Require trusted path for credential entry

Something interesting I just discovered in Win7 Ultimate Group Policy Editor: Computer Configuration-> Administrative Templates-> Windows Components-> Credential User Interface:

• Require trusted path for credential entry

It looks to add more security, although at the cost of convenience, when using the "Run as administrator" context menu option. The first two prompts shown in the screenshots have to be answered before the secured login prompt appears.

I'm guessing MrBrian might approve of this

 

Thank you for posting about this wat0114 . I have tried something similar before -see http://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx#BKMK_AdminPromptBehavior. Perhaps this setting covers more than UAC though?

Unfortunately, the extra steps need to be performed even when in a protected admin account. Another thing to remember is that malware needn't tell you to press Ctrl+Alt+Del (the aspect that ensures you're really on the secure desktop) first if it's presenting a fake credentials screen.

 

You're welcome MrBrian. I'm not sure how it works, except that according to the explanation, it prevents setaling of credentials by a malicious process, so it must add some additional security, I guess. If malware presents a fake credentials screen, then it stands to reason it would then have to present the aditional prompts this gpedit setting produces, if it's going to trick a user.

BTW, thanks for that MS link. It's been a while since I've ventured in that part of the policy editor. My UAC settings are shown below. Maybe the setting "Detect application installations and prompt for elevation" should be disabled to accomplish a bit better security level without imposing any inconvenience?

 

From http://en.wikipedia.org/wiki/Control-Alt-Delete:

That's the reason for the added security. However, malware needn't remind you to press Ctrl+Alt+Delete.

The other setting that you mentioned is for your own convenience.

 

Okay, thanks. So you mean to say that even with those two additional prompts, malware could still generate a fake secured desktop UAC prompt and steal the user's credentials? I realize the system could be infected already, if that's what you're infering by saying malware needn't remind to press Ctr+Alt+Del.

 

Yes, because if you don't press Ctrl+Alt+Delete first then you might be typing credentials into a fake screen.

 

So then this setting should at least prevent stolen credentials even if the system is already infected? That's how I perceive it, anyway.

 

No, once infected the malware could possibly still intercept the CTRL ALT DELETE. This is assuming you're on a clean machine, I'd think.

 

Yes unless Winlogon.exe has been compromised. See Programs running in the secure desktop vs. keyloggers, screen loggers, etc. for some tests.

 

Or not. haha

 

Okay, I think I understand it now. Kind of slow tonight Thanks again!

 

A different method for trying to ensure that you're really using the secure desktop is detailed at Using screen dimming software to avoid typing credentials into a fake UAC prompt.

 

Right, I remember that thread

 

I have always been using this for more than a year
I think its enabled if you use MSCM's baseline security templates.