UAC - Still a bust

posted Feb 24, 2010, 4:08 PM by r0m30 1
I know security is hard but that's why they pay you the big bucks.  UAC is still unusable in it's current form and then I find this on technet.  Give me a break......

Quoting (emphasis added)
"End users have been asking for Windows to provide a way to add arbitrary applications to the auto-elevate list since the Windows Vista beta. The commonly cited reason is that some third-party application they frequently use forces them to constantly click through an elevation prompt as part of their daily routine. Windows 7, just like Windows Vista, doesn't provide such a capability. We understand the aggravation, and there might be a legitimate reason that those applications can't run without administrative rights, but the risk is too high that developers will avoid fixing their code to work with standard user rights. Even if the list of what applications get auto-elevated was only accessible by administrators, developers might simply change their application setup program, which requires a one-time elevation, to add their application to the list. We've instead chosen to invest in educating and working closely with application developers to ensure their programs work correctly as a standard user."

The English translation:  We want to look like we are doing something and by making our "solution" unusable we can tout our security efforts and push the blame onto the user and developer communities.

If the "risk is to high" that developers will cheat the white-list function, then that's where you step in and require the user to enter a password, sign the code or whatever you like, not click yet another next button during the install.  Make sure that the experience is unique and if you want recommend that the user says no, great recommend what you will but as the OWNER of this computer I should be allowed to decide what runs on my computer at what authority not Microsoft.  Better still, when a program requires that it be white-listed record and collect that information and then make it PUBLIC, a UAC hall of shame and make it a requirement for Windows logo that the program works for a standard user unless there is a damn good reason it can't.  Windows 7 must be trademarked, put that army of lawyers to work, don't let someone claim Windows 7 compatibility unless it runs for a standard user. This won't happen because it would require someone at Microsoft to put security before profit. 

Other issues:

There needs to be a SINGLE place where trust is established, a registry entry for this and a manifest for that isn't the correct way to be doing this and anyone who does security for a living should know this.

Installation requires and is automatically granted elevation.  I don't know where to start so I won't go on a long incoherent rant.  I'll just say OMFG.

The trust chain for auto-elevation seems a little murky to me, nothing concrete I can put my finger on.  It just feels wrong on some basic level.


The real issue here is that security needs to be at the core of an OS and the legacy issues Windows has make that a difficult and costly proposition.  Trust should one of the first services started when the OS initializes and everything should pass through that service for authority before it gets to execute a single instruction.  This is not unique to Windows but Microsoft seems to be better than most at making a bad situation worse.