Reworking UAC

Predictably, one of the most common complaints about Vista was the User Access Control (UAC) feature, which firmly established a real degree of security in Vista by blocking applications from attaining administrator-level privileges by default. It was something that was long overdue for Windows given how easy it is to compromise a machine when everything runs with admin privileges, but that doesn’t mean it was taken well.

Half of the problem going into Vista’s release was that few applications were coded following best security practices, even though Microsoft had been recommending such a thing for years, and such practices were necessary for applications to work correctly under limited user accounts. With so many poorly coded applications misbehaving under Vista until they were brought up to spec by their developers, it left a bad taste in the mouths of many. Compounding the problem was that Vista’s UAC implementation was not streamlined very well, resulting in redundant notices. Microsoft resolved some of the streamlining issues in Vista SP1, but this never completely satisfied users who were expecting a more XP-like (and insecure) experience.

With Windows 7 we have an attempt at a compromise, which is a noble intention by Microsoft, but leaves us concerned about the security implications. Previously UAC could only be turned on or off (Group Policy settings not withstanding), which would sometimes result in unhappy users shutting it off and giving up most of Vista’s security abilities in the process. With Windows 7, UAC has now been divided up into four levels: Off, followed by three levels of increasingly strong security. Level 3 is the equivalent of Vista’s UAC mode, meanwhile Level 2 is the default setting for Windows 7. With Level 2, certain signed Microsoft applications (basically most of the Control Panel apps) are allowed to elevate to administrator privileges without needing user confirmation. The working belief here is that most people are encountering most of their UAC prompts when initially configuring Windows, and if they didn’t encounter those early prompts they would have no great reason to turn UAC off entirely, particularly since 3rd party applications are so much better behaved these days.


The UAC Control Panel With Level Slider

Hence the compromise is that UAC prompts are disabled, but only for the Control Panel apps, meanwhile all other regular apps are still controlled by UAC as normal. The concern we have with this compromise is that with applications allowed to auto-elevate from user to administrator, it creates a potential local privilege escalation exploit. For Beta 1, a proof of concept exploit was put together that used rundll32 to disable UAC entirely without informing the user or requiring their intervention. In return Microsoft removed the UAC control panel from the auto-elevating list so that any direct attempts to manipulate it still require user intervention. This blocked the proof of concept exploit while maintaining all the other benefits of Level 2 UAC. It should be noted however that similar exploits could still work with Level 1, as it’s Level 2 without the secure desktop screen (thereby allowing apps to fake pressing the Allow button).

At this point it remains to be seen if Level 2 could be exploited in a similar manner, such as by breaking out of another auto-elevated application and attacking UAC from there. The fact that it leaves an obvious potential attack vector open leaves us leery of Level 2. Microsoft had the security situation right in the first place with Level 3/Vista, and it may have been better if it stayed that way.

With that said, Level 2 does what it’s advertised to do. Compared to Level 3/Vista, you’re going to get far fewer UAC prompts when messing with Windows’ settings. Undoubtedly it won’t satisfy those who absolutely abhor UAC, but at some point Microsoft has done everything they can.

Quickly, the other security element that was reworked for Windows 7 is the Security Center, which has been expanded and renamed the Action Center. Besides being a one-stop-shop for various Windows security features, now it is also home to an overview of system maintenance tasks and troubleshooting help. This doesn’t significantly change the functionality of the Action Center, and the biggest change that most people will notice is the GUI.


The Windows 7 Action Center

Windows Media : New Codecs, New Looks, New Features Libraries and Homegroups: New Ways to Organize and Share
Comments Locked

121 Comments

View All Comments

  • strikeback03 - Thursday, May 7, 2009 - link

    In some things I can understand moving stuff, but there are also some that were moved for no good reason. For example, in XP to get display properties, you right click the desktop and click properties. In Vista there is at least one additional page to click through to get that. Ultimately, it seems to me that MS tries too hard to hide the settings, likely to protect the users who don't know what they are doing, but a pain for the users who do. For the record, I had the same complaint about XP coming from win2000, that whenever you hop on a system that wasn't set to all the classic settings, it is a pain to get around.
  • Jackattak - Thursday, May 7, 2009 - link

    But Strikeback you're talking about probably 10% of the users (power users). The majority of Windows users don't give a crap about modification, and that's who they're "protecting" based on your explanation.

    If you were running Microsoft, wouldn't you find it a small issue that you were "inconveniencing" 10% of your user base by making them go "one page deeper" in order to "protect" 90% of your users?
  • strikeback03 - Friday, May 8, 2009 - link

    Then do like the GPU companies do and have both simple and advanced versions of the interface. Allow them to change one setting to show or hide all the "advanced" stuff across the OS. And put it somewhere easy to find, like the start menu.
  • mathew7 - Wednesday, May 6, 2009 - link

    I'm also a XP-lover. Even in XP I'm using it with classic view (2K view).
    My main problem is removal of old start-menu (cascading menus). I really hate the Vista style-menu.
    Also, I prefer UAC disabled and using run-as different user. Unfortunately (in Beta), explorer would not take the new permissions (launch in separate process was enabled for both users), which means configurations had to be done with admin logon. I have not tried this yet in RC. Also, once UAC was disabled, the UAC menu items (with the shield) were still present with no actions (again I don't know about RC).

    On the other hand, the new taskbar (with previews) and the multimedia settings are good-enough reason for me to switch.
  • ssj4Gogeta - Wednesday, May 6, 2009 - link

    Start menu is one of the best features that were introduced in Vista. It's great on a netbook or a small monitor. You also don't need to move your mouse, just type in the first few letters of the app name. It also searches your documents for you.

    And about that RAM issue, what did you expect? I'm surprised it even runs on 512MB. Even netbooks have at least a gig of RAM.
  • SirKronan - Wednesday, May 6, 2009 - link

    I like the revamped start menu as well. Love instant search!

    But did they add Blu-ray support to Media Center? This has been one of my complaints from the beginning about Media Center. It has to launch a separate program to play Blu-rays & HD DVD's, and I haven't found any way around it short of ripping the movies to a hard disk. I realize there are anti-trust/competitive laws, and I honestly don't mind having to buy PowerDVD or WinDVD to get their decoder, but I want the movie to play back in MEDIA CENTER with all of the interface's great features, like the smooth playback and intuitive controls, guide information, zoom feature (get rid of black letterbox - with 1080p you certainly have enough resolution to scale a tad!), etc.

    Have they added that yet? If not, PLEASE, Anand, ask them to for us!
  • KingViper - Wednesday, May 6, 2009 - link

    Archsoft and the newest version of PowerDVD both have plugins for Media Center..from what I hear. Although Media Center itself isn't actually playing the Blu-Ray..it looks like it integrates well. You might try out the trial versions.
  • chrnochime - Wednesday, May 6, 2009 - link

    Just because netbooks have more ram(and not every one of them has 1G, some has 512MB), doesn't mean the OS should try to gobble up as much as is available. I don't get why every iteration of their OS just keep getting bigger and bigger, with little discernible improvements to the average user.

    and this? "Ultimately, with Microsoft throwing Windows 7 RC1 out to the masses, we can't think of a good reason not to try it."

    Unless they have ways to export the settings in programs and whatever document users have when they were using W7, it'd be really hard to convince the average user to try out just for sake of novelty.
  • KingViper - Wednesday, May 6, 2009 - link

    "I don't get why every iteration of their OS just keep getting bigger and bigger, with little discernible improvements to the average user. "

    Many things an OS is responsible for is not necessarily obvious to the average user. Compatibility with almost all hardware available, including keeping the OS as secure as possible. DX10\DX11 and h264 codecs etc. etc. etc. TONS of stuff is added, but it isn't necessarily used everyday. Of course it's going to get bigger.

    I don't understand how XP users are about as bitter with Microsoft as Mac users are. Can you just not afford a Mac or what?
  • mathew7 - Wednesday, May 6, 2009 - link

    I also would like to say about W7RC and low-RAM:
    Windows 7 on 512MB RAM (desktop Intel G45 MB w/laptop HDD) feels to me like XP din on a 64MB RAM laptop years ago. It's good for internet/light work, but even for that you need patience because of swapping.

Log in

Don't have an account? Sign up now