Author Topic: Shameless Plug  (Read 7969 times)

0 Members and 1 Guest are viewing this topic.

Offline Skywing

  • Full Member
  • ***
  • Posts: 139
    • View Profile
    • Nynaeve
Re: Shameless Plug
« Reply #15 on: May 23, 2007, 10:49:23 am »
Again, you should not be elevating programs run from a location where a plain user can write to them.  Modifying the main .exe might cause the signature check to fail, but this not something you should be relying on exclusively (consider that, for instance, a dependent DLL in the same directory could be altered).

If you continue to view UAC as something designed to provide complete protection against malware, then yes, you'll have no difficulty in finding holes by virtue of design decisions.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Shameless Plug
« Reply #16 on: May 23, 2007, 11:11:25 am »
I think that it should be more publicized that UAC doesn't provide complete protection against malware, because I got the opposite impression from marketing stuff. I wonder if they'll make token moves to try to fix this type of issue as it comes up?

But the idea behind the attack I just mentioned is that it would wait until you downloaded a file, such as setup.exe, from some site. Somewhere between downloading it and running it, the virus would infect setup.exe.

I can't think of any way that UAC could protect against that type of attack, it's pretty much hosed there.

Offline Skywing

  • Full Member
  • ***
  • Posts: 139
    • View Profile
    • Nynaeve
Re: Shameless Plug
« Reply #17 on: May 23, 2007, 11:37:50 am »
I agree with you completely; good luck in getting Marketing@Microsoft to take the correct approach, however, especially after the fact.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Shameless Plug
« Reply #18 on: May 24, 2007, 06:08:10 pm »
I wrote another blog about a similar issue with Sudo, and, in general, about why it is hopeless to prevent malware this way. Once this goes through, I might write a third blog talking about why, in more abstract terms, this problem won't be solved on the current user-separation paradigm. PR has the blog right now, hopefully they'll approve it (I'm sure they will), then I'll post a link to it here.

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Shameless Plug
« Reply #19 on: May 27, 2007, 03:13:10 am »
Well, it's two days now. Any word back from them? That'd be an interesting read, since I tend to care more about Linux than Vista.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Shameless Plug
« Reply #20 on: May 27, 2007, 10:34:01 am »
They haven't said no yet, so it's likely good to go. We post one/day and I'll let you know when mine gets to the top.