Using screen dimming software to avoid typing credentials into a fake UAC prompt

This is interesting, but I'm a bit "confused".

Scenario: Malware

How is the all process initiated? Some have mentioned web browsing. OK. But, why would a user press allow/OK to an alert, whether it is a true or fake one, unless the user knows before hand what he/she is going to do to the website?

I was thinking of Adobe Flash Player update via IE. But, good and best practice is to just go straight to Adobe website and manually download and install. It doesn't hurt to have the link in the favorites.

I truly don't see the benefit of such tool to fight these type of malware.

Question: Would I fall for this? Would you? I have my doubts, somehow.
Question: Would some Jane/Jone fall for it? I guess. Then again, most likely Jane/Jane wouldn't know about this application nor having need of it. Most likely would also just allow it anyway.

I have quite a few Janes and Joes in the family. They all know they cannot allow any UAC prompt coming from the web browser, and not even from the system, except perhaps for Java, which updater is running automatically and UAC intercepts its request for admin. rights, so no faker here would work, IMO.

What am I missing


Thank you

 

Right, and the author of the previous posted link even mentions the fairly obvious, if it's a UAC alert not initiated by the user, then it makes no sense to allow it.

 

Would it be possible for the executed malware to fake a dim background too? what about if it's just the browser and a script is allowed to run which takes the browser full screen with a "dim" background? maybe even the added uac sound?

 

I don't know how this works. No doubt it can paint, but then the fake dimmed background will have to look like the real background already present at the time the faked background is generated.

 

Malware can't do that.

From UAC Processes and Interactions:

 

Yes for the first question; for example, the Dark Screen program dims the whole screen, even though it doesn't run with admin rights.

 

Right, and I understood that but formed my question poorly I should have asked, as acr1965 did, if malware could fake it, but adding if it could be done the way UAC does it authentically whereby the presently displayed background of the real desktop can still be seen, only dimmed of course. Essentially, I'm wondering how authentic malware can make the UAC prompt on a secured desktop look?

Maybe you've answered it here

it would be interesting to see how this looks running a poc. Finally, wouldn't this scenario occur unexpectedly, meaning a user with at least the basics of UAC workings decline answering the fake prompt?

 

Hello every one,



Talking about UAC I leave that at its default setting. I never understood why so called "power users" hated UAC on Vista. It's supposed to be a nag. About the only gripe I have is that it's very hard for a novice user to know why the UAC has been triggered, so they most often just click proceed. The way I look at it I know when I've triggered it, so if it pops up when I haven't then somethings up. Think about it most Linux distros make you log into the root account to do all most anything, and no one complains about that. I've actually had a couple buddies that disabled UAC on Windows 7 because it's what "power users" do. One actually had a problem on his computer and he blamed the AV software. He still didn't want to enable UAC when I suggested it. LOL.

Well, to each to his own I say.




Carlos

 

Yes .

I haven't seen any personally, but I've read of real malware that does this.

 

Okay I see. If I can get my mitts on a poc, I'd love to test it This kind of topic is of great interest to me, because it deals with built-in security functionality.

 

Don't you think we (built-in security nerds) needs a separate forum in wilders?

 

From post #30:

The second sentence is demonstrably incorrect - see usage case #1 in Programs running in the secure desktop vs. keyloggers, screen loggers, etc.

 

I reported Dark Screen and ssOverlay to Prevx as possible false positives. Prevx doesn't flag these two as malware anymore.

 

Monitor Bright is another program to reduce brightness. Thanks to the person who suggested it via PM. Like DimScreen, it doesn't reduce the brightness of all windows, so I'm sticking with Dark Screen.

 

You can edit Win 9x 16 bit through Win 7 to use Opera as active desktop, policies, display, etc., but you have to rewrite a bunch of Opera ini and css files as well and point Windows files to Opera files. This kill this and many other problems, but many might not want to go though all the trouble. LUAs can be set via certificates in Opera -- approve or reject option appear instantly. Wipe out IE and OE if you don't need or use them. Does make Windows run better IMO.

Dave