Vista's User Access Control

UAC Keeps You Safe While Using Vista

Introduction

With the release of Vista there have been many new security aspects in the operating system. One of the most talked about features is User Access Control or UAC. UAC has gotten a lot of bad press, but I disagree with them. Here is a quick run down on UAC and why it is a good thing. In the not to distant past, users of Windows would find themselves logged on automatically as an administrator when setting up Windows XP. If you install XP and do not join a domain, the default user you create has full administrative privileges and can access all aspects of the computer operating system.
What’s the big deal you ask?
Many computer users found it convenient to never have to elicit the help of the IT team to install a new software application or reconfigure the Windows registry or change the system clock. While convenient for the computer user, in a small company the effects can be devastating for two reasons.

1. Inadvertent Experimentation

Many users consider themselves Power Users and editing the registry or installing new drivers is old hat to them. However, problems arise when the latest drivers for that new video card are in beta only and have known issues with the accounting software you are also running. This causes the system to crash repeatedly. The user now loses productivity as hi system has to be rebuilt. In a smaller organization, this might actually mean installing from scratch as opposed to an imaging process. That equates to lost time and productivity.

2. Personal Use of Corporate Computers

This second reason is a little more ominous. Many users tend to use their work computers as their own private portals to the Internet. Surfing inappropriate sites, checking stocks and downloading bit torrents at work is fast becoming a major security issue. When a user downloads executable code such as a script or even a screen saver and then runs the code they are doing so as the administrator of the computer. If the code is nefarious, it get’s a bump start on its road to destruction as it does not even need to try to escalate its privileges as it is running as administrator already. The potential for loss and breach of security is huge. Microsoft has long touted the benefits of running as a non administrative user on a system. Until now it was impractical for many users and cumbersome. UAC was defined to address these shortcomings.

UAC Explained

User Access Control (UAC) which is enabled by default in Vista allows standard users (non administrators) to complete both standard and administrative tasks (if they have the administrative credentials on hand) without having to log off. Very similar to the ‘su’ command in Linux. The process works by assigning two security tokens to a logon. One token contains group membership information and the second controls the authorization and access data. Until Vista there was only a single token which stated what a user could do. It was all or nothing. With User Access Control (UAC) even administrators must provide acceptance for various tasks. For example, the user of a computer wants to add a file to the Startup Menu to begin a chat application at start up. This function is trying to write to the registry and will cause UAC to request access even if the user is the administrator. When the user attempts to create the shortcut they are presented with a similar screen. The only difference between a standard user and administrative user is that the latter will not be prompted for credentials.
While it may seem cumbersome at first, UAC prevents applications from writing to the registry inadvertently with out the user’s knowledge. It also prevents applications from installing without a user’s knowledge.
Some articles have said that UAC is in fact security vulnerability because by default users are still by default administrators when their account is created. True. But they will still need to use UAC to install program, perform system maintenance or run some applications. However, the onus is still on the owner to be using the correct account. Microsoft can’t do that for you. At the end of the day operating system and software application vendors can only do so much, computer users need to be aware of proper secure practices.
Some users complain that it is annoying having a popup extended every time they open the control panel. But let’s think for one moment. Let’s take the majority of users of systems. Standard everyday computer users. How many times a day to most users have to open MMCs, adjust video settings or monkey with the registry? The fact is, once the system has been configured, most users will probably not have to even see the popups. Even when I run my system in Admin mode I leave the UAC turned on as a secondary measure of security. This way I am notified when when operating system or a software application is doing a task that should have my approval to proceed.

Conclusion

I like to know what my system is doing and UAC is a great mechanism to allow me do that. For the average user, it may be cumbersome at first, but that will be up to a company’s security team to determine the benefit. Personally, I would enforce the UAC as an education experience to show users exactly what they are playing with and the ramifications of their actions.

Top 10 Reasons Security Pros Might Want Vista

Is Vista Under Your Christmas Tree?

1. Engineered for Security

Vista is the first operating system from Microsoft developed end-to-end with security as the focus. Microsoft is working toward Common Criteria (CC) certification with the goal of achieving an Evaluated Assurance Level 4 (EAL4) and Single Level OS Protection Profile certifications. Security from the ground up is not a bad place to “Start Me Up.”

2. Internet Explorer (IE) Protected Mode

This feature is only available in the Vista version of Internet Explorer 7 (IE). Protected mode does not allow other applications to access Internet Explorer. I worked on an application for Windows XP that hooked IE that could capture the data during a FORM POST even over SSL. Nice to know the bad guys can’t do this anymore, as long you run in protected mode.

3. Windows Defender

Anti-Spyware built in! When looking at friends and family PCs I find them full of malware. Windows Defender is a good start in protecting your computer when surfing the wild sections of the Internet.

4. Windows Firewall with Advanced Security

All the great features of the firewall in Windows XP SP2 with the added protection of securing outgoing traffic. The firewall also has an option to disable all incoming connections, especially useful when connecting to a high risk network like a free wireless network or a hotel network.

5. New Logon Architecture

New methods and APIs for independent software vendors (ISVs) and developers to build their own authentication methods, such as biometrics or tokens, by writing credential providers. This can open unique methods of authenticating to your Vista PC. As a software developer I find this very interesting.

6. Windows BitLocker™ Drive Encryption

BitLocker provides full disk encryption. This protects the operating system, boot files and all the data on the hard drive. Computers with a Trusted Platform Module (TPM 1.2) heightens the protection of user data, and helps to ensure that a client computer running Windows Vista cannot be tampered with while the system is offline.
This is a very useful feature for laptops. Lost and stolen laptops can cause serious business issues, especially when those laptops contain intellectual properties or private customer data.

7. Windows Service Hardening

Windows Service Hardening restricts critical Windows services from doing nasty activities to the file system, registry, or network. This protects the operating system from malware being installed or by compromised Windows Services. I will be watching the security bulletins for this exploit. Will there be security issues in Vista that are mitigated by this feature? Time will tell.

8. Improved Encrypted File System (EFS)

Under Windows XP, EFS was good at protecting your data, that was about all. Doing anything fancy became complex and cumbersome. One major downfall with the previous version of EFS was the difficulty storing the EFS certificates on a smart card. This now works! An interesting feature as well is the page file and cached offline files can now be encrypted.

9. Windows Security Center (WSC)

WSC is a method for third party software and web sites to query the security state of a computer before interacting with the computer. For example, a bank web site could make sure you have anti-spyware and anti-virus software with up to date signatures before allowing you to login to your online banking.

10. Device Control

Today’s USB drives can now hold 4 gigabytes of data, this is basically a whole DVD of data. This has been a security headache for a long time. Employees walking out of the office with all the company secrets on USB drives, ouch. Now there is a group policy setting that disables USB drives from being accessed in a corporate Vista PC.

Conclusion

I have been using Vista since Beta2. I am now running Vista Ultimate thanks to my MSDN subscription. I have been enjoying Vista and as a security pro, looking at ways that it can help the security of a small/medium business. Vista rolls many security features into an operating system which allows Vista to worry about the security and you worry about your business. Christmas Time
The 11th reason is not about security but the enjoyment of using your computer. It may be more secure, but is it Christmas time and it is time to relax and enjoy your family, friends and some downtime with your computer (geek out!). Vista sports the new glass interface which gives the environment a very solid feel. With Windows Media Player your can enjoy DVDs, music and last year’s Christmas Video. The upcoming DirectX 10 games will defiantly be a blast.