Windows XP turns 20: Microsoft’s rise and fall points to one thing — don’t fix what isn’t broken

Graphic drivers sucked. It took NVIDIA and ATi a few months to get suitable gaming drivers released. I never witnessed any app issues. It was all fine by SP1. And Apple started their attack before it was even released, while copying some of the features in advance if its release. But that said this is not 2006 so I will put forth no effort to look up any old articles referencing any details. It's too late to save Vista so that is not my point. It's just an example of how effective marketing can be.

 

This.

 

Don't get me started on Windows Vista's Aero vs X Windows (~Linux) + Compiz/Beryl/Compiz Fusion. Anybody remembers Cube plugin for Compiz? Unfortunately around 2007 I was a poor kid with old computer so I missed all that 3D effects back in the day when they were cool and could only watch them on YouTube and as pictures in tutorials.

 

As yes, remembering how horrible Vista was without Aero. Even worse than that ugly plastic XP theme. I really wish they had kept the watercolor theme in XP from the betas.

 

You can still have that and much more (CompizConfig Settings Manager).

 

Yes correct, the problem is that back then, almost nobody was using the 64 bit version of Win XP. And sandboxing has been very important, because it made browsers a lot harder to hack. Same goes for PatchGuard, rootkits haven't been a huge threat anymore since it has been implemented.

No, turning of UAC won't make all processes run with high priviliges. And with the right protection tools, you don't need to worry about malware getting admin access. Those stupid UAC alerts ain't worth the annoyance.

 

I tested it myself, it does. Except processes that manually set their privilige levels like browser sandboxes.

Even with UAC on max I only get alerts once in a while, no annoyance there.

 

Why would it be pointless to run programs with severe limitations?

 

If you're running as admin it does. If you are running as a limited user than it won't but then you would be having to set write permissions for multiple apps and probably having registry saving issues. I am not of the impression that this is what is happening. If you think UAC prompts are annoying running a standard account with it off is way more work. I may be misunderstanding what you have for a setup and you are under no obligation to take the time to explain it all to me, but in most case when people turn off UAC due to annoyance, they are leaving any running program the ability to openly write to anywhere it desires to do so.

 

This was my experience with SUA in Windows.... Windows XP in ~2009. It wasn`t an issue anymore when I installed Windows 8 in 2014.

 

Perhaps I'm misunderstanding, but most apps that I run only need high priviliges when they need to be installed, after that they switch back to running with medium priviliges. Of course, when you turn UAC off, then malware can automatically get high priviliges, but there are better ways to protect against malware than UAC.

You need to remember that almost 100% of all UAC alerts that you will get to see are triggered by legitimate apps. Most home users are so used to clicking on yes, that the one time that it's malware that's triggering it, they are likely to simply ignore this alert and will most likely allow it. Like I said, it's not worth it.

 

Post-Vista Windows with UAC enabled runs programs with medium integrity level by default. When program needs high IL it tries to escalate privileges which triggers UAC alert. Vast majority of programs don't switch back to medium integrity level by themeself. Process that gets high IL after escalation usually runs with them until process terminates.
When you turn UAC off then all programs get high integrity level by default. That's why programs don't trigger UAC alerts - they already are in high IL already.

 

Exactly this. Firefox started switching back to lower integrity after an update. It did not in the past. Most things still don't. As a matter of fact I'm not even sure how to so any software we make just ends instead of continuing at high integrity or launching an elevated child process.

It also reminds me that I had complained to multiple vendors then when you uninstalled their software it would launch a browser with a survey wanting to know why you uninstalled. As a child process of the uninstaller said browser would be running with high integrity and if you continued to browse with it after the survey then you were exposed to countless dangers on the internet. I see many have stopped doing it. I think a lot of folks just don't understand what happens with these things behind the scenes.

 

Of course it's worth it. It prevents RCEs that in other cases would get admin rights without you clicking anything.

 

That's not what I'm seeing on Win 8 and Win 10 with UAC turned off. Most apps will run with medium rights and when I want apps to run with admin rights I actually have to manually change this via Windows.

The point is that malware can get high privileges automatically when UAC is turned off, but my anti-malware tools are supposed to block malware from running at all or to block them from being able to perform certain activities. That's why I don't bother with UAC, keep in mind you will also get to see those alerts when launching Process Explorer and Win Task Manager, LOL what a joke.

Unless you can already tackle those RCEs with other tools that don't present you with an annoying UAC alert that is triggered by legitimate apps almost 100% of the time LOL.

 

Process Explorer shows those apps running suddenly with high rights instead when UAC is disabled. UAC alerts are becoming less and less frequent, for example most popular programs usually now have a background service or scheduled task with which they can update automatically in the background without needing to ask the user for admin rights. Also programs expect UAC to run, since it is default, so security applications will expect it to run too, thus not offering any extra protection in case it is off and maybe even undermining the provided protection. The only way I would trust turning UAC off is with a full-blown HIPS, which throws tons more of alerts than UAC ever will.

Indeed, the same happens when installing software and the software opens a browser to show release notes, a welcome note, a promotion or whatever. I checked the integrity level of the browser back then, and some correctly launched it with medium rights, but most with high rights.

 

How often do you get an UAC prompt exactly? I get one less than once a week LOL xDDD

 

IIRC Windows XP either didn't have a firewall built-in or it wasn't turned
on by default. Not until service pack 2. Being online led to XP being exploited.

Don't understand why some users found it difficult or problematic to run WXP
in a (LUA) limited user account. Only way I'd run it and also stripping out the
MS core components and opting for 3rd-party software for privacy and security.

MS couldn't get enough users to drop XP & switch to Vista & even W7 took sometime
to surpass XP in usership. Seems MS has had a pattern of OS's that are good or bad
and XP being in the category of one of their better OS IMO.

 

I experienced fewer problems with 7 than with XP, and read that there were improvements in internals for 8 and 10. For the interface, I just use Open Shell.

 

I really don't have a clue what you're talking about, perhaps it depends on the type of apps that you're using? Like I said, my apps all run with medium IL. And I believe browsers that use built-in sandboxes don't care about whether UAC is enabled or not. I also wouldn't want every ''popular'' app to use background services, it just makes the attack surface even bigger.

Also, you shouldn't compare HIPS to UAC. First of all, with HIPS you can make rules and you can make them run in ''trust mode'', this will reduce alerts considerably. With UAC you will get the same alert over and over again. Plus, the fact that some app needs admin rights doesn't say anything about any possible malicious intentions. While if I get an alert about code injection or driver loading, it does give me information about some app being trustworthy or not.

I guess you never use tools like Process Explorer then.

 

.. You know you can easily avoid those from popping up by creating a shortcut to a task, right?

 

I've checked it for both Windows 7 and 10 and apps launched by the 'user'(under explorer.exe, they don´t necessarily have to be launched by the users themselves) and they now have high IL.
I've checked Firefox, Opera and Vivaldi. Opera and Vivaldi still have processes with high IL, only Firefox switches back to medium after a few secs. But even when they wouldn't have processes with high IL, it may be possible that a compromised sandboxed process with lower IL can just break out of the sandbox by requesting admin access and obtain a high IL because it is automatically approved. The sandboxes are dependent on built-in Windows security mechanisms/models, disable part of it and who knows what is possible? Apart from that fact, there is more than just sandboxed browsers..

The extra attack surface is less risky than disabling UAC lol.

I'm not comparing it like that, I know they are completely different. I'm just saying that disabling UAC lessens the security so much, that the only case I would be comfortable doing that is with a machine completely locked down with a proper HIPS. And yes, unfortunately you cannot whitelist an UAC alert, but there are ways around that like Melionix said.

 

Exactly this. This is the only way it should ever be done. If you disable UAC on an admin account there are no boundaries. If you do it as a standard user then there are some things you can only do by running as a different user, which is more of a nuisance prompt than UAC is.

 

I still haven't got a clue what you mean, the only time when apps run with high IL, is during app install. Let's say that after this you reboot the system, then they will run with medium IL. Both Vivaldi and Edge don't have any processes running with high IL on my Win 10 Home system, perhaps something is wrong on your system?

Like I said, browsers are the main entry point for malware, and the built-in sandbox is NOT affected by disabling UAC, it's because the browser itself is the gatekeeper, similar to how Sandboxie works. Disabling UAC won't weaken a browser's sandbox AFAIK. Same goes for other apps that have implemented sandboxes like Adobe Acrobat Reader.

I'm sure you know what I mean. The only third party apps that should be running with system IL are apps related to security. I wouldn't want system cleaners and document readers to run with system IL which makes them even more powerful than when they run with high IL.

 

That's exactly my point, it's no problem to disable UAC if your system is already protected in other ways. The thing that you guys are missing, is that UAC is mainly useful for tackling exploits. So in other words, if malware somehow manages to run via a browser exploit then it might get automatic admin rights without UAC warning you about it.

But here's the thing, there is a big chance that when some exploit succesfully manages to bypass the browser's built-in sandbox, that it will also be able to bypass UAC, especially when a Windows kernel exploit is being used.

Also, there is plenty of malware that don't even need admin rights to do any damage, think of banking trojans and ransomware, so UAC wouldn't have helped anyway. So yes, anti-malware tools are way more important than UAC in my view. Those stupid UAC alerts ain't worth it.