H
Hansjörg
Guest
Hey all,
just installed the latest version of Winamp (the old ones have a serious bug
in streaming that will allow to attack the machine - go for the latest
version or remove).
So also installed it on my sons machine (Vista). He is certainly not
Administrator and UAC is certainly active. Started setup, get the credUI as
expected, entered admin credentials, setup works fine.
But now there is this last page with a checked checkbox "Run Winamp now on
Exit" (yes - AOL WANTS you to run this program...).
OK - here is where the problem starts. What security context will actually
lauch Winamp when i click the "Finish" button?? Think once, think twice....
AAAAHHHH the security of the admin that executed the setup, as all processes
spawned from this security context will inherit it's security context -
which is a fully elevated real administrator security context.
If you leave this option checked then you will hand over a admin context to
a non admin user and he/she/it/mixed will be able to do whatever the program
will allow him to do - ACCCESS ALL AREAS.
So what can we do about this?
- Take away the check certainly - it's easy, it works, you forget it sooner
or later (or if you have not read this you will not even know it)
- Give those people that create setup programs feedback that in the days of
UAC such an option is not what we want
- @MS: if you detect a setup program and automatically ask the user to run
int elevated check after the setup finished that there are no more processes
active that have been spawned from the setup process or one of it's child
processes. In case that such a process is still running a) kill it silently,
b) tell the user c) write a log to the security event log d) let Steve
Ballmer talk to the company who created the setup ;-) (option d can be
combined with a) to c)
Certainly all "First run..." activities will also be executed in the admin
context. And I think even the authors of the setup do not want to
personlaize the administrators account but the real user account.
Hope this post will help you to have a more secure Windows experience.
Hansjörg
just installed the latest version of Winamp (the old ones have a serious bug
in streaming that will allow to attack the machine - go for the latest
version or remove).
So also installed it on my sons machine (Vista). He is certainly not
Administrator and UAC is certainly active. Started setup, get the credUI as
expected, entered admin credentials, setup works fine.
But now there is this last page with a checked checkbox "Run Winamp now on
Exit" (yes - AOL WANTS you to run this program...).
OK - here is where the problem starts. What security context will actually
lauch Winamp when i click the "Finish" button?? Think once, think twice....
AAAAHHHH the security of the admin that executed the setup, as all processes
spawned from this security context will inherit it's security context -
which is a fully elevated real administrator security context.
If you leave this option checked then you will hand over a admin context to
a non admin user and he/she/it/mixed will be able to do whatever the program
will allow him to do - ACCCESS ALL AREAS.
So what can we do about this?
- Take away the check certainly - it's easy, it works, you forget it sooner
or later (or if you have not read this you will not even know it)
- Give those people that create setup programs feedback that in the days of
UAC such an option is not what we want
- @MS: if you detect a setup program and automatically ask the user to run
int elevated check after the setup finished that there are no more processes
active that have been spawned from the setup process or one of it's child
processes. In case that such a process is still running a) kill it silently,
b) tell the user c) write a log to the security event log d) let Steve
Ballmer talk to the company who created the setup ;-) (option d can be
combined with a) to c)
Certainly all "First run..." activities will also be executed in the admin
context. And I think even the authors of the setup do not want to
personlaize the administrators account but the real user account.
Hope this post will help you to have a more secure Windows experience.
Hansjörg