much more useful now and AppLocker would have a lot of uses for consumers trying to lock down machines.

 

[soulesschild]

First you are making the common mistake of thinking UAC is a security when it’s really nothing more than a UI convenience. Secondly, and this is key, once trusted code is compromised, the game is over. UAC and all security mechanisms outside of an AV scanner become moot. Here’s why.

Let’s say you have developed a killer new piece of malware that compromises systems through the Indexing Options applet. In Windows 7 that applet is trusted and doesn’t generate UAC warnings on at level 3. Let’s say also that your malware utilizes a flaw that for the sake of argument exists in both Vista and 7. So the first thing the malware needs to do install itself or attach itself to some other process running with enough privedlges to do its dirty work. So let’s trace the behavior of the infection on each OS.

In Vista, the malware would need to execute as admin and this generates a UAC prompt assuming that UAC is on. The malware runs and compromises the Indexing Options applet. So next you go into the Indexing Options applet and do something that triggers a UAC. Ok, cool, you got a UAC warning, but at this point the applet is compromised. When you see the UAC warning you’re not going to think anything of it and say ok. So now you’re screwed. But really you got screwed when you installed the malware in the first place. In both cases UAC did nothing other than ask “Hey, is it ok to elevate my privileges”. As a user UAC asked you twice and nothing seemed out of the ordinary.

So let’s install the same malware on a Windows 7 box. You get the first UAC warning in Windows 7 with UAC set to level 3 just as you did with Vista. This is where the real problem occurs. The behavior of UAC is IDENTICAL between Vista and 7. UAC didn’t do a damn thing. At this point you’re screwed. Bringing up the Indexing Options applet in Windows 7 and changing an option that’s now trusted in 7 is the only behavioral difference. No UAC warning on the applet change. But what difference does that make? It’s a trusted app. You thought it was safe to say ok in Vista because YOU TRUSTED that you were not doing something bad. In 7 the OS just trusts something that you would have any way.

Bottom line, what difference does it make if the user of the OS decides to trust something that should be trusted? UAC doesn’t help with making this decision.

This is a flaw with all OSes isn't it? If some malware written for OSX or linux that I think is safe and I authorize install through SU, isn't the machine also compromised?

 

[heatlesssun]

This is a flaw with all OSes isn't it? If some malware written for OSX or linux that I think is safe and I authorize install through SU, isn't the machine also compromised?

Bingo, its ALL about trust. If you trust something that's compromised UAC doesn't help. The OS doesn't help. You're screwed.

The ONLY difference between UAC level 3 and 4 (level 4 pretty much being what UAC is in Vista) is that level 4 will say "Hey run me" and you'll click ok because its something you SHOULD trust. Level 3 just makes that decision for you. There's no practical difference in the real world.

 

[GotNoRice]

And how, exactly, are you measuring that?

I can "measure" it just by keeping task manager open and looking at the ram usage. I'm confused as to why you seem to think that would be a difficult task to accomplish.

And if you have an SSD anyway, then Superfetch and ReadyBoost services are disabled by default...

I'm running Windows 7 RTM 64-bit and superfetch is definitely enabled. As fast as the SSD is, it's still not as fast as something that is cached in RAM.

 

[AVT]

I absolutely loathe the Win7 taskbar, so I'm sticking with Vista. They took everything bad about the Mac OS X dock and put it into the taskbar.

 

[Arainach]

I absolutely loathe the Win7 taskbar, so I'm sticking with Vista. They took everything bad about the Mac OS X dock and put it into the taskbar.

Have you ever used the Superbar? Or the Dock for that matter? They don't function the same at ALL.

 

[tpfaff]

The one thing that I cant stand when going from w7 back to an older windows os (vista, xp) is the window snap function, i use that allll the time to view two things side by side

 

[Jon55]

Like what?
Beta built on 7, so Beta was stable as can be. RC fixed most of the bugs, leaving Final to mostly be the last addition of features and code enhancement.

Nothing huge or show stopper, just minor things. Don't think I'm against 7 or anything silly like that, hell I'm running the RTM as we speak.

 

[Monkey God]

Have you ever used the Superbar? Or the Dock for that matter? They don't function the same at ALL.

I think he means the superbar. I hate it as well. I like Win7 overall, and will upgrade (been using RC for a week or so) but I like the old task bar/quick launch setup much better.

 

[TekRok]

I used to say the same when i used the early beta builds. After using the RC on a netbook i was amazed an how nice it is, snappy, minor driver issues, wireless automatically identified and etc.

Will be installing this week through technet

 

[TechieSooner]

First you are making the common mistake of thinking UAC is a security when it’s really nothing more than a UI convenience.

Sure, it has a UI front to it (the entire OS known as Windows has a UI front to it), but it's still security. If it's not authorized, it won't get through, period.
Yes, if you exploit a user's trust, it doesn't matter.

But UAC in and of itself has not been bypassed to-date (Windows 7's default setting can be exploited theoretically but it's yet to be done).
It's been 4 years on Vista, nobody's exploited it. It took them 1 day to exploit Windows 7's activation. After 4 years, UAC is still standing strong. That's saying something.

I can "measure" it just by keeping task manager open and looking at the ram usage. I'm confused as to why you seem to think that would be a difficult task to accomplish.

Because that's a horribly inaccurate measure of anything to do with RAM on your system.
Vista is not XP. 7 is not XP.
Too many people do as you do, assume they can open Task Manager and see RAM usage by the system, and it's not the case anymore.

I'm running Windows 7 RTM 64-bit and superfetch is definitely enabled. As fast as the SSD is, it's still not as fast as something that is cached in RAM.

Did you enable it? Or did Windows see it as a regular HDD? Or does it have slower read/write speeds?
If you've got a SSD with good read/write speeds, then by default Windows 7 will disable superfetch (because the advantage is gone).

I think he means the superbar. I hate it as well. I like Win7 overall, and will upgrade (been using RC for a week or so) but I like the old task bar/quick launch setup much better.

It's quick launch on drugs. Does the same exact stuff, but more. I like the fact I can have a hundred windows open in IE or something else, and it only use 1/2" on my taskbar... Yea, Windows XP did the whole grouping thing but it's a major pain in contrast.

 

[Monkey God]

It's quick launch on drugs. Does the same exact stuff, but more. I like the fact I can have a hundred windows open in IE or something else, and it only use 1/2" on my taskbar... Yea, Windows XP did the whole grouping thing but it's a major pain in contrast.

Not the drug of my choice. The difference in coloring for a program not open and open is subtle to me for some reason and I often miss it. In my current work XP environment, I have 20 or so programs in my quicklaunch section, that many would look odd in Win7, even with small icons. I like having the 3 seperate areas. Over here is stuff I want to run, stuff with open windows, and then stuff in the tray. Combining two of those three, and then forcing me to dig up stuff in tray to make them show up just makes it harder for me to configure my workspace.

Eh, each to their own. I'm sure I will get used to it eventually.

 

[TechieSooner]

Not the drug of my choice. The difference in coloring for a program not open and open is subtle to me for some reason and I often miss it. In my current work XP environment, I have 20 or so programs in my quicklaunch section, that many would look odd in Win7, even with small icons. I like having the 3 seperate areas. Over here is stuff I want to run, stuff with open windows, and then stuff in the tray. Combining two of those three, and then forcing me to dig up stuff in tray to make them show up just makes it harder for me to configure my workspace.

Eh, each to their own. I'm sure I will get used to it eventually.

Heck I'm STILL getting used to it. There's a crap ton of features the new bar has (jump lists, etc) that I haven't gotten used to yet.

As far as your tray though, you can set it to show you all the icons...

 

[Stoly]

simple

RC is that good, I have no problem recommending it to customers, plus its free, they don't have to buy a xp license, they can happily wait for RTM.

There we have it, folks. Hearsay is now fully justifiable evidence.



I must be the only one that caught this, but WHY IN THE WORLD ARE YOU RECOMMENDING A RELEASE CANDIDATE TO CUSTOMERS?
That's the most ignorant thing I've read today.

What are you going to do in 2010 when all the RCs die?

 

[Monkey God]

simple

RC is that good, I have no problem recommending it to customers, plus its free, they don't have to buy a xp license, they can happily wait for RTM.

RC is damn good. I think its better than vista when released. Im sure some of that has to do with drivers, but still.

 

[TechieSooner]

simple

RC is that good, I have no problem recommending it to customers, plus its free, they don't have to buy a xp license, they can happily wait for RTM.

That's dirty, lemme guess... You're going to go charge them to get onto the final release?
That's something I'd expect from the Geek Squad.

 

[Stoly]

USMT takes care of most of the backup and configuration problems.

And most of my "qualifying" customers rarely have any software other than office, windows live and firefox. So its really not a big deal.

Nope. I'm kinda in agreement with Techie Sooner to be quite honest.

I'd be hesitant to advise anyone to run on a Release Candidate issue for their everyday computing, unless maybe it was:

• A person who I am am fully confident has the ability/capacity to completely redo their own rig.
• A machine which I was personally responsible for the maintenace/problem solving on, and in this second scenario I'd be accepting up front that it was me who'd eventually need to do all the data backups, software reinstallations and configuration settings replications on that machine.

Because otherwise I'm advising somebody to risk losing all their 'stuff' when time comes to redo the rig. Because out there in the 'real world' the bulk of people just USE their bloody machines, and struggle when reinstall time comes around.


I think it's a quite questionable practice to 'advise customers' to run an RC release as their primary/sole OS. It's provided with warnings that it isn't suitable for such purposes, and that should be Full Stop! End of Story!

 

[heatlesssun]

Sure, it has a UI front to it (the entire OS known as Windows has a UI front to it), but it's still security. If it's not authorized, it won't get through, period.
Yes, if you exploit a user's trust, it doesn't matter.

But UAC in and of itself has not been bypassed to-date (Windows 7's default setting can be exploited theoretically but it's yet to be done).
It's been 4 years on Vista, nobody's exploited it. It took them 1 day to exploit Windows 7's activation. After 4 years, UAC is still standing strong. That's saying something.

So how can Level 4 UAC in Windows 7 be bypassed in a way that it can't in Vista? WE already went through on possibilty that demostrates that it would be bypassed in both. One possibility would be to somehow for a process to to fool UAC into thinking that it was trusted from the begining. An attack of that power would more than likely had to have run as an adminnitrator. If there were a way to subvert UAC WITHOUT ADMIN PRIVLEDGES then we have a problem. But it an attack can do that, the game is over in both7 and Vista.

There's something to be said about UAC enchancing security by simply not flodding the user with prompts. UAV warnings in 7 are MUCH more rare. Since they are truggered so much less in 7, users might actually NOTICE them now. And UAC with a user that's sick of the prompts is useless anyway.

The UAC in 7 is very much UAC 2.0 and a BIG improvement over Vista. Asking a user ok 10 times in a row for the smae thing doesn't improve security but it does increase fustration.

 

[Stoly]

That's dirty, lemme guess... You're going to go charge them to get onto the final release?
That's something I'd expect from the Geek Squad.

wow, never expected that I had to justify how I run my business, But I'll try to explain

for the most part I try to get customers to pay a monthly fee, specially small businesses. This customers won't have to pay anything extra, not even the OS, since they are covered by SA.

The rest I charged 50% the normal rate when I installed 7 RC and again 50% when RTM is reinstalled and yes they have to buy the licence.

 

[GotNoRice]

Because that's a horribly inaccurate measure of anything to do with RAM on your system.

You really think it's so inaccurate that I can't tell the difference between superfetch using all of my RAM or half?

Too many people do as you do, assume they can open Task Manager and see RAM usage by the system

Not like that's exactly what task manager is for or anything like that

It might be inaccurate in terms of multiple processes that use the same DLL's, etc but the behavior of superfetch filling free ram and using it as cache is pretty straight-forward and easily observed with task manager.

Did you enable it? Or did Windows see it as a regular HDD? Or does it have slower read/write speeds?
If you've got a SSD with good read/write speeds, then by default Windows 7 will disable superfetch (because the advantage is gone).

I have a 2nd gen Intel X25-M, probably one of the fastest SSD's, and it performs as it should. I didn't adjust any superfetch settings and it is enabled. Perhaps due to me having other hard drives in the system as well. I don't see any reason to disable it, as RAM IS faster than an SSD.

 

[TechieSooner]

So how can Level 4 UAC in Windows 7 be bypassed in a way that it can't in Vista?

http://www.osnews.com/story/21499/Why_Windows_7_s_Default_UAC_Is_Insecure

Again- blocking ALL or NOTHING works. A user grants elevation, then it'll be passed. Otherwise, it gets blocked.

You put holes into the dam, and exploits like the above begin to surface.

You really think it's so inaccurate that I can't tell the difference between superfetch using all of my RAM or half?

Yes.

I have a 2nd gen Intel X25-M, probably one of the fastest SSD's, and it performs as it should. I didn't adjust any superfetch settings and it is enabled. Perhaps due to me having other hard drives in the system as well. I don't see any reason to disable it, as RAM IS faster than an SSD.

I'm just giving you Microsoft's reasoning. The need for superfetching does go way down with SSDs though. Why yours wasn't disabled, I dunno.

 

[ZodaEX]

Nothing wrong with Vista at all.
Most people like to spin the story "Vista sucks and need to get away from it ASAP!" Not the case.

Nothing is wrong with Vista? Nothing at all? It's a perfect OS? LULZ! If there is nothing wrong with it then why is M$ making windows 7? Why not use Vista for as long as they used xp is it's flawless? Well I can think of something..... Vista won't let you use 2 different types of videocards together at the same time. nvidia/ati intel graphics/ati. If there was NOTHING wrong with this, why does Windows 7 correct this ??????????????????????????????????????????????????????????????????????????????????????????????

 

[TechieSooner]

Using that rationale, there's nothing wrong with the 2006 Honda Civic so why upgrade to 2009?
Could it possibly be that there's new features, as well as enhancements on what's already there (maybe 2MPG better??)

...Nah... It must mean there was something inherently wrong with the previous model.

 

[Ritorix]

If there is nothing wrong with it then why is M$ making windows 7?

http://www.microsoft.com/windows/mojave-experiment/ - Because vista has a bad rep. They could resell the same OS with a different name, and they basically are doing just that with some incremental improvements.


On the memory thing, Task Manager is a perfectly valid way of looking at memory use, though the sysinternals tools are more detailed. Just realize what you are looking at. The 'Cached' value in Vista is superfetch and other system tasks, but will be used for applications as needed. 'Free' is completely empty. If you exit a big game, your physical memory used will drop, Free will increase but gradually drop as Cached is filled back up with superfetch.


On windows 7, awesome for my desktop but I'm not so convinced on my netbook. XP is quick and lean there. 7 beta and RC seemed a more power hungry and resource-greedy. Its definitely not faster either. I'll try the RTM on it when technet releases, jury is still out.

 

[heatlesssun]

http://www.osnews.com/story/21499/Why_Windows_7_s_Default_UAC_Is_Insecure

Again- blocking ALL or NOTHING works. A user grants elevation, then it'll be passed. Otherwise, it gets blocked.

You put holes into the dam, and exploits like the above begin to surface.

I've seen this and agreed that you can do this. But there are a couple of things that need to be realized

1. We first have to get the code to run. (more on this latter)
2. Even on a Vista system, the ONLY thing that stops this from running is a button click on the protected desktop. So all we are arguing here at the end of the day is where a button click is really a security layer.

To further go into the details of point #1: http://www.aeroxp.org/2009/07/microsoft-lists-uac-hack-as-malware/

So Microsoft now lists this as malware in MSE and that's a hell of a lot better than a button click to defend against something like this.

And again the point has to be made that in Vista users will often just ignore the UAC prompt say and say yes anyway. With UAC all the time probably isn't all that much better than UAC none of the time.

The real defense against this is AV, not UAC.

 

[TechieSooner]

1. We first have to get the code to run. (more on this latter)

Just because Microsoft puts a signature into MSE doesn't fix the issue at hand. Hell, even the article you linked to admits that.

It's not like 100% of users are using MSE, either. It's still in Beta for goodness sake.

Doing something to cause a flaw in UAC, and relying upon anti-virus to stop an attack on it is stupid. Why create the flaw in the first place, when you acknowledge there's ways to exploit that flaw? Sorry but this is my #1 list of things Microsoft botched with Windows 7. It'd be close to perfect if it was not for this UAC setting.

2. Even on a Vista system, the ONLY thing that stops this from running is a button click on the protected desktop. So all we are arguing here at the end of the day is where a button click is really a security layer.

The ONLY thing?
Watch a video. Then try to open MSCONFIG or something. See the video in the background? It stops (It continues to run, but you don't see it). It takes a snapshot of what was going on, and breaks contact with your desktop.
Only your physical keyboard and mouse can interface with this dialog. It's not just a button press like you'd see getting prompted to save a document. It's a button ON THE SECURE DESKTOP. The Secure Desktop is what keeps UAC secure, and it's yet to have been exploited, either. You talk like it's an inefficient method of security, yet the fact that nobody's managed to break it yet says otherwise.



I'll say it for the millionth time: You put a hole into a dam, water WILL come through. That's all there is to it.

 

[heatlesssun]

Just because Microsoft puts a signature into MSE doesn't fix the issue at hand. Hell, even the article you linked to admits that.

It's not like 100% of users are using MSE, either. It's still in Beta for goodness sake

Doing something to cause a flaw in UAC, and relying upon anti-virus to stop an attack on it is stupid. Why create the flaw in the first place, when you acknowledge there's ways to exploit that flaw? Sorry but this is my #1 list of things Microsoft botched with Windows 7. It'd be close to perfect if it was not for this UAC setting.

So you are saying that an app that secretly injects code into another process SHOULDN'T be flagged as malware? You're calling that STUPID?

The ONLY thing?
Watch a video. Then try to open MSCONFIG or something. See the video in the background? It stops (It continues to run, but you don't see it). It takes a snapshot of what was going on, and breaks contact with your desktop.
Only your physical keyboard and mouse can interface with this dialog. It's not just a button press like you'd see getting prompted to save a document. It's a button ON THE SECURE DESKTOP. The Secure Desktop is what keeps UAC secure, and it's yet to have been exploited, either. You talk like it's an inefficient method of security, yet the fact that nobody's managed to break it yet says otherwise.



I'll say it for the millionth time: You put a hole into a dam, water WILL come through. That's all there is to it.

As long as you think UAC is a security layer I guess you're going to think these things. You do know what else will stop this "attack"? NOT RUNNING AS AN ADMIN IN THE FIRST PLACE! That's the security layer in all of this. An admin running in a sandbox is still an admin. And with Vista/7 there's no reason for the average user to run as an admin day to day. UAC in this case will prompt you, you'll login as admin or not and away you go. This is how its been done in *NIX for years and is tried and true. This is MUCH better than being a click away from disaster.

 

[TechieSooner]

So you are saying that an app that secretly injects code into another process SHOULDN'T be flagged as malware? You're calling that STUPID?

I'm saying they're not addressing this flaw in UAC inside Windows at all.
They're leaving it to Anti-Viruses to do.

Again- not everyone uses MSE.

As long as you think UAC is a security layer I guess you're going to think these things. You do know what else will stop this "attack"? NOT RUNNING AS AN ADMIN IN THE FIRST PLACE!

THERE IS NO ADMIN IN WINDOWS 7/VISTA!!!!
This is apparently what you're not grasping. Every single user on a machine, even those in the "Administrators" group, run under the local user token. If something needs elevation, it kicks it out to the secure desktop for confirmation, and upon receiving that input, it will elevate the task.
Windows 7 put a hole in that by auto-elevating certain tasks, without kicking it out to the Secure Desktop. THAT is what causes this flaw to be dangerous.

Contrast this to Windows XP, where you could actually run under Administrator, since you're an Administrator launching that process, it runs as Administrator. When you launch a process under Windows 7/Vista, it runs as the local user, which is why it needs elevation.

 

[heatlesssun]

THERE IS NO ADMIN IN WINDOWS 7/VISTA!!!!
This is apparently what you're not grasping. Every single user on a machine, even those in the "Administrators" group, run under the local user token. If something needs elevation, it kicks it out to the secure desktop for confirmation, and upon receiving that input, it will elevate the task.
Windows 7 put a hole in that by auto-elevating certain tasks, without kicking it out to the Secure Desktop. THAT is what causes this flaw to be dangerous.

Contrast this to Windows XP, where you could actually run under Administrator, since you're an Administrator launching that process, it runs as Administrator. When you launch a process under Windows 7/Vista, it runs as the local user, which is why it needs elevation.

Huh? If you try this "exploit" in Windows 7 as a standard user you get a UAC prompt, with the UAC setting at default. This is EXACTLY the way it would work in Vista so I have no idea what you are talking about. I just did this and it works as I expected. Try it out for yourself. The security layer IS user permissions, UAC is simply a UI convenience. Like I said, if you think that UAC IS a security layer then sure, its a flaw. The problem is that UAC is NOT a security layer.

 

[Mithent]

And with Vista/7 there's no reason for the average user to run as an admin day to day. UAC in this case will prompt you, you'll login as admin or not and away you go. This is how its been done in *NIX for years and is tried and true. This is MUCH better than being a click away from disaster.

That's why the click is on the Secure Desktop, where it can't be automated. The only theoretical extra security you get in a single-user environment by typing in the password is that people who are physically in front of your computer can't bypass UAC (but, as has been long established, if you have physical access to the machine then pretty much any security can be bypassed). If the OS itself is sufficiently compromised that a click on the Secure Desktop can be automated then you're already too late, as there's tampering with SYSTEM-level processes.

 

[heatlesssun]

That's why the click is on the Secure Desktop, where it can't be automated. The only theoretical extra security you get in a single-user environment by typing in the password is that people who are physically in front of your computer can't bypass UAC (but, as has been long established, if you have physical access to the machine then pretty much any security can be bypassed). If the OS itself is sufficiently compromised that a click on the Secure Desktop can be automated then you're already too late, as there's tampering with SYSTEM-level processes.

Everything you say is true I believe. But my point was that you don't even need to do anything that fancy. With UAC prompts all in your face, it takes but ONE click to get you into trouble. You may not even know why you clicked yes. Don't tell me that no one has ever click yes on a UAC prompt and meant no. And this is supposed to be the "security layer" that's so awesome?

 

[TechieSooner]

Huh? If you try this "exploit" in Windows 7 as a standard user you get a UAC prompt, with the UAC setting at default. This is EXACTLY the way it would work in Vista so I have no idea what you are talking about. I just did this and it works as I expected. Try it out for yourself. The security layer IS user permissions, UAC is simply a UI convenience. Like I said, if you think that UAC IS a security layer then sure, its a flaw. The problem is that UAC is NOT a security layer.

What exploit are you talking about? Considering what you quoted, I'm lost.

With UAC prompts all in your face, it takes but ONE click to get you into trouble.

You can't argue user-error in a software security discussion. Your job is to make the software as secure as possible (Which Microsoft has not done, with this hole that's allowed by default), but the software still has to do what the user tells it to do. Period.

You're original allegations that Secure Desktop is merely a button click are not true. It's got to be a LOCAL action to get past that. Like Mithent stated, if you've got Local Access, you've got Admin access. That's a generally accepted rule of thumb for ANYTHING.

Fact of the matter is UAC and Secure Desktop (at least when 100% on) work. You cannot bypass it. Only thing getting past it is the user, and there's nothing Microsoft, nor you, nor I, nor anyone else can do about it if someone allows it through.

If you use your rationale, why do we patch anything? Security precautions can always be bypassed by the user anyway, so why do we even patch Windows?

 

[soulesschild]

Everything you say is true I believe. But my point was that you don't even need to do anything that fancy. With UAC prompts all in your face, it takes but ONE click to get you into trouble. You may not even know why you clicked yes. Don't tell me that no one has ever click yes on a UAC prompt and meant no. And this is supposed to be the "security layer" that's so awesome?

I never have

I have to side with Techie here though I'm not sure I follow both of your arguments. If PEBKAC, there's nothing you can do. You can't win against stupidity.

 

[heatlesssun]

DELETED

 

[heatlesssun]

What exploit are you talking about? Considering what you quoted, I'm lost.


You can't argue user-error in a software security discussion. Your job is to make the software as secure as possible (Which Microsoft has not done, with this hole that's allowed by default), but the software still has to do what the user tells it to do. Period.

You're original allegations that Secure Desktop is merely a button click are not true. It's got to be a LOCAL action to get past that. Like Mithent stated, if you've got Local Access, you've got Admin access. That's a generally accepted rule of thumb for ANYTHING.

Fact of the matter is UAC and Secure Desktop (at least when 100% on) work. You cannot bypass it. Only thing getting past it is the user, and there's nothing Microsoft, nor you, nor I, nor anyone else can do about it if someone allows it through.

If you use your rationale, why do we patch anything? Security precautions can always be bypassed by the user anyway, so why do we even patch Windows?

This "exploit", the one you first mentioned: http://www.pretentiousname.com/misc/Win7ElevateV2.zip

If you run it as a standard user versus an administrator you get the UAC prompt WITH UAC AT THE DEFAULT SETTTING IN WINDOWS 7.

THERE IS NO ADMIN IN WINDOWS 7/VISTA!!!!

There such a thing as an Administrator in Windows 7:

And where do you get the notion that security precautions can always be bypassed by the user? While I think I know what you mean I don't think that you meant to say it this way.