Feedback asked

Thanks Sul. I finally gets what is all about. Thanks for the input. I ready to test it out and give a feedback soon.

As far as I realize this, an alternative to "run as admin" and alike.

It is necessary to have SRP with this?

Thank you very much. Pretty much excited to final version.

 

mmm, I don't know it is an alternative to RunAsAdmin. I would say it is a combination of system hardening, application hardening and execution control, but in a loose way. Unlike a HIPS or default deny tool like SRP, this targets only specific areas that is useful to those using UAC mostly. It is of great interest to me to finally find a way to not be an admin in daily usage but also not be so restricted as to pull my hair out.

Sul.

 

How is the project coming along.

I checked Mr. Woojoo and no links for Safe Admin yet, must be still improving.
Website is still 1989. Loads fast.

 

It is going very nicely. It has grown way beyond the original state, but that is a good thing. I have learned some new theories on how and why to do things, which led to betterment in many areas. It grew so much and has the possibility to be a nice tool so I devoted more time to error control and logging than I normally do.

The ability for a novice user as well as advanced user to be able to use this has been accomplished I believe, although it is no easy task to do. Much harder than I thought it would be.

The current status is much of the "meat" is done. I am currently implementing the EMET routines and IL routines. The ACL/Virtualization/Zones are coded and expected to work but not fully tested.

Part of the slow nature is becuase I have broken the project up into two pieces and developed a psuedo-script language for it (INI style) but have kept each component easy for novice and more complex (and faster in bulk) for advanced. The tool has many algorithms to check for many things which might be an issue. It will be equipped to rollback to original settings or remove itself or only parts of itself. This tool will have logs good enough to understand what failed and why. It will be able to 'resume' what it was implementing if shut down prematurely.

It is very close to a closed alpha test to get major bugs out. As I 'enable' different components in each successive alpha, and they are all online and working without major bugs, I will release an open beta. During open beta, hopefully few bugs are encountered, and it gives me time to focus on the UI portion. The initial stage will be the executable that does all the work. Fully functioning, just without the UI to help novice and make it pretty. The 'worker' program does all the work anyway, just from command line or a scripted file.

No ETA I guess, it has been much more than I first thought and much longer than I first thought. But the end product will, to me anyway, be very much worth the effort.

Sul.

 

Does anyone notice a considerable lag between the moment we execute something with administrative rights and the moment that the box to allow/enter credentials actually appears?

 

Yes, I do

 

Thanks

I've been wanting to ask this for quite sometime, but just never occurred me.

This option doesn't seem to be too appealing, considering that it will sacrifice a few seconds (more than 5 according to what has been my own experience, at least), and many applications do not have a digital signature.

Unfortunately, I still couldn't play with SAFE-Admin, but I'm wondering if such option would come also with an option to remove this restriction, so that a user can temporarily execute an unsigned application?

 

I think it will do that once the context menu is up. It depends if it needs a reboot to do so, haven't tested it.

Sul.