| Daniel James 2007-07-30, 7:15 am |
| In article news:<5h3kcgF3idn73U2@mid.individual.net>, Arno Wagner wrote:
> UAC is in fact a step backwards, since most people will click ''yes''
> without reading it after a few of those.
I agree that UAC is not well implemented in its current incarnation in
Vasti. It does do things that improve security, though, and for most of
those it doesn't matter if the user does just click blindly on "Yes".
UAC is an awkward beast. On the one hand it adds some security by
preventing some questionable activities, while on the other it actually
reduces security by elevating the privileges of some processes to enable
them to run from a limited user account. The way it decides to do that is
questionable ... automatically elevating a process's privilege just because
it's name includes "setup" is an open invitation to malware writers to call
their malwares "setup"!
Given the size of that hole, it seems odd that some of the hoops you have
to jump through to circumvent the 'security' that UAC imposes are very
small and held very high up. For example: UAC normally prevents a process
from installing a JOURNAL_RECORD hook (the sort of hook you'd want to
install to implement a keyboard macro recorder, for example) because such a
hook might be used by a keylogger. Fair enough, keyloggers are bad and
represent a real security liability for people using their PCs for (say)
home banking; stopping keyloggers is a good thing.
Some apps do have legitimate reasons for wanting to use those hooks to
implement macro recorders, though, and to make that possible UAC allows
some apps to continue to use the hooks ... such an app must be code-signed,
must contain a manifest that says it requires elevated privilege, and must
be installed in a standard place (such as a subdirectory of C:\Program
Files). I can see good reasons for all of that ... but given the weakness
of the security of some of the other things that UAC does this is an
incongruously strict set of requirements.
> Operating XP with current patches and a virus scanner, Firefox or Opera
> as browser and not Outlook to read mail is pretty secure today.
Yes ... especially if you don't use an administrator account for
everything. The trouble is that a default XP install is a right PITA if you
don't use an administrator account ... there are too many things that can't
be "Run As" administrator from a limited account, and too many file
permissions that are set up by default to be just a little too restrictive.
UAC does make limited accounts more usable under Vista.
Cheers,
Daniel.
|