Comments on: Windows 7′s security ‘time bomb’ http://lastwatchdog.com/windows-7s-security-time-bomb/ on Internet security by Byron Acohido Fri, 03 Feb 2012 18:38:32 +0000 hourly 1 http://wordpress.org/?v=3.0.4 By: Johan Vansevenant http://lastwatchdog.com/windows-7s-security-time-bomb/#comment-871 Johan Vansevenant Sun, 01 Nov 2009 10:36:13 +0000 http://lastwatchdog.com/?p=3314#comment-871 Russ Cooper is absolutely right but there is a problem. The first account (admin in aproval mode) in Vista/W7 is VISIBLE. As a systembuilder/retailer i know most users - even if they are the only user - they won't create a second user that's defaults as a standard user. It's all coming down to user-skill i think. Russ Cooper is absolutely right but there is a problem. The first account (admin in aproval mode) in Vista/W7 is VISIBLE. As a systembuilder/retailer i know most users – even if they are the only user – they won’t create a second user that’s defaults as a standard user. It’s all coming down to user-skill i think.

]]> By: Byron Acohido http://lastwatchdog.com/windows-7s-security-time-bomb/#comment-869 Byron Acohido Fri, 30 Oct 2009 15:35:24 +0000 http://lastwatchdog.com/?p=3314#comment-869 Russ: Thanks for laying out your strong stance. Realistically, though, the horse is out of the barn, don't you think? Can you -- or anyone -- conceive of a plausible scenario by which Microsoft would reverse its rationale defending the current Win7 UAC default setting and move to configure the world's dominant client OS along the lines you suggest? Russ:
Thanks for laying out your strong stance. Realistically, though, the horse is out of the barn, don’t you think? Can you — or anyone — conceive of a plausible scenario by which Microsoft would reverse its rationale defending the current Win7 UAC default setting and move to configure the world’s dominant client OS along the lines you suggest?

]]> By: Russ Cooper http://lastwatchdog.com/windows-7s-security-time-bomb/#comment-868 Russ Cooper Fri, 30 Oct 2009 10:30:46 +0000 http://lastwatchdog.com/?p=3314#comment-868 Thinking that users need not be involved in security, or that somehow it’s not their responsibility, is where we continue to fail in securing systems. Of course they have a role. Where Byron, and others, get it wrong is in recommending that consumers set their UAC level to high. Instead, consumers should be recommended (and the installation should ensure) that they create two accounts. The first is their Administrator account, and the second is their User account. The Administrator account environment should not allow tools like IE, Media Player, Windows Live, etc. The environment should not be customizable (i.e. you cannot have wallpaper, change the colors, or otherwise personalize it. IOWs make it so it is totally undesirable to use the Administrator account for day-to-day computer use. In this way you may end up with far more consumers using UAC’s default settings as Standard User rather than Administrator. As such, the issue described by Leo becomes far less an issue. If I can’t access my email while logged on as Administrator, I can’t double-click on the criminal attachment or link…can I. Thinking that users need not be involved in security, or that somehow it’s not their responsibility, is where we continue to fail in securing systems. Of course they have a role.

Where Byron, and others, get it wrong is in recommending that consumers set their UAC level to high. Instead, consumers should be recommended (and the installation should ensure) that they create two accounts. The first is their Administrator account, and the second is their User account. The Administrator account environment should not allow tools like IE, Media Player, Windows Live, etc. The environment should not be customizable (i.e. you cannot have wallpaper, change the colors, or otherwise personalize it. IOWs make it so it is totally undesirable to use the Administrator account for day-to-day computer use.

In this way you may end up with far more consumers using UAC’s default settings as Standard User rather than Administrator. As such, the issue described by Leo becomes far less an issue. If I can’t access my email while logged on as Administrator, I can’t double-click on the criminal attachment or link…can I.

]]> By: Michael Sutton, Zscaler http://lastwatchdog.com/windows-7s-security-time-bomb/#comment-858 Michael Sutton, Zscaler Tue, 27 Oct 2009 03:29:43 +0000 http://lastwatchdog.com/?p=3314#comment-858 Leaving security decisions to end users is never a solution, it simply ‘passes the buck’ in a effort to transfer the responsibility for security from vendor to consumer. End users are not security experts and cannot be expected to understand when they are at risk. Consumer level security functionality needs to be as transparent as possible. If it isn’t, it will be disabled. Microsoft has realized that placing security in the hands of end users with Windows Vista was a failed approach. While adding more granular settings for UAC in Windows 7 and ‘auto-elevate’ functionality may limit this scenario, it does not change the overall approach. UAC is not a solution to prevent malware, it is merely a band-aid to encourage software developers to adopt secure programming practices. Technical solutions such as DEP and ASLR will do far more to prevent the spread of malicious content. Fortunately, Microsoft continues to pursue such technical approaches which remain transparent to end users as they should. Leaving security decisions to end users is never a solution, it simply ‘passes the buck’ in a effort to transfer the responsibility for security from vendor to consumer. End users are not security experts and cannot be expected to understand when they are at risk.

Consumer level security functionality needs to be as transparent as possible. If it isn’t, it will be disabled. Microsoft has realized that placing security in the hands of end users with Windows Vista was a failed approach. While adding more granular settings for UAC in Windows 7 and ‘auto-elevate’ functionality may limit this scenario, it does not change the overall approach.

UAC is not a solution to prevent malware, it is merely a band-aid to encourage software developers to adopt secure programming practices. Technical solutions such as DEP and ASLR will do far more to prevent the spread of malicious content. Fortunately, Microsoft continues to pursue such technical approaches which remain transparent to end users as they should.

]]> By: Dan Kaminsky, doxpara.com http://lastwatchdog.com/windows-7s-security-time-bomb/#comment-857 Dan Kaminsky, doxpara.com Mon, 26 Oct 2009 23:02:56 +0000 http://lastwatchdog.com/?p=3314#comment-857 UAC's goal was to finally wean Windows software developers off of requiring administrative access for every day applications. For that goal, it was very effective....and whatever issues happen to be found, have no impact on whether well-behaved Windows applications are written one way or another. UAC makes well behaved applications require fewer privileges to operate. UAC’s goal was to finally wean Windows software developers off of requiring administrative access for every day applications. For that goal, it was very effective….and whatever issues happen to be found, have no impact on whether well-behaved Windows applications are written one way or another. UAC makes well behaved applications require fewer privileges to operate.

]]> By: Roger Thompson, AVG http://lastwatchdog.com/windows-7s-security-time-bomb/#comment-856 Roger Thompson, AVG Mon, 26 Oct 2009 20:49:46 +0000 http://lastwatchdog.com/?p=3314#comment-856 When we’re dealing with the most widely used operating system in the world, hackers are going to show up in droves to infect and cause problems. That’s why I’ve always advocated that security needs to happen in a layered fashion. If you only have one layer such as Microsoft’s own security suite Essentials, there are holes that won’t be covered. If you add layers to that, then you’re going to have protection and the bad guys won’t have an open door policy to hack your system. In depth defense is what is needed because the OS, whether it’s Windows 7 or Vista or whatever’s next, is always going to be the target and the bad guys will find a way through. When we’re dealing with the most widely used operating system in the world, hackers are going to show up in droves to infect and cause problems. That’s why I’ve always advocated that security needs to happen in a layered fashion. If you only have one layer such as Microsoft’s own security suite Essentials, there are holes that won’t be covered. If you add layers to that, then you’re going to have protection and the bad guys won’t have an open door policy to hack your system. In depth defense is what is needed because the OS, whether it’s Windows 7 or Vista or whatever’s next, is always going to be the target and the bad guys will find a way through.

]]> By: Byron Acohido http://lastwatchdog.com/windows-7s-security-time-bomb/#comment-855 Byron Acohido Mon, 26 Oct 2009 20:16:55 +0000 http://lastwatchdog.com/?p=3314#comment-855 Patrick: I don't believe it is. Microsoft did fix a couple of UAC bugs, including that one, I believe, in response to feedback from the security community. This issue has to do with the auto-elevate function itself. Instead of UAC on vs. off, as per the Vista mode, Windows 7 has a medium and medium-high setting, that automatically elevates some functions to administrator level access. Leo's exploit shows how auto-elevate can be accessed an injection attack. That's my non-technical understanding. Hopefully, Leo himself will comment here. Thanks, Byron Patrick:
I don’t believe it is. Microsoft did fix a couple of UAC bugs, including that one, I believe, in response to feedback from the security community. This issue has to do with the auto-elevate function itself. Instead of UAC on vs. off, as per the Vista mode, Windows 7 has a medium and medium-high setting, that automatically elevates some functions to administrator level access. Leo’s exploit shows how auto-elevate can be accessed an injection attack. That’s my non-technical understanding. Hopefully, Leo himself will comment here.
Thanks,
Byron

]]> By: Patrick Dickey http://lastwatchdog.com/windows-7s-security-time-bomb/#comment-854 Patrick Dickey Mon, 26 Oct 2009 19:45:04 +0000 http://lastwatchdog.com/?p=3314#comment-854 Is this bug the one that will lower (or turn off) UAC without prompting the user at all? The change level setting bug, I mean? If so, then I would ask how hard it would be to make changing the level into an item that requires you to be prompted? The OK button already has a UAC shield, so it obviously falls into the UAC realm. It shouldn't be an issue to require that prompt regardless of whether I do it, or a program does it. Have a great day:) Patrick. Is this bug the one that will lower (or turn off) UAC without prompting the user at all? The change level setting bug, I mean?

If so, then I would ask how hard it would be to make changing the level into an item that requires you to be prompted? The OK button already has a UAC shield, so it obviously falls into the UAC realm. It shouldn’t be an issue to require that prompt regardless of whether I do it, or a program does it.

Have a great day:)
Patrick.

]]>