![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
talarubiSound familiar? Certain people, including MS now, have been pushing these for awhile (even though XP has always had them). To make a long story short they are basically the equivalent of user ("mortal") accounts under every other OS out there. Linux and Mac folks stuck using Windows will appreciate the ability to not have random worms or stealthware slipping into the Windows folders, hijacking Winlogon, etc, with a few well-placed syscalls. (Vulnerabilities notwithstanding.) Since most apps support it pretty well now, and there are great "SU" equivalents out there, everyone should be using this.
Problem is, if you're just a user at home, it won't do you a lick of good. Oh, sure, it'll probably save you a reinstall. And that's it, because here are some things programs under your limited account still have permission to do (because there was never any way to secure it):
1) Log keyboard and mouse activity;
2) Watch the display;
3) Send messages and requests to other programs running on your login;
4) Talk directly to system services and possibly drivers (but not add/remove any);
5) Debug other programs, rewrite code, prevent them from running;
6) Hook into explorer/common dialogs, effectively denying folder access;
7) Hook other windows syscalls ("user-mode rootkit");
8) Create/Read/write/delete all the files you own, outside of Windows and Program Files (assuming installers were written properly);
9) Make outgoing TCP connections (incoming requires config of Windows Firewall if enabled).
10) ... (Arrrrgh! Wincing yet?)
In other words, you don't have to be Admin to ruin someone's life. You just need an exploit or some good social engineering. Some of this is true under Linux as well, but if you really use it, you already knew that. The real concern is that once Windows Vista makes these limits commonplace, the crackers will adapt. MS (rather, their marketing dept.) will claim they're making Windows more secure, but this is a stopgap, not a real solution. LUA doesn't remove the need for Ad-Aware or virus scanners.
MS and Linux are in a no-win situation here, because fixing the central problems (conflating user with program authority, using blacklists, separating the whitelists from the objects being secured) breaks almost everything out there, even though no one program needs very many permissions. It's so bad that Windows Vista is reported to simulate writes, per-user, to Program Files just to keep legacy apps working!
MS is torn between money (being legacy-compatible for their longtime corporate users) and, more recently, satisfying the security concerns of everyone else. So things are changing, but don't expect airtight computers just yet.
Problem is, if you're just a user at home, it won't do you a lick of good. Oh, sure, it'll probably save you a reinstall. And that's it, because here are some things programs under your limited account still have permission to do (because there was never any way to secure it):
1) Log keyboard and mouse activity;
2) Watch the display;
3) Send messages and requests to other programs running on your login;
4) Talk directly to system services and possibly drivers (but not add/remove any);
5) Debug other programs, rewrite code, prevent them from running;
6) Hook into explorer/common dialogs, effectively denying folder access;
7) Hook other windows syscalls ("user-mode rootkit");
8) Create/Read/write/delete all the files you own, outside of Windows and Program Files (assuming installers were written properly);
9) Make outgoing TCP connections (incoming requires config of Windows Firewall if enabled).
10) ... (Arrrrgh! Wincing yet?)
In other words, you don't have to be Admin to ruin someone's life. You just need an exploit or some good social engineering. Some of this is true under Linux as well, but if you really use it, you already knew that. The real concern is that once Windows Vista makes these limits commonplace, the crackers will adapt. MS (rather, their marketing dept.) will claim they're making Windows more secure, but this is a stopgap, not a real solution. LUA doesn't remove the need for Ad-Aware or virus scanners.
MS and Linux are in a no-win situation here, because fixing the central problems (conflating user with program authority, using blacklists, separating the whitelists from the objects being secured) breaks almost everything out there, even though no one program needs very many permissions. It's so bad that Windows Vista is reported to simulate writes, per-user, to Program Files just to keep legacy apps working!
MS is torn between money (being legacy-compatible for their longtime corporate users) and, more recently, satisfying the security concerns of everyone else. So things are changing, but don't expect airtight computers just yet.
