Windows XP turns 20: Microsoft’s rise and fall points to one thing — don’t fix what isn’t broken

Discussion in 'other software & services' started by mood, Oct 25, 2021.

  1. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,346
    Location:
    Hollow Earth - Telos
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,576
    Location:
    Canada
    Exactly, you are not running with full admin rights with UAC set to 'Never notify". Take a look at the link again, originally posted by Stapp.

    UAC 01.png

    So when you run your web browser, for example, it is running with the Parent process Explorer.exe with the inherited User token, therefore running the child web browser with only user rights.

    i don't think so, because with UAC set to "Never notify", malware will simply auto-elevate without any interference from a UAC alert requiring the user to answer the Consent prompt normally seen when set to Always notify. This is why you would - and do - run with 3rd-party security tools under your admin account with UAC at Never notify.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    In other words, you don't gain any type of protection against malware that runs via either the user or automated exploit.

    I do always get to see an alert when I copy and paste files into the Program Files folder, so I figured I wasn't running with full admin rights, but I just don't see the point about why Windows would block this when UAC is set to ''never notify''.

    Wouldn't it make more sense to add a hidden ''completely disable UAC'' setting, for people who need this for whatever reason, of course with a warning about that this may interfere with the correct running of apps and this may weaken browser sandboxing, for example.
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,576
    Location:
    Canada
    The way I understand it, no.

    Yes, because the Protected admin is running the a second access token with the admin Windows priveleges and SIDs removed.

    Well, sure, but MS would frown upon this, just as they advises against setting UAC to never notify. BTW, with Pro windows under Group policy, you can disable UAC:

    Again, Stapp posted this much earlier in this thread.
     
  5. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    453
    Location:
    Milan, Italia
    I use SUA and have no problem updating FF.
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,705
    Location:
    Outer space
    Maybe it is because when I still used an Admin account, I never activated background updates(always had an UAC prompt during update), because it fails really early. When I open the About window, it searches for updates and immediately gives an error and points me to the url of the full installer. Or maybe it is because I demoted my own Admin account to SUA and created a new account for Admin instead of completely fresh accounts.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,705
    Location:
    Outer space
    Okay, no problem.
    Well, it looks like folder permissions are screwed when you completely disable UAC. So if a process with restricted rights would be compromised(e.g. sandboxed, run restricted or guarded with other apps like Comodo, Spyshelter, AppGuard etc), that might compromise security. Like I showed, Firefox with Medium IL can then write to the Windows folder for example. Off course when UAC is on Never Notify and if malware would run unrestricted, it could just silently get admin approval and get access to the Windows folder anyway.
    So while never notify will not interfere with malware, it is more secure than completely turning UAC off.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    Yes of course, I'm being silly. Windows Explorer is running with medium IL, so that's why it still throws up those warnings. And what I meant is that if you don't gain any security with setting UAC to never notify vs completely disabling UAC, then you might as well give an hidden option for administrators who temporarily need to disable UAC in order to bypass those warnings, see link.

    https://superuser.com/questions/1013702/completely-disable-uac-in-windows-10

    Yes, probably that's why they changed this behavior in Windows 7, seems a bit silly that it worked differently in Win Vista.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    Not to start this discussion all over again, but why exactly did you switch to SUA? Because this is basically what the discussion was about, to me it's a matter of finding the right balance between security and usability/convenience. So I guess you are worried about Windows Defender and HMPA failing to block malware from running, even though browsers are a lot of harder to hack nowadays?
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    BTW, earlier in the topic I mentioned a drive by attack on macOS (second link), and seems like this backdoor was indeed able to get persistence, in other words even after reboot it would still be able to run. Of course the macOS isn't the same as Windows, but it still leads me to believe that a browser sandbox bypass via the OS kernel will most likely also bypass UAC on Windows. Like I said, I wouldn't rely on UAC for security. Keep in mind, third party tools were still able to mitigate the attack on macOS, even if the backdoor was probably running with full admin rights, see first link.

    https://objective-see.com/blog/blog_0x69.html
    https://www.wilderssecurity.com/thr...x-what-isnt-broken.441518/page-5#post-3052053
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,705
    Location:
    Outer space
    I'm not worried, for me it doesn't hurt usability, so why not? Contrary to UAC, using SUA actually IS a security boundary because processes with admin rights run in a different session. It even seems it is very effective against exploits:
    https://www.ghacks.net/2017/02/23/n...igate-94-of-critical-windows-vulnerabilities/
    (Unfortunately the article doesn't give any details how SUA exactly interferes with exploits and the link to the mentioned report is dead, I also couldn't find it on archive.org)
     
  12. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,409
    One of the comments there says
    “It’s such a bother to have to enter the password every time”

    That can be easily solved that simply having a PIN.
     
  13. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,148
    Location:
    USA
    A PIN for UAC? Is that a thing?
     
  14. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,409
    Last edited by a moderator: Dec 8, 2021
  15. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,148
    Location:
    USA
    We do use them for standard accounts but when you do that the admin is a different account. UAC in that situation prompts for a username and password. Maybe on a workgroup machine that is easier to do. Not sure what it would take on a domain. A PIN is local to a machine. A domain admin account would come from the Domain Controller. I don't think it works in the situation where I would like for it to.
     
  16. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,349
    Dear God, you guys still talking about UAC bypasses, security and yada yada yada? It is not a security boundary, dont expect it to be, it is a convenience feature for SUA, that is the real deal for Windows Security; the reason that Linux is safer than Microsoft's OS is the very concept of not using an admin (root/superuser) account for daily usage, it is a huge bad habit to use an admin account for everything.

    UAC seems to be Microsoft (failed) attempt to move everyone for a Standard User Account model/environment, I dont know why people cant understand that, IT IS NOT A SECURITY SOLUTION.

     
    Last edited: Dec 8, 2021
  17. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,705
    Location:
    Outer space
    :argh::argh: We're actually talking about SUA now :ninja:
     
  18. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,349
    So my work here is done :argh:
     
  19. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    453
    Location:
    Milan, Italia
    Hallelujah! :argh::argh:
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    Well, you obviously are worried, otherwise you wouldn't switch to SUA. In other words, you don't have enough trust in Win Defender and HMPA. And I also don't know how it will be able to block exploits, because malware can also run in SUA, so that report is probably BS. It's Avecto (now BeyondTrust) trying to sell products.
     
  21. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,705
    Location:
    Outer space
    I am not worried, that is your false conclusion. I can get free extra security without interfering with usability, so why not? If a rich man can get more money for free and he takes it, it does not mean he is afraid of becoming poor. Also, I don't use Win Defender.
    The fact that malware is able to run in SUA does not disprove the fact that it may block exploits. The report was about critical WINDOWS vulnerabilities, so probably in processes running as admin/system. Since those run in a different session than processes in SUA, which according to MS is a security boundary in contrast to UAC, that might explain it working against exploits.
    Avecto, like any other security vendor will probably exaggerate threats to sell products, but saying a free built-in Windows feature is effective will not help them sell products, if it has any effect it would be the opposite.
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,868
    Location:
    U.S.A. (South)
    There's a plethora of 'knockoff's' out to make that easy quick pad to their pocketbooks. So be it. For the common everyday home PC User there abounds ample mostly FREE protections that seal up every conceivable hole and those yet to be tried yet so I don't even bother.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    What I'm trying to say is that you are clearly trying to achieve something by switching to SUA. In your view it makes the system even more safe, comparable to how I choose to use tools like SpyShelter and AppCheck for example. I personally think that SUA, which is even worse than UAC in high level, is overkill.

    And SUA won't block exploits from running, but it might block malware from getting admin rights, but that's why hackers often use privilege escalation bugs in Windows.

    Also, Avecto/BeyondTrust is selling a product named Endpoint Privilege Management, which makes it easy to remove admin rights. But the funny thing is, now they mention that even when admin rights are removed, you can still be infected by malware, so that's why they also offer ''app control'' to stop attacks on trusted applications, nuff said.
     
  24. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,705
    Location:
    Outer space
    Which are allegedly broken by using SUA. It might not block exploits from running but it might break the exploit chain. And you can't defend against a browser sandboxed being bypassed by exploiting Windows, but if SUA can break the exploit chain then it also helps in these cases.

    Sure, I don't trust them, and the 92% is probably greatly exaggerated, but that doesn't mean is is completely ********.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    OK, then perhaps I should look into this. I personally don't see how browser exploits can fail to run when running in SUA. I do understand that a lot of malware will fail to run with limited rights, although a lot of ransomware doesn't need admin rights to encrypt files. As mentioned before, malware can still do quite some damage even with limited rights.

    I did see that BeyondTrust has published quite some info about this subject so perhaps they are right. But anyway, it would be interesting to know how many people bother to run in SUA and how many people have disabled UAC. For me it would be too much of a hassle, I rather use security tools to block malware from running or doing any damage.

    https://www.beyondtrust.com/blog/entry/privilege-escalation-attack-defense-explained
    https://www.beyondtrust.com/blog/entry/what-is-least-privilege
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.