Windows Vista: User Accounts Control
Windows Vista will introduce a "new" concept into Windows: User Account Control. No, surprisingly, this isn't another new way for Microsoft to regulate what you do online. It's not the beginning of a Big Brother program. Actually, it's designed to make the programs you already have installed on your computer work better. Surprisingly, for the first time, Microsoft may have done just that.
Priveleges and The Principle of Least Control
One of the core concepts in computer development is security. Actually, the reason for this is twofold. While it may be readily apparent that a would be intruder will have more trouble with a system designed to block his attempts to alter your critical files, protecting those same files from the user themselve isn't so obvious.
The simple fact is, your average user knows very little about how to use a computer effectively (at maximum productivity) let alone how it works its magic. Unfortunately, that means users are their own worst enemies. Just like a car manufacturer provides a simple ignition/accelerator/brake and encloses the pistons, rods, hoses, and other components in an inaccessible area, computer manufacturers provide a user interface. Unfortunately for the computer world, that interface is expected to be upgradable, changeable, and generally fully accessible.
To this end the principle of least control was born. At any given moment a user needs only enough control (access) over their computer to perform the specific task they are trying to do. Normally this doesn't include setting the clock, installing a program, or editing a system file. Accordingly, the principle dictates the user (in that moment) should not be allowed access to those system areas. This would in turn prevent an unauthorized agent (for example an Internet Active X control, a Trojan, or a Hacker) from performing the same task pretending to be the user.
Because we don't keep our computers exactly the same all the time, we likewise need a way to edit system components at any given time. Linux/Unix clones give us the "su" (super user) command for this task. The command prompts the user for a password (generally the "root" password) and if it is authenticated grants unrequited access to the machine (within the su session area). When the user is done, they simply type exit and return to normal access. This means that for all of eternity, Linux users have been more secure in principle in their computing environment. They don't run as administrators.
Don't be an Administrator, use "Run As..."
I know I pretty much just covered this with the bit on the principle of least control, but I can't reiterate it enough. When you run your computer as an administrator, you give yourself unaudited access to your machine. Good, right? Wrong. The fact is your not the one who's going t use that access, the website which is trying to hack you is.
The ActiveX control, when installed, can impersonate a user and perform operations on a machine. Granted, post XP SP2 ActiveX controls no longer automatically and without prompting install and run themselves, but most sites will advise users of this anyway. In actuality, a well written scheme can easily find its way onto a users computer... yes, even a "power users" computer.
If your running under non-admin priveleges this scheme is entirely powerless. It can only do what you would otherwise be able to do. On the other hand, if you're running as admin, you've handed your computer over on a silver platter.
So, for all the Windows users out there, what are your options? The su command is available under Linux clones only, although even if it were, the command line eludes most Windows users. Windows does fortunately have a similar, albeit almost more friendly version of the same.
First off, you need to create yourself an account with limited priveleges and run under that for normal, day to day operations. Then, whenever you need to do something that would normally require admin priveleges, instead of logging out, loggin in as admin, doing it, logging out, and loggin in as you, use the "Run As..." command. By holding the Shift key while you right-click something, you access the Run As... option. When you click it, it will prompt you for the credentials you want to run the command as.
Beautiful. If you enter "Administrator" for example, that process AND ONLY THAT PROCESS will be run with full admin priveleges. It works using the Secondary Logon service, which coincidentally also provides "Fast User Switching" capabilities to many users. When you finish your task and close the window, the administrative priveleges dissappear, and your free to behave irresponsibly again.
User Accounts Control
Windows Vista (as of Beta 2 without the Technicial Refreshes) expounds upon Windows XP's introduction of "Run As...". User Accounts Control is a built in required feature of the Operating System in fact. Basically, any user, including an adminstrator, is restricted from root level (su) priveleges. Whenever they try to access a component that would require those priveleges they are prompted for appropriate credentials.
As per Microsoft's general modus operandi, the UAC console kindly informs you that if you're not sure, you should probably choose to cancel. In fact, the average user who doesn't remember having seen this in their XP computer may do just that and wonder why their program never opened.
There are some limited options allowing the custimization of UAC screens and blockings, but in the beginning it will be little more than a hindrance for users. As I recall the message UAC greets you with informs you that "a request has been made to access a restricted component. Windows needs to verify that you made this request. If you made the request, please enter the password to continue now, otherwise, you should not continue." As I said, cryptic at best.
What exactly is a system component? Especially considering one may be accessed for something as simple as scheduling an appointment (depending on how the program you use works). How do you know if it's an appropriate request? What harm could happen if you just entered the password (which I have already addressed in this entry)? Most importantly, how many more damn times are you going to have to dismiss the UAC console to try and get your work done.
I mentioned as I started this blog UAC is designed to help make what you already have installed work better, and surprisingly, it does. As my next entry will explain, most programs are not written with a terrible amount of concern for how things are done, they only want the result. That unfortunately means a lot of programs commonly perform tasks normally reserved for Administrators. UAC will force these programs to run in a bubble where they can continue to execute their potentially dangerous code without endangering the rest of your computer.
Priveleges and The Principle of Least Control
One of the core concepts in computer development is security. Actually, the reason for this is twofold. While it may be readily apparent that a would be intruder will have more trouble with a system designed to block his attempts to alter your critical files, protecting those same files from the user themselve isn't so obvious.
The simple fact is, your average user knows very little about how to use a computer effectively (at maximum productivity) let alone how it works its magic. Unfortunately, that means users are their own worst enemies. Just like a car manufacturer provides a simple ignition/accelerator/brake and encloses the pistons, rods, hoses, and other components in an inaccessible area, computer manufacturers provide a user interface. Unfortunately for the computer world, that interface is expected to be upgradable, changeable, and generally fully accessible.
To this end the principle of least control was born. At any given moment a user needs only enough control (access) over their computer to perform the specific task they are trying to do. Normally this doesn't include setting the clock, installing a program, or editing a system file. Accordingly, the principle dictates the user (in that moment) should not be allowed access to those system areas. This would in turn prevent an unauthorized agent (for example an Internet Active X control, a Trojan, or a Hacker) from performing the same task pretending to be the user.
Because we don't keep our computers exactly the same all the time, we likewise need a way to edit system components at any given time. Linux/Unix clones give us the "su" (super user) command for this task. The command prompts the user for a password (generally the "root" password) and if it is authenticated grants unrequited access to the machine (within the su session area). When the user is done, they simply type exit and return to normal access. This means that for all of eternity, Linux users have been more secure in principle in their computing environment. They don't run as administrators.
Don't be an Administrator, use "Run As..."
I know I pretty much just covered this with the bit on the principle of least control, but I can't reiterate it enough. When you run your computer as an administrator, you give yourself unaudited access to your machine. Good, right? Wrong. The fact is your not the one who's going t use that access, the website which is trying to hack you is.
The ActiveX control, when installed, can impersonate a user and perform operations on a machine. Granted, post XP SP2 ActiveX controls no longer automatically and without prompting install and run themselves, but most sites will advise users of this anyway. In actuality, a well written scheme can easily find its way onto a users computer... yes, even a "power users" computer.
If your running under non-admin priveleges this scheme is entirely powerless. It can only do what you would otherwise be able to do. On the other hand, if you're running as admin, you've handed your computer over on a silver platter.
So, for all the Windows users out there, what are your options? The su command is available under Linux clones only, although even if it were, the command line eludes most Windows users. Windows does fortunately have a similar, albeit almost more friendly version of the same.
First off, you need to create yourself an account with limited priveleges and run under that for normal, day to day operations. Then, whenever you need to do something that would normally require admin priveleges, instead of logging out, loggin in as admin, doing it, logging out, and loggin in as you, use the "Run As..." command. By holding the Shift key while you right-click something, you access the Run As... option. When you click it, it will prompt you for the credentials you want to run the command as.
Beautiful. If you enter "Administrator" for example, that process AND ONLY THAT PROCESS will be run with full admin priveleges. It works using the Secondary Logon service, which coincidentally also provides "Fast User Switching" capabilities to many users. When you finish your task and close the window, the administrative priveleges dissappear, and your free to behave irresponsibly again.
User Accounts Control
Windows Vista (as of Beta 2 without the Technicial Refreshes) expounds upon Windows XP's introduction of "Run As...". User Accounts Control is a built in required feature of the Operating System in fact. Basically, any user, including an adminstrator, is restricted from root level (su) priveleges. Whenever they try to access a component that would require those priveleges they are prompted for appropriate credentials.
As per Microsoft's general modus operandi, the UAC console kindly informs you that if you're not sure, you should probably choose to cancel. In fact, the average user who doesn't remember having seen this in their XP computer may do just that and wonder why their program never opened.
There are some limited options allowing the custimization of UAC screens and blockings, but in the beginning it will be little more than a hindrance for users. As I recall the message UAC greets you with informs you that "a request has been made to access a restricted component. Windows needs to verify that you made this request. If you made the request, please enter the password to continue now, otherwise, you should not continue." As I said, cryptic at best.
What exactly is a system component? Especially considering one may be accessed for something as simple as scheduling an appointment (depending on how the program you use works). How do you know if it's an appropriate request? What harm could happen if you just entered the password (which I have already addressed in this entry)? Most importantly, how many more damn times are you going to have to dismiss the UAC console to try and get your work done.
I mentioned as I started this blog UAC is designed to help make what you already have installed work better, and surprisingly, it does. As my next entry will explain, most programs are not written with a terrible amount of concern for how things are done, they only want the result. That unfortunately means a lot of programs commonly perform tasks normally reserved for Administrators. UAC will force these programs to run in a bubble where they can continue to execute their potentially dangerous code without endangering the rest of your computer.
posted by Mike at 7:25 PM
0 comments
