Microsoft Says Other OSes Should Imitate UAC 493
COA writes "Many Vista adopters find User Account Control irritating, but Microsoft thinks it's an approach other OSes should emulate. Microsoft Australia's Chief Security Adviser Peter Watson calls UAC a great idea and 'strategically a direction that all operating systems and all technologies should be heading down.' He also believes Microsoft is charting new territory with UAC. 'The most controversial aspect of Watson's comments all center around the idea that Microsoft is a leader with UAC, and that other OSes should follow suit. UAC is a cousin of myriad "superuser" process elevation strategies, of which Mac OS X and all flavors of Linux already enjoy. The fact is that Microsoft is late to the party with their Microsoftized version of sudo. That's really what UAC is, after all: sudo with a fancy display mechanism (to make it hard to spoof) and extra monitoring to pick up on "suspicious" behavior.'"
Re:biggest issue is filesystem (Score:1, Informative)
Re:Patently obvious motivation. (Score:3, Informative)
Not to say that any old user can come along and figure this out quickly and easily but the facility is there for distros to design tools around it or to just provide a sane, default configuration.
Re:Um, no thanks... (Score:2, Informative)
Disclaimer: IANAsecurity expert, but I play one at home.
Re:Obligatory (Score:2, Informative)
Write a goofy screen saver and get people to download it. On install, say "you need to log in to install" which isn't unusual for a screen saver (at least not to the layman.) You put up a fake login dialog, and record their password. You install the screen saver in the user's folder, which doesn't require a password, and will trick the user into thinking it's all legit. Then you just transmit the saved password to God knows where when the screensaver activates.
I don't know if Microsoft's system offers more protection against that scenario.
Re:Default Behavior (Score:3, Informative)
Re:Or not? (Score:3, Informative)
I'm surprised the diskutility's fix perms didn't catch that though.
Re:Or not? (Score:3, Informative)
It already does that. Exactly that, in fact. It opens up and says "The application needs to install a kernel extension." or "The application needs to install plugins into
Re:Obligatory (Score:5, Informative)
Evi Nemeth herself beat the use of sudo into my head during the Sysadmin Workshop class I took from her in '90. I used to hate it, but now I realize the old bird was right about sudo.
The UNIX world has this crap beat by more than a decade, with plenty of published prior art.
- Necron69
Re:Obligatory (Score:5, Informative)
Re:Or not? (Score:5, Informative)
If you think sudo requires a "black desktop", then your knowledge of Linux is at least 10 years out of date.
Re:Or not? (Score:3, Informative)
Compared to Mac OS panics, the Windows BSoD is very primitive -- which is surprising, because BSoDs were once pretty common, and kernel panics on Mac OS X have always been very rare. You'd think Microsoft would have put more effort into it. Yes, I know BSoDs are rare nowadays, but faulty hardware can take any machine down, and it's nice to get such a clean experience from it.
Re:UAC == *TERRIBLE* Security Idea! (Score:2, Informative)
Yes you can.
Re:UAC == *TERRIBLE* Security Idea! (Score:3, Informative)
First, you can open Control Panel and run most of the applets there without triggering a UAC warning.
Next, the UAC warnings aren't all that common once you have your machine set up and running. The exception there is the power user that actually tinkers with the system at an administrator level quite often, but for the normal user who just runs apps all day - they won't see a UAC prompt at all. If you want to disprove me - just list for me the normal user actions that trigger a UAC prompt, I dare you.
Lastly, how do you figure UAC is actually a bad thing and disabling it will improve your security? The far more reasonable approach is to stop using applications that need the privileges that UAC actually protects. In your world, apparently you should run everything as root on Linux as well because, well, sudo is just far too much of a pain to use when you're tinkering in
Leave UAC enabled. Stop running bad applications (if you must run Vista at all).
Re:Obligatory (Score:5, Informative)
The patent is for a heirarchical security model where there are multiple levels of access not the all or nothing of sudo. Only the most privileged is like sudo, the other intermediate levels have some level of system access, but not all. It's kind of like capabilities, but a lot more limited since each higher level of security has access to all the lower levels. Fascinating and I can see why the patent was granted (I hope there's clear prior art in an MLS system of the day or even VMS, SYSPRV and SETPRV are close, but I'm not sure).
Re:Obligatory (Score:3, Informative)
Sudo is a single quick and convenient mechanism for utilizing the security features that are built in to the Unix permissions system. It is not the entirety of the Unix security model.
Re:Obligatory (Score:3, Informative)
The patent is for a heirarchical security model where there are multiple levels of access not the all or nothing of sudo.
Spoken like someone who has never run visudo.
The sudoers file format [apple.com] offers a lot of flexibility---hardly an "all or nothing" design.
Re:UAC == *TERRIBLE* Security Idea! (Score:3, Informative)
If you don't have anti-virus, how could you know that you are clean? Some (most?) viruses do not throw up giant announcements like "We are proud to announce that you are now infected with the latest XYZ/Win32 Virus". They could just sit there, silently sending your keystrokes to their creator.
Sudo no! TiVo yes! (Score:3, Informative)
Let me try to make this clearer, since noone seems to understand what they've patented. Sudo, ACLs, Unix Groups, Capabilities are not what is covered in the patent. The patent does cover something like TiVo. You can be root on your machine, but you are not allowed to change the operating system. The patent does cover something like the PS3, you can install Linux and be root on your machine, but you are not allowed access to the whole system. Moreover, that is exactly the language used in the patent to describe their invention - an OEM who wishes to restrict certain privileged operations on their system from an administrating end-user.
*Sudo is specifically not covered. Sony PS3s and TiVos are.
Hope that helps.
Re:Obligatory (Score:3, Informative)
The problem is that when Microsoft includes security features that replaces third party software, people scream monopoly. When they leave these holes open to be filled by third party software, people say it's weak. So, it's weak. If your friend insists on downloading cracks or doing whatever it was to get backdoored, tell him to run ProcessGuard. It prevents protected applications from being modified. It can stop attackers from getting a foothold in most cases. That is, if you start fresh and train it correctly in the beginning.
Re:Obligatory (Score:3, Informative)
Re:UAC == *TERRIBLE* Security Idea! (Score:3, Informative)
Wait... the first launch of a Microsoft OS tried to do something that requires administrative privileges? Like, oh, setup devices? Or configure a network connection?
Call me shocked. Next think you'll know, Linux will require you to type in a password when you log in.
Vista, like most MS OSes, needs a full cycle or two to configure itself to its machine. I ran the beta for a few months on my laptop (it's inevitable that someone will ask me about it, so I it was worth the cost of "free" to learn.) Once everything's setup, UAC simply did not launch unless I installed something new.
The best thing about UAC is that it's user-agnostic; even if you're an admin, you still need to explictly grant it. Which means that you hardly have a reason to run as admin.
UAC isn't "sudo" (Score:3, Informative)
In Windows, you type in a command, get "permission denied", and... crap. There is no "sudo". Instead, you have to find a shortcut to a command prompt, right-click and select "Run as administrator", confirm the UAC prompt, change back to whatever directory you were in, and then run the command. It's a huge pain for people who work from the command line.
Re:UAC == *TERRIBLE* Security Idea! (Score:2, Informative)
What file & registry locations is it writing to, or special user privileges is it leveraging, to cause UAC to fire?
Have you googled about this? There are several solutions documented out there, which is to force XFire to always run in a privileged mode from the get-go, so it doesnt require elevation.
X-Fire triggering UAC isnt something 'useless' about UAC, its X-Fire doing things to your computer that would be 'really bad' when done by malware.
Re:UAC isn't "sudo" (Score:4, Informative)
runas
From the command line.
Let's ding them for their legit flaws, not stuff we make up.