- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
For those who thought the User Account Control (UAC) feature introduced in Windows Vista was intended to set security boundaries, Microsoft has made a clarification: it isn't.
The message is attracting criticism from security experts, one of whom said it made features such as UAC seem like nothing more than a "joke."
The most direct communication about UAC to date came on Monday from Mark Russinovich, a Technical Fellow in Microsoft's Platform and Services Division, who joined the company when it bought Russinovich's Winternals Software. Russinovich is a noted developer of Windows utilities and is credited with being the first to discover the rootkit in Sony BMG's copy-protection software.
In a Microsoft TechNet blog post, Russinovich explained that Vista features such as UAC or Protected Mode Internet Explorer that are dependent on limited user privileges -- which Microsoft calls Integrity Levels (IL) -- are designed to allow some IL breaches.
"Vista makes tradeoffs between security and convenience, and both UAC and Protected Mode IE have design choices that required paths to be opened in the IL wall for application compatibility and ease of use," he wrote.
Because the boundaries defined by UAC and Protected Mode IE are designed to be porous, they can't really be considered security barriers, he said. "Neither UAC elevations nor Protected Mode IE define new Windows security boundaries," Russinovich wrote. "Because elevations and ILs don’t define a security boundary, potential avenues of attack, regardless of ease or scope, are not security bugs."
He said Microsoft had communicated this in the past, but that the point needed reiterating.
According to Russinovich, a security boundary is a barrier through which code and data can't pass without the authorization of a security policy.
UAC and integrity levels were not intended to guarantee that processes with higher privileges are protected from compromise by lower-level privileges, but rather as a way of changing the way Windows software is developed, Russinovich said.
"If you aren't guaranteed that your elevated processes aren't susceptible to compromise by those running at a lower IL, why did Windows Vista go to the trouble of introducing elevations and ILs? To get us to a world where everyone runs as standard user by default and all software is written with that assumption," he wrote.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
Microsoft: UAC not a security featureBy Microsoft Subnet on February 14, 2007, 1:16 pmFor those who thought the User Account Control (UAC) feature introduced in Windows Vista was intended to set security boundaries, Microsoft has made a clarification:...
Reply | Read entire comment
View all comments