Windows 7 — first impressions

[MilesAhead]

MilesAhead: you might not be able to directly read the password in plaintext, but since it's an automated method, what stops you from simply copying the encrypted password and using the sudo tool to launch other stuff?

-f0dder (December 03, 2009, 04:11 AM)

What stops you is the algorithm isn't that simple.  Your password as well as the program/batch commands executed are calculated into a string that's unique for each shortcut created(unless perhaps you created identical shortcuts.)  The server decrypts the password and the info about the command and matches them up.  If you made a batch file with "del c:\windows\temp\*.tmp"  and then used the password string generated with a shortcut that used the command "del c:\windows\system32\*.dll" it would not work.

The author said it's not bullet-proof but it's something.  If we really want to get into it, typing in the password by hand you could have a key logger or even a listener for electronic noise that would know which keys are pressed.  Depends how paranoid you are.  Don't use the automated method for anything really critical. It's just a convenience.  Back then there weren't a lot of utilities such as CCleaner as I recall.  You pretty much did it manually.  There's exponentially more freeware available these days.


Anyway, I'm just going from memory back in the 1990s. I think the programmer gave up on it around 2005 or so. On most machines the gaping whole in security is the computer case.  Rip it open.  Take HD.  Info gone.

[f0dder]

Ah, hashing the command and using that as part of the encryption key at least makes the very-trivial attack impossible - at least that's something.

[MilesAhead]

Ah, hashing the command and using that as part of the encryption key at least makes the very-trivial attack impossible - at least that's something.

-f0dder (December 03, 2009, 01:16 PM)

Like I said, it's a convenience for taking out the trash.  Not something to connect to your bank account.

[J-Mac]

OK - only three days on Windows 7 and already I am turning UAC off. It does NOT only pop when an installer is started; it pops every time I open Everything, and many times again when I simply try to maximize Everything from the system tray. Same thing for Chameleon Startup Manager, and a few others. I tried setting them as opening with admin rights, didn't help w/the popups.

There is no reason for me to be irritated in this way. Sorry folks, I've read about as much as I can on UAC, but it's getting the fourth option here.

Jim

[4wd]

OK - only three days on Windows 7 and already I am turning UAC off.

-J-Mac (December 10, 2009, 11:10 PM)

Wow, you really stuck it out....it lasted all of 60 minutes on my machine.

And it's extremely annoying how things just do not want to work under Win7, whereas they work fine under XP with a minimum of fuss.

eg. I have a G15 keyboard, I run LCDMisc, (Run As Admin), to provide feedback as to what a daemon is doing on another machine on the LAN - it also uses the multimedia keys to control the daemon.  Works fine under XP, push a key the daemon stops, push it again it resumes.

On W7 it just happily ignores the keys, I don't use the default firewall and LCDMisc has full access through Outpost - I'm sure this will turn out to be something really simple under W7, I just have to have the patience and time to work out what but in the meantime it's just really annoying.

[J-Mac]

Annoying it is!

I think I might have to reinstall the damn thing. Not sure which app did this, though I suspect one of two - CloneCD from Slysoft or, believe it or not, Thunderbird 3 - but one of them borked the system something awful. Had to go into safe mode and ended up restoring a System Restore point. Decided it was probably CloneCD so I went ahead and installed T-Bird 3 again and got the same problems. Basically the system, after restarting, wouldn't go any further. Couldn't access the taskbar or anything else. Spinning thing stayed forever, and no activity according to the lights on the case. Tried bringing up the Task Manager and the screen goes dark. So, started in safe mode again, uninstalled T-Bird 3, and restarted yet again. All seemed OK except the resolution was not quite restored correctly. All icons smaller, text in all programs way too small. Resolution values are correct: 1920 x 12xx (forget exactly), but text/icons off, and I cannot get them back like they were before all this, which was just the damn default that Win7 set up. Setting text size is a percentage. I have it set at what is the claimed default, 125%, but it is still too small, and that's after logging out/in, restarting... Just can't seem to make it like it was. Damn it!

BTW, during all that stuff above, Windows performed a system repair after the first time in safe mode - that's actually when the text size got screwed up. If it were XP I'd have it sorted by now, but Win7 doesn't have everything in the same place, plus it doesn't want to let me do much of anything on my own. F**king presumptive bastards!

Do I sound a little, tiny bit pissed?   

Jim

[Innuendo]

It just occurred to me why some people are having such battles with UAC while I have none. It may be that I have removed one of UAC's most annoying traits when launching apps. In the world of UAC the C: drive, and especially the C:\Program Files\ directory, are sacred areas of the hard drive as far as UAC is concerned and it's more hyper-vigilant monitoring your C: drive (and C:\Program Files and C:\Windows) than it is when monitoring other drives and directories.

I've always (even back in the days of Windows 95) installed everything to D:\Program Files. Tons of programs that will throw up a UAC prompt when installed to C:\Program Files won't utter a peep when installed to a different hard drive.

[Carol Haynes]

You might be on to something there - I usually install to D:\Program Files when an installer gives the option and I am not plagued by UAC prompts either.

[f0dder]

Yes, Program Files has proper NTFS permissions set, which is why UAC pops up when poorly programmed applications try to write to their install folder

As for Everything popping up an UAC prompt, that's quite natural as well: it reads the MFT directly, which isn't something you want just any application to do... if Everything had been properly designed, it would consist of a service backend and a GUI frontend.

[Josh]

Exactly! Do not blame UAC for poor application programming. Any modifiable files should be stored in the %appdata% folder of the users profile. Writing to program files is a poor habit spawned by years of Win9X/ME and running as an admin profile in XP/Vista/7/2K

[Stoic Joker]

I had to go into Control Panel to check ... I get prompts so seldom I keep forgetting UAC is on.

[J-Mac]

f0dder, Josh:

I can't seem to use the "quote" button here now - tells me it cannot complete verification, so anyway this is on reply to your most recent posts above:

I don't give a flying **** if those two apps are "poorly programmed" as you two call them. Chameleon Startup Manager and Everything have worked flawlessly for me since I first discovered them - here on DC as a matter of fact! They perform their respective functions exactly as promised, and are exactly what I wish to use. And the two of you are going to tell me that I'm using crapware? Bullshit!

What have they programmed so poorly? Their apps work very well. Is it that they did not add in code to satisfy the UAC program? If that is all they have done so poorly, then I can live with that. If one or both suddenly - after all the use I have given them - rip up my system, well then it's on me. I paid for this damn OS, I paid for the computer and all associated hardware connected to it. And I'll damn well run whatever I please on it, Microsoft be damned... and worse if need be! What do you suggest? That I look around and find something that might be able to replicate what those two apps can do but also made a point to go get their Microsoft Logo Certs? Not me.

Hey, I run only licensed software, I pay for every damn app I use regularly - whether by price or by donation (and I'll match my total donations to independent developers, and not just here at DC, against anyone here) - and I run my machines with licensed Anti-Virus, Anti-Spyware, plenty of diagnostics and system monitors, and I try to practice smart and safe computer usage. I usually customize my systems, but only within my capabilities; I don't download a lot of crap from torrent sites and cross my fingers that they aren't so dirty that they infect my refrigerator, TV, and washer and dryer, too  (  ). But I will not abandon the use of some of my favorite utilities and go buy certified ones because they fail in only one single aspect - getting by Microsoft's admitted "annoyance" alert program UAC.  Ain't happening!!

And dat's da truth...   

XXOO

Jim 

[Carol Haynes]

I use Everything on all my computers (XP, Vista, 7) and never see a UAC prompt (and yes it is enabled).

You just have to setup how the app starts via the task manager (as already mentioned). ANd yes the only reason you have to do this is becuase Everything uses none standard methods to access the filing system and MS quite rightly wanrs you of this if you aren't running in purley admin mode.

At the end of the day the choice is there - if you don't like UAC turn it off. Going back to Windows XP because it is isritating is plain stupid - there is no UAC in XP, so you may as well have no UAC in Vista/7 - at least then you get a better firewall.

[Stoic Joker]

The Edsil was a fine car...but you can't buy one today because they failed to keep up with the changing times. Much so with software. The secure computing environment has changed radically in the past 5 years, and some folks have just spent too much time dragging their feet. They seem to be coding like they're hoping the good ol' Win9x security-less days will return ... and they will not. This is neither good, nor bad, it simply is.

UAC was designed has a half-step to ease people out of the (extreemly dangerous) habit of doing everyday tasks with administrative rights. Many (if not most) of the apps that trigger UAC repeatedly will be just as ill behaved if run in a standard user account.

Hell it took me 5 years to get T-Clock to behave the way I wanted it to, but it had to be done if I was going to be able to continue using it on the newer more security oriented OSs.

[J-Mac]

Carol, Stoic: I didn't say I was going back to XP!! Nothing that drastic. And I am using the user account that was automatically setup for me by the system. I believe that has admin privileges when needed to elevate an app but most of the time does not use them. And I think that is indeed a great idea. About three PCs ago - which would be five or six years I guess - I was using the Administrator account. At the time I didn't realize how dangerous it was. The system - either HP Pavilion or Dell Dimension, can't remember which specifically, was preset-up that way and I didn't know enough to change it. When I did learn I started to change it but do you know how hard it is to set up a new user and then actually use it? Clean desktop, none of my apps available to me. All would need to be uninstalled/reinstalled according to their support people, so I left it like it was for another six months till I got a new 'puter.

I prefer it like it is now, though I am certain there are people who still prefer to use Admin account. Their loss, if you ask me. Inexperienced users wouldn't know how to switch and use the Admin account for the most part. UAC is supposedly aimed at such inexperienced users. Anyway, mine is now off. 

Jim

[Stoic Joker]

In my field I frequently run into vertical market software that is exorbitantly priced, slapped together, and rushed to market (prime offenders for permissions headaches). (Client needs security but can't afford update...) So for simplicity's sake I have reset the NTFS permissions on only the program's install directory, which leaves the rest of the system's security intact but lets the program run for users with out making the Admins. Surgical strike as opposed to throwing the baby out with the bath water.

Just a thought

[J-Mac]

And then there are some developers who are apparently trying but it simply isn't working. I use - or use to use up till a few days ago - ACDSee Photo Manager 2009. Worked fine on XP and Vista, but won't work for many on Windows 7. For months ACD Systems was totally silent on the problems but recently they finally posted a warning that the program isn't working for "some users" on Windows 7. However it is certified as Windows 7 compatible by Microsoft. If you had looked at the Windows 7 Compatibility page for ACDSee just a few days ago it showed ACDSee Photo Manager 2009 as fully compatible. Yet some were claiming that the number of users who could not use it on Win7 exceeded 50%, though I don't know of any valid statistics on that. Suffice it to say that the ACDSee forums and other image software-related forums have a heck of a lot of posts about it. It seems that after installation the software runs fine the first time. Then it never runs or runs poorly and usually crashes the system every time after that. Something to do with the file locations and permissions that it uses. Microsoft says it "should" work, and indeed it does for many. But it crashes a lot of folks also.

Anyway that program stayed on the compatible list for months and was just removed yesterday or the day before. Now it shows ACDSee 10 as "Coming soon". Which means I guess that they are not going to fix whatever is causing problems in the current version. And that isn't he only developer with issues like this. So ACDSee gets by UAC because it is officially pronounced as OK, while others, mostly from private developers who can probably least afford the additional programming, get honked by UAC every time. It needs work. No one should need to either install all programs to a different drive than C:\, nor set up programs to start as scheduled tasks to get around this "annoyance".

Jim

[Carol Haynes]

All a developer has to say to a customer is 'cheange the permission in the shortcut that starts the app'. You can easily set any app to avoid UAC if you need to.

Personally I think it is a good idea that MS have put an obstacle in the way of sloppy software writers. At least the user knows that poorly coded software needs elevated privileges to run properly and have the choice of saying 'yes I trust them' or 'no I don't' on older systems the user is blissfully unaware.

Having said that I presume MS certified that ACDSee was Win 7 compatible because ACDSystems are big enough to cough up for the certification. I don't know how much test MS do on software to get into their list but I bet it isn't much more than run the installer and see if it works.

What I don't understand is why MS didn't simply make the choice of making all new user accounts default to user level security (and they could have done that back from Windows XP). Most of these issues would have been ironed out long ago. Seems to me that they are too lily livered to do the write thing so they introduce UAC as a kludge to fix something that isn't basically broken - just a bad choice.

[f0dder]

Poorly programmed isn't the same as crapware. In this case, it's about not following design guidelines that have been around since, oh I dunno, NT4 or so. It's not about "satisfying the UAC program", stuff throwing UAC prompts simply wouldn't have worked on XP (or win200 or NT4 or anything non-Win9x) when not running with an account with administrative privileges.

And for the case of Everything, it's perfectly fixable: as mentioned before, the program needs to be split into a service running with admin privileges that have access to the MFT, and a GUI frontend that runs privilege-less and communicates with the service. Presto, problem solved. It's been the proper way to handle this kind of thing at least NT4 (I don't have experience with pre-NT4.)

ACDSee breaking probably has nothing to do with UAC but everything to do with poor programming practices... hardcoding locations, doing tings in nonstandard ways, whatever.

What I don't understand is why MS didn't simply make the choice of making all new user accounts default to user level security (and they could have done that back from Windows XP). Most of these issues would have been ironed out long ago. Seems to me that they are too lily livered to do the write thing so they introduce UAC as a kludge to fix something that isn't basically broken - just a bad choice.

-Carol Haynes (December 11, 2009, 07:40 PM)

I agree fully that MS should have made the default user non-admin a long time ago - preferably at the time of Win2000, and definitely no later than WinXP when people really started migrating from Win9x. Also, WinMe should never have seen the light of day, Win98 should have been the last 9x Windows.

I find UAC to be a pretty nice system, though - the alternative would be having to run applications in admin mode and always supplying an admin password in order to be able to do so...

[Carol Haynes]

I find UAC to be a pretty nice system, though - the alternative would be having to run applications in admin mode and always supplying an admin password in order to be able to do so...

-f0dder (December 12, 2009, 12:46 AM)

UAC is just a poorly designed fix - it is slightly less poorly designed in 7 than Vista but nevertheless it is and always will be an excuse for not doing the right thing.

Few, if any, user level applications NEED admin rights to run and if they do they can be written properly so that the relevant parts can be elevated to admin status during setup.

How about having a system similar to secure layer certificates for website so that any application requiring elevated privileges has to have a certificate (not necessarily from MS) so that you can clearly identify the source of the software. If SSL cert providers broadened their scope to include this kind of cert then it wouldn't cost developers much to certify their apps and it would be a real incentive to get the apps correct in the first place. Multiple certs for different applications from the same developer could be very cheap because the initial identification would go through with the first registration.

There could be an exception (UAC style) just for installation so you don't have to log out and login as an admin user to do that. But then the installers would need to be certified to run at that level.

[f0dder]

UAC is just a poorly designed fix - it is slightly less poorly designed in 7 than Vista but nevertheless it is and always will be an excuse for not doing the right thing.

-Carol Haynes (December 12, 2009, 05:37 AM)

I don't agree fully with that - it has some problems at the API side, but IMHO it's basically A Good Thing. Even if all poorly written software was fixed to follow the Windows coding guidelines, there'd still be a bunch of applications legitimately requiring admin privileges... requiring every such application to be split into a service and an end-user UI is overkill.

Few, if any, user level applications NEED admin rights to run and if they do they can be written properly so that the relevant parts can be elevated to admin status during setup.

-Carol Haynes (December 12, 2009, 05:37 AM)

Yep, apart from installation, most user level applications shouldn't ever need admin privs.

How about having a system similar to secure layer certificates for website so that any application requiring elevated privileges has to have a certificate (not necessarily from MS) so that you can clearly identify the source of the software. If SSL cert providers broadened their scope to include this kind of cert then it wouldn't cost developers much to certify their apps and it would be a real incentive to get the apps correct in the first place. Multiple certs for different applications from the same developer could be very cheap because the initial identification would go through with the first registration.

-Carol Haynes (December 12, 2009, 05:37 AM)

Interesting idea, and applications have had AuthentiCode signing for quite a while now (though usually you only see it for installers and ActiveX objects). I'm not a super big fan of whitelisting in this context, though... it would definitely have some good uses, but there'd be the risk of opening up backdoors, and crappy software vendors would just require an UAC exception to be added, rather than fixing their software.

[cmpm]

in XP I always was running in admin mode
still got a prompt to allow an install
but not of drivers within the install like W7

now with UAC turned off
I still get the driver prompt/warning
which is good

I never had a problem with programs trying to install without me clicking install. XP or W7.

I wonder if UAC would catch opencandy.
That would be a good test I think.
But I won't try it.

[Carol Haynes]

How about having a system similar to secure layer certificates for website so that any application requiring elevated privileges has to have a certificate (not necessarily from MS) so that you can clearly identify the source of the software. If SSL cert providers broadened their scope to include this kind of cert then it wouldn't cost developers much to certify their apps and it would be a real incentive to get the apps correct in the first place. Multiple certs for different applications from the same developer could be very cheap because the initial identification would go through with the first registration.

-Carol Haynes (December 12, 2009, 05:37 AM)

Interesting idea, and applications have had AuthentiCode signing for quite a while now (though usually you only see it for installers and ActiveX objects). I'm not a super big fan of whitelisting in this context, though... it would definitely have some good uses, but there'd be the risk of opening up backdoors, and crappy software vendors would just require an UAC exception to be added, rather than fixing their software.

-f0dder (December 12, 2009, 06:14 AM)

I wasn't thinking white listing so much but rather accountability. If something similar to SSL certs were required it would force developers to identify who they are and how to contact them. If they are identifiable then it will cut down on the crapware and malware that  wants admin access level to be malicious. The good thing about SSL certs is that they are only issued when you provide concrete proof of who you are and where you are - that way if any problems arrive the license can be revoked and for malware pedlars they can be prosecuted.

[f0dder]

Carol, AuthentiCode already lets one do that - afaik it's the same process as SSL certs (plus a bit more?), CAs are definitely involved.

[Carol Haynes]

Yes you can do that but what I am suggesting is that it beo=come mandatory and that only applications with such a certificate be allowed to install if they require admin access level. Either that or a massive warning pops up warning users that they are installing or running something that requires admin rights but it comes from an untrusted source.

Anything really to force the hand of developers to sort out the issues people are encountering and to stop everyone blaming the operating system for developers poor coding practices.