Why isnt LUA given more importance?

OK, my mistake, as I'm not familiar with the other OS's.

But the point is, when the user grants installation privileges to install something, it doesn't matter which OS is used.

----
rich

 

While this statement is not wrong in general it doesn't catch the entire truth: It does make a difference if you install more or less dubious tools or whatever from more or less dubious websites (Windows), or if you install open source packages from digitally signed repositories (the normal case for Linux).

 

I'm sorry, I don't understand your point.

When you choose to install something, it's installed in the System, no matter the OS. If you've been tricked into installing something malicious, you are in trouble, no matter the OS.

----
rich

 

I just wanted to point out that under Linux there is normally no reason to install software form 3rd party sites. You have everything available as open source software in the official repositories maintained by your distribution vendor or community. They do not contain malicious software. That really makes a huge difference. Although your remark above is true it's not really relevant for Linux. Okay, that's just for clarification - I don't want to start another OS war.

 

To add to tlu: I use Debian Linux. Typically the way it works is that there is a core library of utilities(in 1000s) that are open source, and are present in "official debian repositories"; they have been tested (for months) for proper working with debian. And I install from them. There is also a repository that is "non-free" (and may be closed source I believe) for useful uitlities like multimedia; but this non-free repository is also generally trusted as it has been tested.

The vast majority of users would only use these trusted repositories. I only use those (+ the debian multimedia repository).

Any other software that requires root access for installation: I'm very very very wary. The only other software that I've installed which required root access is the NVIDIA graphics driver from NVIDIA's site.

Most outside software can be installed without root access. And yes, it can screw up my user directories, but it cannot screw up system files. I've installed Adoce acrobat reader, flash plugin, firefox, truecrypt,eclipse,keepassx,azureues etc all without root access.

I want to install SpiderOak online backup tool, but that requires root access(and not available on central repositories), so I've been on the fence on that.

So, as you can see, its drilled down into linux users to 1)not install software from any random site , and 2)they are given about 10,000 "trusted" uitlities that can be installed from central OS repositories. Its quite nice, to install utility foo, all I have to say on the comman line as root is

Code:

aptitude install foo

And it will automatically go to the cetral repository, fetch all libraries on which foo depends, and install everything in the right order

 

Wrong thread?
Bad questions?
Deodorant failed?
What?

 

Sorry, missed the question.
Is RunSafer present in the free version of online armour? Never tried it, but seems a nifty tool.

I typically work the other way round, as a LUA, then if I need root previleges, I use SuRun.

 

Yep available in the Free version.

 

SRP protected my XP box from this exploit just fine.

 

Most likely nobody using LUA+SRP would see any need for Online Armor's RunSafer feature (at least I don't). If you are logged on in a limited account then your browser and email client are going to run with limited privileges anyway.

 

I wouldn't disagree with what you have written... in fact it seems quite apparent that someone using LUA wouldn't be interested in also using OA's RunSafer.

My question (repeated below) was along the lines of using RunSafer instead of (not in addition to) LUA.

 

I would be interested in such a feature...sometimes when I mess around with the startup services in msconfig, I want to find what a particular service does, I go online, and it can be a pain writing down the service name, switching to LUA, running firefox, then going back to root acount.

I would prefer LUA, as somehow I just have the feeling its more secure, as it is part of the OS.

 

OK, got it now

I can't tell you anything about it, but languy99 did one of his youtube tests on it. Here's the link: http://www.youtube.com/user/languy99#p/u/76/aIjtia0DwMw. For some reason the insert link thingy isn't working for me tonight. He's got the RunSafer feature turned on. I've watched part of and it has blocked everything so far. Will take a look at the rest of it now.

Edit: Sigh, the link lands on his review of Comodo. You can scroll down on the right and find the OA review. I watched the whole video now and it blocked everything, one of the few I've seen do that on these youtube tests.

 

You should take a look at SuRun. In the scenario you mention, you can right click msconfig.exe and choose start as Administrator and take a look at the services. When you start Firefox, it will still be running limited, i.e., only msconfig has elevated privileges. SuRun makes LUA really easy to live with.

 

Thanks...I do use SuRun. Where is msconfig.exe located?

 

The link works if you don't copy & paste the last character (-).
Appreciate you posting about the youtube review, I hadn't seen it.
I was pleased, of course, to see OA & RunSafer keep the test system clean. I disagreed with the reviewer's opinion of the UI (he called it "old") and with his assessment that the program is too complicated for "grandma and grandpa". (I bet some grandmas and grandpas here at Wilders could take offense at his word choice.)

I'd still like to hear from any LUA fans as to why they prefer that route to RunSafer. Really trying to see if it is lacking in any respects. And I continue to believe that the thread topic, "Why isnt LUA given more importance?", is best answered by saying the importance and awareness is growing everyday, and Wilders has probably been instrumental in that growth.

 

It's in C:\WINDOWS\PCHealth\HelpCtr\Binaries, not exactly the kind of place you'd expect to find it.

 

I agree with you on that. The UI is not important. First of all, it's not something you have to look at very often and it's more important that the app functions the way it's supposed to. If he wants a nice UI he could install one of the rogues

I think one of the big problems here is that Microsoft has the default account as admin. Most of the so-called "average users" don't even know there's such a thing as LUA. Another problem that I run into quite often with the so-called "average users" is that a lot of them aren't really interested in learning anything about securing their systems. "I don't want to know that, it should just work" is what I hear all the time.

 

LUA is system-wide, RunSafer isn't.

 

So can someone state what the security issues would be in running Windows 7 Ultimate 32 bit with UAC maxed out in Admin verses running standard account? What types of malware can infect a system besides user interaction such as downloading and installing a file off the internet that is infected unbeknownst to the person doing the installation.

As for the UAC maxed out in admin verses standard account, let's assume the only entry for malware is downloads from the internet, nothing from a usb drive, cd, etc.

 

I would like to think Linux has been more instrumental in raising awareness of LUA. Linux users advertise LUA to everyone

 

Many web-embedded exploits do not require any user interaction, such as those attacking:

1) browser vulnerabilities. Check your browser's security site.

2) vulnerabilities in 3rd party applications, such as PDF, Flash. Check the vendor's site.

3) vulerabilities in the Microsoft Operating Systems. The recent Link vulnerability falls into this category. MS advisories, including Patch Tuesday and out of band patches detail these.

All of the above exploits seen so far attempt to download a malware executable.

-----
rich

 

An Administrator account is always an Administrator account, even with UAC enabled. If UAC is bypassed, you'll understand the difference between one and another.

http://blocklistpro.com/latest/when-a-keygen-is-more-than-a-keygen.html

That's just an example I saw some time ago.

I also remember reading something last year about a security bug existing in IE7, which was solved either with Vista SP1 or SP2, I don't quite remember. This bug would allow Protected Mode (in Administrator account with UAC enabled) to be bypassed.

An Administrator account is always an Administrator account. (Let's forget power users tweaks, etc., as I'm only talking about simple Administrator account with UAC)

 

Would UAC maxed out prevent the above from executing?

 

I'm sorry, I don't know how UAC works -- that is, at what point it kicks in with an alert -- and I've not found anyone who can test exploits with it.

----
rich