UAC to the rescue!
Windows Vista’s new User Account Control is already earning its keep! New attacks were reported this weekend that take advantage of a vulnerability in how Windows handles animated mouse cursors. A patch is due out tomorrow (apparently it’s been pushed up from an original April 10th release date). The patch will address the issue on XP and on Vista. Yes, the vulnerability exists on Vista. And yet, most Vista users are protected from these attacks already.
That is, assuming they have UAC enabled and are using IE7. On Windows Vista with UAC enabled, Internet Explorer runs in “Protected Mode” which successfully protects you from all known web-based attacks that use this vulnerability. How does it do that? Basically, “Protected Mode” runs IE in a “sandbox” of sorts, and doesn’t allow it to access anything but its own files and registry keys. If an attacker can successfully inject code into your web browser, and the browser is running in Protected Mode (also known as the “low” UAC integrity level) – that code is prevented from doing any harm.
To all the UAC naysayers – this is certainly only the first of many examples proving its value (especially it’s use in IE’s Protected Mode).
UAC is a great thing, I just wish developers made it less annoying for users, so they didn’t disable it. Google Talk and Hamachi both took steps to work well with UAC. Google Talk doesn’t even require elevated priviledges to install. Hamachi now doesn’t require elevated priviledges to run. There are still many apps that just don’t work well yet. All punkbuster games require elevated priviledges….
Hi Brandon, just my $.02 but if you ever used Vista for anything other than browsing with IE, you’d realize how damnably annoying that UAC thingy really is. IMHO if they had spent more time making windows itself safer rather than putting in these infuriating gizmos that would have been time well spent. At the very least, they could have made UAC (if it really had to come to that) not a bit but *a lot* more unobstrusive!
Rahim – I’ve used Vista everyday for nearly a year now, and have had it on ALL of my machine since November. UAC hasn’t bothered me once. In fact, I love the added control it gives me over my system. I do disable the Secure Desktop switch on most of my machines, though.
How could you possibly make UAC “more unobtrusive?” It’s already far more user-friendly than the alternatives on the Mac or Linux. Whereas those OSes always prompt for a username and password, Vista makes thing much easier by providing a simple “Continue/Cancel” consent prompt for elevation requests.
I think that makes it a lot more useable in the rare case that you even see the prompt. Absolutely nothing you run everyday should require elevation. Nothing. I have no apps that require it, except the game Vanguard which I recently stopped playing anyway (fortunately Lord Of the Rings Online was actually programmed well and doesn’t require elevation).
So again I must ask – what is it about UAC that annoys you? I find most people that complain about it just saw the Apple ad and have never even used Vista on a regular basis. If they did, they’d probably not even notice it’s there.
Unfortunately UAC may only serve to teach the average user to click “Continue” whenever it comes up without reading it, like every other Windows dialog. If this happens it becomes useless.
I agree about Secure Desktop, I disabled it myself and UAC became a lot less annoying. I also make the All Users’ Start Menu writable by the Users group to disable prompts whenever I rename or move a shortcut. That’s just a little ridiculous.
An insane number of prompts can also be encountered on ANY NTFS drive that doesn’t have Vista user accounts in the permissions list (IE: If you have anything other than Joe Average’s one disk, one partition setup) due to permissions not being set for Vista user accounts… any file operation at all, read or write, especially in old XP user profile folders, spawns a prompt. Just trying to browse folders in Explorer is an exercise in frustration. One has to go and set permissions manually for the whole drive(s) to fix the issue. Fortunately in RTM it doesn’t take nearly as long as in the RCs.
Dan –
As I wrote before, that’s completely and utterly untrue. UAC can protect you without you ever seeing a Continue/Cancel prompt.
For instance, in the case cited in this very post – there is no UAC prompt involved. You’re just protected. All you need to do is have it on.
Brandon,
First, Good work.
I recently upgraded to Vista – unfortunately seems Vista Search cannot still do Lotus Notes. Previously, I had used Google Enterprise Search. Now, on Vista it stopped working!! After two days of search I found that it was due UAC. I had to turn it off to start GDS working. I would have loved if UAC has prompted me for additional privileges GDS was seeking for…
There’s no such thing as a truly secure system and more security always equals less useability. That’s why many security “best practices” are bad practices in the real world. Applying the same level of security to mom’s recipies and the government’s nuclear secrets is just plain dumb. There’s no one size fits all to security. There’s no script you can just follow to make a system magically become secure. Security is an ongoing process that requires weighing risks vs rewards vs costs and then determining what’s the RIGHT amount of security for the target system(s). More is not always better.