Microsoft Caves to Users on Windows 7 Security - Page 2

Page 2 of 2

With Windows 7, Microsoft changed the defaults for UAC at what it insists was users' request. The current default in Windows 7 is to notify the user and ask for permission to download a file or install a program only if that action is triggered by a script, but not if the user is clearly interacting with Windows 7 him or herself. This lessens the number of prompts that the user needs to respond to, but makes a tradeoff on the quality of Windows 7's security.

However, what if an attacker could write a script that did a good job of pretending to be a human keying in changes – such as turning off UAC or elevating the script's user rights? That's the rub.

The problems were initially publicized late last week by several blogger developers, including Rafael Rivera and Long Zheng. The second problem, the ability for a script to upgrade its user rights to a higher administrative level, surfaced earlier this week.

"A change to User Account Control (UAC) in Windows 7 (beta) to make it 'less annoying' inadvertently clears the path for a simple but ingenious override that renders UAC disabled without user interaction," said a post on Zheng's blog.

Microsoft officials, meanwhile, insisted that the problems were overblown. "Microsoft’s position that the reports about UAC do not constitute a vulnerability is because the reports have not shown a way for malware to get onto the machine in the first place without express consent [of the user]," said a blog post by DeVaan earlier Thursday [February 5].

A lot can change in just a few hours, though, as the later joint posting reveals.

"The feedback is that UAC is special, because it can be used to disable silently future warnings if that change is not elevated and so to change the UAC setting an elevation will be required," reads the late afternoon joint post.

Just dump administrator access?

Of course, one thing to do is to take advantage of other Windows security features to mitigate the problems. For instance, security management firm BeyondTrust published a report on Tuesday stating that its research shows that 92 percent of "critical Microsoft vulnerabilities" can be ameliorated by simply eliminating administrators' rights from users' systems.

That could be annoying for both corporate and consumer users, however, and defeats one of UAC's goals, which is to reduce demands on administrators' time and enable users to perform some of their own security tasks. For consumers, it means logging off their user accounts, logging into separate administrator's accounts and performing the needed tasks, then logging back in as users.

One leading security expert says that he thinks Microsoft's heart is in the right spot.

"What they're trying to do is improve the usability of UAC," Johannes Ulrich, chief research officer for the SANS Internet Storm Center, told InternetNews.com. "If it frustrates the users, they'll just turn it off."

Perhaps one thing that got Microsoft executives' attention was the fact that Long Zheng and Rivera, as well as others, posted proof-of-concept code to disable UAC in Windows 7. Additionally, they also posted a homegrown fix for both holes.

The Internet Storm Center's Ulrich says there will always be tradeoffs between protecting users and allowing them to have more control of their systems.

"What it would really take is a completely new operating system, but for Windows 7 this is the best you can expect," Ulrich added.