Tuesday, October 07, 2008   
  Search   
 
 
Register  Login  
Forums  
     Minimize  

Welcome to MeraWindows forums.

Thank you for being at the Microsoft Windows Community Site. You may have to register before posting in forums. It's absolutely free. After registering, you can get all the benefits available to our registered members, you can access our Downloads section, you can participate in contests, etc. You can post in forums in English as well as in Hindi, in fact we encourage you to use Hindi in your posts. If you have any problem with registration or login, please contact us.
     
  


 
  Microsoft Windows Forums  Windows Vista  General  New Windows Utility Claims To Bypass UAC
Previous Previous
 
Next Next
New Post 4/30/2008 10:31 PM
User is offline soumya
2770 posts
microsoftblog4u.blogspot.com/
Forum Guru








New Windows Utility Claims To Bypass UAC  

The authors of iReboot, a program that sets which OS you want to reboot into, thought they were really clever when they rewrote their program so that Vista users didn't have to go through a UAC (User Access Control) check every time they ran it. Instead what they did was to make they users' systems vulnerable to attack betray their inexperience with Windows programming.

The authors had a classic bad Windows program to begin with, in that it required Administrator access, but their in accurate assumption was that everyone on XP runs as Administrator anyway. On Vista the default is different, and even Administrators have to click a button to continue when executing privileged actions. So they rewrote their program into two halves, one a user mode interface, and the other a Windows service running in a privileged user context such as SYSTEM. The two communicate using standard IPC (interprocess communications).

They view what they did as programming around UAC, but it's not as clever as they think. In fact, the installer for their program required Administrator access and the user has to consent through Administrator access to the installation of a service like this. This means that the user has to trust the program that they install in this case, whether it's a legitimate service or malware.

Now by the same token, what they've done is the right way to write such a program. If you need to perform privileged actions you should separate them into a secure process, but you need to take proper precautions to secure the interface with that process. The facilities for making it secure, such as user impersonation, are rich and well-understood. In fact, the program's authors later describe, in a comment to the same blog entry, how they used .NET to create the IPC mechanism and how it was really easy and powerful,

I read all the time of people becoming inpatient with UAC, but it's there for a good reason. Even if it's not an actual security boundary, it reminds you that something potentially dangerous is happening on the system and you should consider whether you really want to do it. I run it on all my Vista systems; it doesn't happen very often and I don't resent it when it does. If it's happening all the time to you, maybe you need to think about how you're using your computer.

http://blogs.pcmag.com/securitywatch/2008/04/new_windows_utility_claims_to_bypass_uac.php
 
New Post 5/1/2008 2:45 AM
User is offline Vishal Gupta
6162 posts
www.AskVG.com
Ultimate Member








Re: New Windows Utility Claims To Bypass UAC  

lol. What a noobish programmer. Can't stop laughing.

Microsoft Windows MVP

Tweaking with Vishal

How to Use Smiley Code in Forum?
Promote MeraWindows at Your Blog / Site
Read Forum Guidelines
 
 Page 1 of 1
Previous Previous
 
Next Next
  Microsoft Windows Forums  Windows Vista  General  New Windows Utility Claims To Bypass UAC
   Get Your Own E-Mail Account @MeraWindows.com Minimize  
New Page 1 New Page 1
Show your cool quotient with @merawindows.com email account
     
  
 
 
Terms Of Use   Privacy Statement  
© 2008 MeraWindows.com