Skip to content

Vista Myths: “Users will just click OK”

by Brandon on January 31st, 2007

Today I’d like to dispel a myth about Windows Vista which says that User Account Control (UAC) will not protect users because they will just click “Continue” or “Allow” on the dialogs that ask them for permission for an application to run with Administrator privileges.

Is it a problem that users are often too willing to click Allow or Continue buttons without knowing the full consequences of their action?  Certainly.  Please don’t think I am contending otherwise.  However, consider the following scenario:

  1. Joe User starts up his Windows Vista machine and logs into an Administrator account with UAC enabled.
  2. Joe opens up Mail Program Express* – which automatically runs with reduced privileges because of UAC.
  3. Joe clicks on a malicious HTML e-mail message that triggers a buffer overrun exploit against Mail Program Express, which executes some malicious code.  Perhaps this code includes instructions to delete important system files, muck with the registry, or access sensitive information about your computer or other users of the machine.
  4. The attack against Mail Program Express succeeds, and the code is run – but the code fails to have any impact on the system because it is running in the context of Mail Program Express – which does not have Administrator privileges.

At no point during this example is a UAC dialog thrown. 

Could a more sophisticated attack cause an attempt at privilege escalation?  Depending on the nature of the attack, it’s possible.  But in such a case, the user would be presented with a UAC dialog completely out-of-the-blue.  It would probably be an unsigned app (scarier dialog), and the user would probably say no.

So what does this mean?  It means that UAC is a lot more than just another warning dialog.  Don’t turn it off.  It just might save you a lot of heartache one day.

* this could be any benign application you use daily, especially internet-connected ones like mail readers, web browsers, chat clients, etc.

From → Uncategorized

2 Comments
  1. I completely agree with you.

    I am actually liking the UAC, and even though it can be annoying – I am making myself get used to it. I especially love that Internet Explorer runs in an even more secure and restricted environment and it is GREAT when I tried to view the source of a Page – when a pop-up jumped and asked me if I am sure I should let Internet Explorer interact with Notepad.

    As you point out, if something comes out of the blue and it is unexpected – then users will click NO… It’s just logical.

    I’ll include this on my Vista blog and link back.

    Cheers,
    Petar
    http://www.VistaJuice.com

  2. Artie Kay permalink

    Another positive thing about UAC is it throws a huge spotlight on poorly coded apps, so they can be replaced.

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS