Microsoft: UAC Can Be Hijacked by Social Engineering

Microsoft's UAC in its Vista operating system release was meant to signify that finally, the company has gotten serious about securing Windows by limiting a user's rights during day-to-day computer usage. It's come to signify something much less than security or trust in the minds of some security experts, though. Security expert Joanna Rutkowska kicked off the dissection of UAC in her blog, and the latest salvo against User Account Control was heaved by Symantec Research Scientist Ollie Whitehouse with a Feb. 20 posting titled An Example of Why UAC Prompts in Vista Can't Always Be Trusted.

The upshot: Microsoft has admitted that yes, UAC is liable to social engineering. The idea behind User Account Control is to limit user privileges as much as possible for most of a user's interaction with the desktop. User rights are elevated only when necessary for administrative tasks, at which point a dialog box prompts the user to OK the escalation. Limiting normal permissions is a good thing, given that it reveals less operating system surface for an attacker to latch onto. The problem, according to Whitehouse, is the level of trust granted to UAC prompts—a level of trust that he thinks is undeserved.

View: The full story
News source: eWeek

Report a problem with article
Previous Story

How [Vista] Ultimate Is This?

Next Story

Corel releases public beta of WordPerfect Lightning

17 Comments

Interesting... and the first thing that I get going to eWeek's article is a prompt saying...
"eWEEK.com would like to know more about how you deal with today's IT security concerns. Would you help us by answering a few quick questions? Y/N" Um... no? That's exactly the kind of thing that IS a security concern? :P

Isnt this the most obvious statement ever made? Obviously if you can convince someone to give you their password and anyother sensative data there is nothing MS, OSX,Linux, furby the dog can do to protect the user


MS can fix stupid users

This isn't about scamming passwords. It does involve stupid users, though. This is about the spoofing of untrusted third-party malicious apps "using the calming teal color to disguise its nefarious purpose". The teal color is apparently reserved for trusted Microsoft software components.

The user of a compromised system would be led to believe that malware was part of the Microsoft OS by its color.

Again, it takes a stupid user (or a local user with malicious intent) to initially compromise the box. And no software can cure that - only proper administration that keeps untrusted users with little or no permissions.

They did have good intentions when planning Uac, but the implementation is still severely flawed.
What they need to do is add individual rights management for every single application, completely independent from the user rights.

The road to hell is paved with good intentions.

BTW, in the game of Doom its the company UAC which opens a gate to hell....

yes they did have good intentions.. but they could have done alot better on Vistas Security but they did not they had all there time spent on other stuff in Vista like Flip-3D and the Aero Glass interface. I like the new look but was it really necessary??? NO it was not.. the only thing that should have been there Number 1 top priority was Security..

You have to enter your password for every administrative task in Ubuntu (but not every time...hard for me to explain).

I run as a desktop user in Ubuntu and don't have any problems with it.

I love these types of articles... they seem to give members here the excuse to BS about things that aren't true or are ridiculous or taken to an extreme....

Microsoft will fix this, and UAC is implemented pretty well.... the problem is with the software developers of applications.

I'm wondering if the UAC system can be abused...

The following is just a theory:

- a malicious user creates a program which looks just like UAC and actually displays "above" the UAC layer - covering the information about what's going on, but not covering the OK/CANCEL buttons.. Since this program is visually identical to UAC, it could have some innocent prompt to which 99% of users will click OK. In reality, the program is doing something malicious in the background. The UAC prompt pops up, with this malicious program covering (hiding) what's really going on. The user clicks the OK button (which isn't covered), and off the malicious code goes...

Possible in theory?

If you have the secure desktop feature of UAC enabled apps won't be able to interact with the UAC prompt, everything else will be dimmed, and the UAC prompt will be in the foreground.

If you disable secure desktop, an app can just simulate an allow click.

As Andareed said, secure desktop is designed to stop this from happening. If it's enabled, it takes a screenshot of your desktop and dims it, then displays the real UAC prompt. You will be able to easily see the fake one because for one you won't be able to move it, it will be dimmed and half will be cut off, so no, it's not really easy to spoof it.

This effects only idiots stupid enough to fall for it.

I love how they try and once again blame MS. Yes MS made you stupid, yes MS should be able to somehow stop people from convincing other people to give out their information.

Morons.

IMO, the biggest problem of UAC is the risk of becoming the OS that cries wolf.

If it shows up too often, people will automatically click "Go ahead".

"Are you sure you want to open device manager?" Yes, that's why I clicked it!

"Are you sure you want to change your wireless network settings?" Yes, that's why I clicked it.

"Are you sure you want to format your hard disc?" Yes... oh crap!

The whole point with standard level users is they have to enter the admin password.

For these cases where users are that stupid (i.e. XP users who got viruses and spyware), you _don't_ give them the admin rights password.

That's the fracking point!

Commenting is disabled on this article.