On Wed, Apr 28, 2010 at 10:18 AM, <[email protected]> wrote: > Are there any reports out there that show Windows 7 running with UAC that > its minimizes the infections of spyware.
I too would be interested in seeing hard data on this. I've seen lots of marketing claims, and the occasional anecdote, but I remain unconvinced that UAC (as typically configured, and for the SOHO user) will do anything more than train lusers to click "Allow" when they see it. I've certainly got my own anecdotal evidence that lusers do just that. To me, the chief advantage to UAC is FRV (filesystem and registry virtualization). It lets software which thinks it needs to write to protected locations run anyway. *That's* a big win. Lets people who understand security cope with software vendors who don't. The ability for UAC to use the GUI to prompt for alternate admin credentials for privilege elevation is very convenient, but it's not compelling to me. You can achieve similar results using RUNAS. Not as convenient, but gets the job done. > While I am not a huge fan of MACS ... It took me a minute to figure out you meant "Macintoshes" and not "Mandatory Access Control System". "Mac" -- the computer from Apple -- is not an acronym. :) (It wouldn't have been so confusing except that MACS and DACS are the two common models used for describing access control/permissions. Windows mostly uses DACS (hence, DACL, Discretionary Access Control List), but the "Integrity Levels" features in Win 6.x are heading in the direction of MACS.) > .. their security model is obviously much better than Windows. While Windows is often shipped with a default no-security admin account, Windows fully supports creating a user without admin rights. It's what we do for *everybody* here at %WORK%. We've been doing it for *years*, and it works very well. The only hard part is convincing software vendors that admin rights are not required to do things like word processing. More generally, one problem is the many PC builders who ship their computers configured to run users as admins by default. Even if UAC works as advertised, that's not a good thing. But the real hard problem here is home lusers who don't understand security. They consider security a problem, something to be removed. And they will install whatever a web page tells them to. I don't have a good solution for that. I suspect nobody does. > Even with users not in admin group in Windows XP, Vista I have > seen malware get right on and hose a machine. With the exception of exploitation of unpatched vulnerabilities, I've never seen malware lead to a system compromise on a properly-secured Win XP machine. I've seen it screw up a user account pretty well, to the point where it's easier to erase and reset the user profile than it is to repair the registry wreckage. Most of the time, though, all we have to do is login as an admin and delete *.EXE *.DLL *.OCX under their user profile folder. Are you using a proper set of ACLs on the filesystem? My strategy is that users should only be able to create/modify under their own user profile folder. Nothing else. Well, the default C:\WINDOWS\TEMP permissions are okay. In particular, by default, users can create files and folders under <C:\> and <C:\Documents and Settings\All Users\Application Data\>. This is a very bad idea on Microsoft's part. Malware gets in, compromises "All Users", admin logs in, Explorer or something else trips over something in "All Users", malware now compromises system. Way to go Microsoft! -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
