Archive for the 'UAC (User Account Control)' Category
Security architecture of Windows Vista, Part 2
Thursday, January 24th, 2008Part 1 did not cover how processes generally acquire their permissions and integrity levels. According to the Windows security model, which is known from Vista predecessors, a child process normally inherits the access token of its parent. Vista adds one bit to this process in the access token, TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN, which is set for normal users [...]
Security architecture of Windows Vista, Part 1
Thursday, January 24th, 2008The mainstay of a secure operating system is access protection - the undesirable activities of malware (from the internet etc.) can only be blocked by preventing a free-for-all. With the user account control of Windows Vista, Microsoft is attempting to make it more palatable for the user to work with restricted rights. But even the [...]
Why I Turned Off Vista User Access Control
Tuesday, November 6th, 2007When Windows Vista was first released for retail purchase at the beginning of 2007, one of the most common complaints from new Vista users was that UAC (User Access Control) was a real hassle. Some users were really annoyed that Vista kept prompting them for the admin password, or for permission, when they tried to [...]
Pros and Cons of Vistas UAC
Monday, October 15th, 2007If you have a Windows Vista machine, you are quite familiar with the User Access Control (UAC). Either you hate it or you love it. In my experience, advanced users don’t like it while beginners to intermediate users like it.Vista UAC
For those of you who either use a previous version of Windows, Mac OS X, [...]
The Secret Of UAC
Sunday, October 7th, 2007First of all, not running UAC is like staying logged in as root 100% of the time on a unix based system. Despite this, a lot of “advanced users” still choose to disable User Account Control in Vista. I’ll cover a few reasons for keeping UAC enabled here. One of the most obvious disadvantages is [...]
Russinovich: Malware will thrive, even with Vista UAC
Saturday, April 28th, 2007Despite all the anti-malware roadblocks built into Windows Vista, a senior Microsoft official is lowering the security expectations, warning that viruses, password-stealing Trojans and rootkits will continue to thrive as malware authors adapt to the new operating system. Mark Russinovich, technical fellow in Microsoft’s Platform and Services Division, used the spotlight of the CanSecWest security [...]
Program Names govern admin rights in Vista
Saturday, April 28th, 2007Developers have discovered that the name given to a Vista executable affects whether or not it will require admin rights to run. Security experts said the feature might seem odd, but helps to catch out spyware. Reg Reader Mike, a C++ developer, discovered the behaviour after spending days trying to work out why just some [...]
Windows Vista: Inside User Account Control (UAC)
Wednesday, April 4th, 2007A discussion of Windows Vista is almost impossible without some mention of the major changes to its user-level security. Microsoft collectively refers to these changes as User Account Control (UAC), and they’ve attracted as much controversy as they have praise. UAC is hardly a magic bullet for security issues in Windows, but Microsoft didn’t design [...]
Vista Security Tips: Yes, I Like the Prompts
Friday, March 23rd, 2007Windows Vista has been in the news a lot lately – in particular, Vista’s security. The new security features have been the target of both praise and ridicule. Even Apple took a jab at Vista’s security with its latest TV ad mocking Vista’s security prompts. Say what you will, but I personally like the prompts. [...]
Make User Account Control (UAC) Stop Blacking Out the Screen in Windows Vista
Friday, March 23rd, 2007In Windows Vista, the screen goes dark when the User Account Control window comes up, which is extremely annoying. They call it the “Secure Desktop”, but I think it’s obnoxious. Note that this will make your system less secure before proceeding. Update: Windows Vista Home users should use the registry patch at the bottom of [...]
