Windows 10 UAC Bypass Uses "Apps & Features" Utility

Discussion in 'other security issues & news' started by itman, May 23, 2017.

  1. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    @Rasheed

    Do yourself a favor and stop making a fool of yourself. The more you talk about UAC/SUA and compare it with AE/Sandbox/HIPS, the more obvious it becomes how much you worship your own ignorance.

    I can sympathise with why you insist on making assumptions of what people fear and pushing it as an agenda to put yourself on a pedestal high to convince yourself you are above the rest of us...
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I'm afraid you're the fool. I have never compared them, I said you don't need SUA if you're already using security tools. That's not a comparison, go think about this one. SUA is just another layer, but if you're already using tons of layers it might not be worth it. SUA can't provide what AE provides and vice versa, they have a different purpose we all know that. It's funny that you get so fired up every time people rip on UAC, you must be really having a hard time reading about all of these UAC bypasses. :D
     
  3. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    The only hard time I'm having is to explain things to you something that is as clear as the difference between day and night. Once again, you keep telling people they don't need UAC/SUA when they have security tools. That's the ignorance on your part but it's futile to explain to a person who can't see the world is round as he will keep insisting that it's flat.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    That's the problem, you seem to think you need to explain stuff, as if I don't understand, now that's ignorance. Earlier in the thread you said it's not about fear of "super exploits", but it's about the principle of least privileges. And why do we need this principle, is it just for fun? No it's to make it harder for malware to take full control of the machine, and normally the malware will be triggered by some exploit. What can be done to tackle malware and exploits? By using security tools with or without SUA/UAC. Do we need SUA/UAC for security? Depends on your own perception about what is the best balance between security and usability. It's not rocket science.
     
  5. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    @Rasheed

    It's not "if"...the problem is you do not differentiate between exploit mitigation, limiting damage and access control through least privilege, and malware prevention/detection through security tools. One doesn't replace the other.

    Unlike on SUA, when you run as admin with UAC disabled, there is no security boundary that isolates processes on the same desktop. Your security tools are running on the same desktop and in the same user session with whatever threats you may face.
    You have basically given malware a much easier task since they no longer need to care for local privilege elevation attack. Forget about UAC bypasses...you have basically given free reign. There is no UIPI and IL to even attempt to prevent shatter attacks.

    Just think about the implication of that choice. If security/vulnerability researchers can find flaws and bugs even in a standard user account which acts as a security boundary, do you really think it's going to be hard for them to find flaws in security tools which mostly ignore best security practices?

    As for the balance between usability and security, that is what UAC represents. It is a compromise. Ideally, from a security perspective, one ought to run as a standard user for daily usage and switch to an admin account for admin tasks. However, Microsoft has decided to trade-off security for convenience to encourage more users to run with standard rights most of the time, rather than not at all.

    I agree it's not rocket science. I just think you downplay the significance of the OS architecture and design too much while putting too much faith on security tools which run on top of that OS. I am suggesting you rethink your perception and understanding of what security really entails.

    Don't get me wrong. I was once like you...thinking that running on outdated systems without patches and admin was fine as long as I have the right security tools. I have even had 5-7 tools running at the same time before. However, the more I read up, the more I came to a humbling realization that I had been wrong. It takes courage to acknowledge that.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Plain enough if you ask me.

    I bet M$ gets plenty weary constantly plugging little vulnerabilities that always crop up which initially might not have seemed so but turned out to be a another favorite for the pokers to make their way through to landing ground.
     
  8. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    There has been internal talk at Microsoft about setting UAC to max on Home versions and not providing any option for the user to disable it. ;)
     
  9. guest

    guest Guest

    I wish they do it :D
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Is that currently being debated? From what I've observed most users run with UAC at the default Vs turning it completely off, so I don't think locking UAC On would be a problem. I don't know how much difference it would make though in terms of users allowing malware to access their systems.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Microsoft can do a few things to make UAC a bit more effective.

    For starters, UAC should show the process that is trying to start a process with elevated privileges. To placate folks like @Rasheed187 who are annoyed by it, Windows perhaps could not post a UAC alert for processes requesting elevation run from the desktop or start menu by a local admin although there are risks in that.
     
  12. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
  13. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    To prevent repeated popups windows just needs a variant of sudo, where by apps chosen by the administrator can be effectively whitelisted. For best security if the hash of the binary or signed signature changes then it would need whitelisting again.
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Yes, since what is being exploited is the ability to run OS utilities as hidden that will surpress the UAC alert. There are a number of utilities with this capability e.g. defrag.exe.
     
  15. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    ok thanks for confirming, so author of article another person guilty of thinking windows 10 is the only version of windows, he should have stated "windows" not "windows 10"

    For reference I have UAC at the top level so apps like defrag still generate a UAC prompt.
     
  16. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Whitelisting in this regard opens a few security holes. For example, malware running process explorer as admin to terminate/suspend processes, etc..
     
  17. mWave

    mWave Guest

    If you allow a program to run which happens to be malicious and requires administrator rights while using VoodooShield with UAC disabled then it could be game over. However, using VoodooShield alongside UAC being enabled is more or less the same as running programs normally as you would with UAC enabled, which is beneficial from a security point of view regardless of the fact that UAC was not actually designed to block malicious software in the first place.

    Anyway, VoodooShield has nothing to do with UAC. The way people constantly bring up that product when UAC is being discussed does indeed suggest a lack of knowledge (not aimed at you though, I mean generally).
     
  18. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    I wouldnt whitelist process explorer :)

    A whitelist controllable by the admin is better than a whitelist thats hardcoded.

    Also I dont think process explorer would be targeted, probably less than 0.1% of users have it installed, so if the malware cannot view the whitelist, and as such doesnt know what is whitelisted, it can only guess, and would likely only target binaries it believes to be widely used. I accept your point, but I think would be better than the static whitelist as right now malware authors know on 99% of machines core microsoft binaries are whitelisted.
     
  19. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    :thumb:
     
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    In regards to Microsoft's setting of UAC to max. level and making it mandatory, if true, is the typical "BandAid" security solution we can expect.

    First, it is the least costly one which of course is Microsoft's utmost solution criteria. However, it doesn't address the real problem in that Windows is a fundamentally flawed OS from a security point of view. Windows uses the concept of identities to assign privileges and resultant permissions. That concept has been repeatedly in the past and currently with increasing frequency being exploit by malware.

    A start in the right direction for remediation would be for Microsoft to adopt the concept of trusted and untrusted processes used by most anti-execs and a number of HIPS's. Also this protection should not be a "tack on" employed in Windows Defender but be built in the OS kernel itself.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Interesting post, and all valid points. Back in 2004 when I joined WSF and when exploits were a huge problem, all experts already advised to run as non-admin. Of course in Win XP this was a pain, and we don't even have to talk about the Win Vista fiasco. When I switched to Win 8 two years ago, I tried to run with UAC enabled, but it was still too annoying to me.

    Then I started to think about: is it really worth it? My personal answer was: no it isn't. In my case, I would end up clicking on at least 1000 of self triggered "expected" UAC alerts and for what exactly? It's all about the balance between security and usability and that differs from person to person.

    And that's why I asked you guys what are you so afraid of. You basically just answered it, you are indeed afraid that elite hackers will figure out ways how to bypass home user security tools on a large scale. Even though I'm clearly quite paranoid, at the moment I'm not too worried, at least not enough to make me switch to SUA. Speaking of SUA, would it be able to block/mitigate kernel exploits?
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I thought I had already explained this, but perhaps you misunderstood:

    All app installers need admin rights. So if you have already decided to download and install some app and AV says it's clean, you're going to allow it to elevate anyway, you have no choice. In addition, you will have to respond to the AE/whitelisting alert, so that's two alerts instead of one, for no good reason. UAC is mostly designed to tackle malware delivered via exploits, same as VS. That's why people might bring it up.
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Personally I'm not afraid of exploits or malware for that mater. I just prefer to separate admin and account for everyday usage. Since I don't install software all the time SUA + UAC is just perfect solution. I like to be asked for confirmation when doing admin stuff. It even saved me once when I tried to delete file from wrong folder.
    UAC is not meant to fight against malware it's meant to easily elevate from restricted to elevated rights - for whatever reason.
    As you said:
     
  24. guest

    guest Guest

    If it is your machine and you are the only user you are right. Now what about the other members of your family or friends ? do you allow them to download & install whatever they want on your system?

    Noo !!! UAC was made to deny unwanted elevation and restrict access of your account by other accounts. I told you thousand times already bro !
    The fact that it tackle malware is because most malware needs elevation , those aren't needing it , won't be monitored and blocked by UAC.
     
  25. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    I am sure it has been "talked about" before. What they will end up doing is anybody's guess.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.