Reading Your Way Around UAC (3-Part Blog)

Discussion in 'other security issues & news' started by WildByDesign, May 26, 2017.

  1. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Great read. The bottom line is you're more vulnerable using an admin account + UAC (split token) than a standard user account. It's also interesting that he says there are similar vulnerabilities using the credentials of a different admin account for process elevation on a SUA desktop, and instead recommends fast user switching to create a separate session with an admin account. I don't know how well that would work ( ? )
     
  2. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Oh and by the way I thought I would refresh everybody's memory as to who Mark Russinovich is. Sysinternals,( creator of all those cools programs you all use, Process Explorer, Autoruns, ect.) Rootkitrevealer, Detected the Sony Rootkit, last heard like Ep_xoff works for Microsoft. Over.
    I run as ADMIN and have UAC set to max and it doesn't bother me at all and I install and run a lot of crap.:D
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    It's not realistic, it would annoy people and that's also the cool thing about Windows, at least it gives you the choice.
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    That would mean educating inexperienced users about the need for/difference between a Standard User and an Administrator account - not going to happen.
     
  5. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    In my limited experience with Linux, I've never had to switch between Admin and SUA accounts. I have just been asked to enter my password when installing software.
     
  6. guest

    guest Guest

    yes the sudo command (similar to UAC prompt) but the two accounts in linux are clearly separated unlike in windows. im not Linux expert, i just know how to use it.
     
  7. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Okay, so in Linux, you get the same amount of security without having to switch between accounts, as you do in Windows by switching between Admin and SUA.
     
  8. guest

    guest Guest

    i know....
     
  9. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    I've just created SU accounts on my two Win 10 machines, and everything works perfectly. I tried SUA with Vista and XP in the past, but there were always problems with the functionality of some programs. With Win 10 it is really flawless. This is a very informative thread, thanks!
     
  10. guest

    guest Guest

    yes and no

    https://en.wikipedia.org/wiki/Superuser

    http://www.techradar.com/how-to/com...ts-rights-and-ownership-work-in-linux-1305744

    to be simple, normally when you install Linux, it creates 2 distinct accounts: the root (admin) account and the user (default) account in which you will be logged in right away (opposed to windows ).

    in Linux, you will normally never need to switch to root account, because the standard user account give you the sudo command, so you can have root "rights" in your standard account in exchange of the password.
    MS just copied Linux with SUA and UAC .

    in Windows SUA is just the admin account stripped from some privileges resulting into a limited account.
     
  11. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    @guest Thanks for explanation.
     
  12. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Farewell to the Token Stealing UAC Bypass
    Link: https://tyranidslair.blogspot.com/2018/10/farewell-to-token-stealing-uac-bypass.html
    By James Forshaw


     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.