> I dont' understand this part: are you saying that the *ONLY* > additional > security that Vista provides [in its normal setup] is to > require the user > to click on "OK" in a dialogue??? That's not a lot better > than having no > security at all. And a meta question: how is that > implemented? I guess > by some serious changes in the ACL/policy setups so that instead of > allowing the "Administrators" *group* [which is the case > now], it'll only > include the "Administrator" account... Better than now, but > still not as > good as it should/could be. >
Implementation is that every user runs in "standard" mode. When administrator access is required, a new thread is launched with the elevated process completely separated. When the process is finished the thread is 'killed'. So it is not possible to abuse this elevated process (thread). And there's much more to it... I give one example: Registry & System "Virtualization". Virtualization mimics part of the System & Registry to a user-based storage, and 'fools' legacy applications that require access to some file system areas or registry keys that they would not have access to on the system. The fancy name Microsoft gave this (for now): AIM (Application Impact Management). Unfortunately I'm very short on time these days, but I should be publishing more about Windows Vista on my Web site in the coming months. -- Arie Slob, MVP, Windows Shell/User http://mvp.support.microsoft.com/ http://www.helpwithwindows.com http://www.windowsbbs.com http://www.windowsnewsletter.com -- ---------------------------------------- WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html Contact the List Owner about anything: [EMAIL PROTECTED] Official Win-Home List Members Profiles Page http://www.besteffort.com/winhome/Profiles.html
