UAC replacement alpha

[bsobel]

Guys, I had hinted at this long ago, in case you've missed it http://www.nortonlabs.com/inthelab/uac.php

The current version gives you a 'do not ask for this' again option, moving forward we will whitelist things so you won't see the prompting on safe/known applications.

Bill

 

[Genx87]

Oh yes these are the people I want holding my systems security by the balls.

If you dont want UAC there is a group policy option to auto-elevate. I just dont understand why anybody would want to relegate their Vista machine to WinXP style open hole security.

/shrug

 

[bsobel]

Originally posted by: Genx87
Oh yes these are the people I want holding my systems security by the balls.

If you dont want UAC there is a group policy option to auto-elevate. I just dont understand why anybody would want to relegate their Vista machine to WinXP style open hole security.

/shrug

Huh? This simply removes UAC issues for known safe applications, not sure i follow the rest your your statement?

 

[stash]

When the administrator attempts to perform a task, the UAC prompts the user to approve the action. This can lead to poor user experiences because the prompts can be slow to display, and appear frequently and without warning. What?s more, because the UAC may give a false sense of security since other processes can still access the desktop, it actually raises security concerns.

Wow, did you guys actually just say all that?

The User Account Control tool will collect user input as well as information on applications causing prompts

Is there a list of exactly what is sent?

The User Account Control tool has been designed to replace the Vista UAC, to simultaneously make your system more secure while significantly improving user-friendliness.

You're essentially suppressing UAC prompts for "known" safe apps (how are they known to be safe?), but I'm not clear on how this makes the system more secure.

 

[stash]

Currently, the Norton Labs? UAC replacement offers a "Do not ask me again" option on each prompt making it very easy for the user to squelch individual prompts without fully disabling UAC.

Ahh, so you're putting the burden on the user to determine what is safe to be whitelisted? And this data is going to be used to generate a global whitelist that will be pushed to all users? How does this make me safer again? Is there is a screenshot of what these prompts look like? Do they include any user friendly info that can be used to make an intelligent decision (providing it can't be spoofed or that the user actually reads it (show me the flying pigs, dammit!)?

 

[Aberforth]

Now we have learn from Norton about the UAC? I remember their AV used to consume 200 MB RAM in systray and yet getting squashed by many clever Trojans.

 

[bsobel]

Originally posted by: Aberforth
Now we have learn from Norton about the UAC? I remember their AV used to consume 200 MB RAM in systray and yet getting squashed by many clever Trojans.

The 2009 product is the fastest and lightest in the industry.

 

[Aberforth]

Originally posted by: bsobel

Originally posted by: Aberforth
Now we have learn from Norton about the UAC? I remember their AV used to consume 200 MB RAM in systray and yet getting squashed by many clever Trojans.

The 2009 product is the fastest and lightest in the industry.

Am not sure about that....but Eset NOD32 has 8-16 MB memory footprint. Lightest I've ever used and has native 64bit support.

 

[bsobel]

Originally posted by: Aberforth

Originally posted by: bsobel

Originally posted by: Aberforth
Now we have learn from Norton about the UAC? I remember their AV used to consume 200 MB RAM in systray and yet getting squashed by many clever Trojans.

The 2009 product is the fastest and lightest in the industry.

Am not sure about that....but Eset NOD32 has 8-16 MB memory footprint. Lightest I've ever used and has native 64bit support.

Youlll need to try the 09 product, but this thrad isnt about that and I'd apreciate you staying on topic.

 

[Genx87]

Originally posted by: bsobel

Originally posted by: Genx87
Oh yes these are the people I want holding my systems security by the balls.

If you dont want UAC there is a group policy option to auto-elevate. I just dont understand why anybody would want to relegate their Vista machine to WinXP style open hole security.

/shrug

Huh? This simply removes UAC issues for known safe applications, not sure i follow the rest your your statement?

The issues are the prompt letting you know the application is modifying the system. All that needs to be done now is to compromise that application and malware is free to install itself and you wouldnt know the difference. Even more amusing get put on the global whitelist run by Symantec. I wouldnt trust Symantec more than Microsoft to secure my Microsoft operating system. I am sure some code monkey down in the basement is going to be combing that whitelist like a hawk 😀

My last sentence is pretty clear. The biggest security advance from XP to Vista is the UAC. When an application modify's the system, writes files where it shouldnt, or modifies the registry you know about it. In XP with an admin account silent installs would kill you. And all you really needed to do was visit a website. It installs its crap, you leave without knowing while is phones home.

 

[bsobel]

As is shown by this forum, there are lots of people who do not like the current UAC implimentation. Id much rather them using this with a controlled whitelist than turning UAC off.

 

[Smilin]

Originally posted by: bsobel

Originally posted by: Aberforth
Now we have learn from Norton about the UAC? I remember their AV used to consume 200 MB RAM in systray and yet getting squashed by many clever Trojans.

The 2009 product is the fastest and lightest in the industry.

Aye they did look in the mirror and see that their ass was fat...then did something about it.

As I recall it does things like skip scanning of files that do not lend themselves to be viruses (.txt for example) as well as bunch of other improvements to speed it up. More AV vendors will hopefully follow suite.

Regarding whitelisting UAC (basically), all I can say is they better tread very carefully in this realm. What they are trying to do has to be done perfectly or it will blow huge security holes into Windows. Some links in the chain that come to mind: spoofed or identical hashes, someone maliciously introducing an item to the whitelist, and the method used to intercept the UAC prompt. If these links are weak it spells trouble. Just introducing them at all worries me.

I would really rather developers just make their apps not run with unncecessary privledges.

 

[bsobel]

then did something about it

We've been working on it for 3 releases now (speed/size), this release is the best yet (by far).

Regarding whitelisting UAC (basically), all I can say is they better tread very carefully in this realm. What they are trying to do has to be done perfectly or it will blow huge security holes into Windows. Some links in the chain that come to mind: spoofed or identical hashes, someone maliciously introducing an item to the whitelist, and the method used to intercept the UAC prompt. If these links are weak it spells trouble. Just introducing them at all worries me.

MS has the same issues, in fact we pointed out a bunch of the holes in the current system 😉

I would really rather developers just make their apps not run with unncecessary privledges.

Amen, but transitionary tools are usefull as well.

 

[Smilin]

Originally posted by: bsobel
MS has the same issues, in fact we pointed out a bunch of the holes in the current system 😉

Ok, I'm curious.

 

[nova2]

"do not ask for this again" option? great. that will definitely be useful at times, instead of just auto-elevating everything.

 

[Genx87]

Originally posted by: Smilin

Originally posted by: bsobel
MS has the same issues, in fact we pointed out a bunch of the holes in the current system 😉

Ok, I'm curious.

I am also curious.

 

[bsobel]

Originally posted by: Genx87

Originally posted by: Smilin

Originally posted by: bsobel
MS has the same issues, in fact we pointed out a bunch of the holes in the current system 😉

Ok, I'm curious.

I am also curious.

Google must be down for you guys 🙂 Here is a place to start https://forums.symantec.com/sy...cle?message.uid=305919

 

[Crusty]

Originally posted by: bsobel

Originally posted by: Genx87

Originally posted by: Smilin

Originally posted by: bsobel
MS has the same issues, in fact we pointed out a bunch of the holes in the current system 😉

Ok, I'm curious.

I am also curious.

Google must be down for you guys 🙂 Here is a place to start <a target=_blank class=ftalternatingbarlinklarge href="https://forums.symantec.com/syment/blog/article?message.uid=305919">https://forums.symantec.com......message.uid=305919</a>

Very interesting read, but the first thing that caught my eye is the fact that this requires the user to already be infected in order for the scenario to play out. What's disconcerting about it is the fact that if the user is exploited arbitrary code could be executed and presented to the user as Microsoft System code.

 

[corkyg]

Nothing from Symantec will ever be installed on any of my systems - ever! 🙂

 

[Scotteq]

It says "Norton" and "Symantec" on the box. {Post voluntarily self-edited for being unhelpful}

 

[ShawnD1]

Originally posted by: nova2
"do not ask for this again" option? great. that will definitely be useful at times, instead of just auto-elevating everything.

Doesn't this eliminate the point of UAC? If I try to go into the registry, UAC pops up and says "whoa this could be dangerous" so I click yes to continue. What happens if I select it to whitelist the registry? Does that mean any random garbage I run (pornodialer.jpg.vbs) is automatically allowed into the registry?

 

[bsobel]

Originally posted by: ShawnD1

Originally posted by: nova2
"do not ask for this again" option? great. that will definitely be useful at times, instead of just auto-elevating everything.

Doesn't this eliminate the point of UAC? If I try to go into the registry, UAC pops up and says "whoa this could be dangerous" so I click yes to continue. What happens if I select it to whitelist the registry? Does that mean any random garbage I run (pornodialer.jpg.vbs) is automatically allowed into the registry?

Think of it in terms of apps like Rivatuner (etc)....

 

[XBoxLPU]

Originally posted by: bsobel

Originally posted by: ShawnD1

Originally posted by: nova2
"do not ask for this again" option? great. that will definitely be useful at times, instead of just auto-elevating everything.

Doesn't this eliminate the point of UAC? If I try to go into the registry, UAC pops up and says "whoa this could be dangerous" so I click yes to continue. What happens if I select it to whitelist the registry? Does that mean any random garbage I run (pornodialer.jpg.vbs) is automatically allowed into the registry?

Think of it in terms of apps like Rivatuner (etc)....

And if a trojan/etc is whitelisted, than what?

 

[nova2]

@XBoxLPU: if its good quality malware with root/admin permissions you're screwed either way, whitelist or no whitelist.

 

[bsobel]

And if a trojan/etc is whitelisted, than what?

The user has to allow the application the first time, this current alpha only collects data and offers the 'dont prompt on this again'. If your worried about something being malware, if it was it would most likely finish its attack the first time you ran it not later.

The same issue exists with all whitelists (including digital cetificate systems, like for drivers). Whitelist revocation is how you deal with it as all lists will need maintenance.