[IDEA]Vista Security System


Recommended Posts

Ok, this is mainly targeted towards home users but it could work in a corparate environment:

Objective: Eliminate the existance of the Administrator account, and the Administrators group. There would be only two types of accounts after this change, users that aren't authorized to make changes to the system, and users who ARE authorized to make changes.

So you say, what would be so different about this schem, how would it work? Let me explain:

Ok, since you have no administrator accounts or groups, you need to have a way of making system changes, like installing programs, other stuff. Well, the solution I have for that is to have a physical code on the case somewhere, like it would be included on the COA which is supposed to be posted on the outside of the computer somewhere. When you are logged in as a user that can make changes (essentialy a user that can enter the auth code), and try to install a program, Windows senses it and "pauses" the application thread, while it asks you for the auth code. If you enter the auth code correctly, it lets the program install. keep in mind that this is only the PROGRAM that is running under admin rights, the user environment is still limited. When the program exits, the rights vanish, and the code must be re-entered for another app install.

So we've got the basic idea down, what about extra security and compatability with older apps?

For extra security, the code that handles the authorization for the program (which runs in protected memory space thats not readable/writable by ANY other app, not even with admin privs), has an intelligent brute-force engine. It looks at the entries into the authcode field, and then checks to see how close they are to the actual code. If an entry is more than 90% different, it adds a 1 to a bad-attempts list. The application wanting auth has 50 different tries before it is locked out for 2 hours. Anything under 90%, adds to a "wrong-attempt" list, which locks the app out for 1 hourif 500 "wrong"attempts are made. This whole deal would prevent brute-forcing from becoming easy.

Now for the way the app knows wether is authorized or not.

When the app asks for auth, the user must enter the correct auth code. Instead of letting any codes come back accross the "box" from trusted/untrusted space, it simply sends a yes or no to the app on wether it can continue. The code that handles auth then tells windows to grant the program the rights it needs to install. This way the correct code never comes out of its trusted "box"

Okay Okay, sounds good eh? Well what about compatability!

Well, this is something that would require some clutsy code, but IS possible (as anything with computers). Most programs at least CHECK to see if they have admin rights. So what Windows would do is monitor for the priv check procedure, then pretty much just let the normal auth code process take place, when authed, the application is un-paused, allowing it to install with admin rights. And for programs that don't check, it would be up to the user to do a "Run As.." type deal with a right click.

Summary

Well, all of this pretty much depends on wether the user is educated enough to know not to enter secure information into a prompt that pops up from no-where (like if a trojan was trying to install). I know all of this is kindof complicated, but i goes back to the fact that MOST ALL people shouldn't operate in Administrator mode in a day-to-day basis. I'm sure ALL of this is possible, and MS, if you want to hire me (or any other company that sees this) just email me.

:) :) :) :)

All corrective criticism is welcome!!!

Link to comment
Share on other sites

Sounds too complicated and hackers would create a patch or something within 24 or 48 hours of a Vista Beta or Vista Final featuring this most likely.

Yeah it sounds easy when typing it out, but can you actually make a program like that? Something seems familiar about it anyway. I just can't think of what it reminds me of.

Link to comment
Share on other sites

nothing is too complicated, and it's not meant for hackers really. It's mainly meant to eliminate the Admin account and prevent bad changes from being made (including viruses and such) this would make it harder for virus writers and hackers to make something that spreads fast.

Link to comment
Share on other sites

This sounds exactly like UAP, except you put in a keycode instead of your password. UAP reduces Administrator priviledges until a program explicitly calls them, and at that point windows asks for your password.

Link to comment
Share on other sites

Exactly what I was about to say.

Besides, a code on the outside of the box would be of no use at all in the grand scheme of things - each copy of vista would have to have it hard-coded in to it in order to make it useable. If an algorithm was used then it'd only be a matter of time until hackers got it.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.