UAC: Secure Desktop Disable = Safe?

[ProclaimDragon]

When I saw that post about UAC and the options available to configure it in the Local Security Policy, I decided to take a look and see how I like it better, and my changes were:

- Prompt for credentials for every administrator

- Disable the secure desktop when prompting for elevation

I just want to know, how safe/unsafe is the secure desktop enable/disabled. I like it better disabled cause the screen flashes everytime, the black background doesn't fade and aero is disabled and I really hate the default sytle without aero.

[franzon]

  Nazgulled said:

- Disable the secure desktop when prompting for elevation

UNSAFE, because you're not protected against shatter attacks, which intercept Windows inter-process messages to run malicious code or spoof the user interface or attempt to capture admin credentials

Edited February 7, 2007 by franzon

[nautiqueskier]

Um thats a bit extreme.

In the unlikely event that your machine is compromised enough that the interface is "spoofed" then yes you won't be protected.

However, in all my years of running 2003, XP, 2000, etc. (which obviously has no protection against such an attack, except from the Ctrl-Alt-Delete on boot) I have never seen an application even attempt to do this.

So yes your opening yourself up to a potential exploit, but if you have software that can spoof the interface on your pc, you've got bigger problems.

[stockwiz]

is there a registry entry to enable and disable this? I don't have the group policy editor in home premium. Thanks.

[ProclaimDragon]

I know how to handle the security on my computer. I know that this won't mean that I won't ever get in trouble but I decided to let UAC enabled I wanted to leave it like this for now.

[Brandon Live Veteran]

It is less safe. There are many things that Secure Desktop can protect you from, although the standard UAC dialogs are in fact hardened from UI manipulation in many ways. For example, a process would need the UIAccess privilege which is restricted to signed executables installed in Program Files (and so must have been copied there by an administrator) to be able to send messages to higher-privileged windows or manipulate them in any way.

However, Secure Desktop address many issues... for example, manipulation of the mouse cursor such that the user thinks they're clicking on the cancel button when they are not.

[John Veteran]

  stockwiz said:

is there a registry entry to enable and disable this? I don't have the group policy editor in home premium. Thanks.

If you're running Home Premium, the registry setting for the policy will likely be ignored anyway...

[Brandon Live Veteran]

  John said:

If you're running Home Premium, the registry setting for the policy will likely be ignored anyway...

No, actually it will still work. And yes there is a policy you can set via the registry for it, although I can't remember it off hand.

[primexx]

secpol.msc handles all the security policies.

[Aero Ultimate]

Unsafe, because without Secure Desktop, other apps can interact with the Uac windows, making it pointless. You could just as well turn it off completely.

[ProclaimDragon]

They can interact with the UAC windows but I also enabled the option to input the password and they could interact with the windows but they need to know the password to do anything so... It's not that pointless! I think...

[Evolution]

...unless of course they recorded your keyboard input :p

[ProclaimDragon]

I'm really careful with my system, nothing like that will ever enter my laptop without me knowing it, unless vista as a huge and top secret security hole...

[mrp04]

Well if you believe that then there is no need to have UAC. UAC without secure desktop is almost pointless.

[Brandon Live Veteran]

  mrp04 said:

Well if you believe that then there is no need to have UAC. UAC without secure desktop is almost pointless.

Completely untrue.

[ZonoBurk]

Excuse me, Brandon (or someone that actually knows), what is Secure Desktop?

I've done this, and I haven't seen a UAC pop-up since. It says it's still on though. :s

[Brandon Live Veteran]

  MchWalte said:

Excuse me, Brandon (or someone that actually knows), what is Secure Desktop?

I've done this, and I haven't seen a UAC pop-up since. It says it's still on though. :s

If you don't have UAC prompts enabled, then you won't see any switches to the Secure Desktop, so that option will have no effect unless you reenable UAC elevation prompts.

[ZonoBurk]

  Brandon Live said:

If you don't have UAC prompts enabled, then you won't see any switches to the Secure Desktop, so that option will have no effect unless you reenable UAC elevation prompts.

So is UAC actually protecting with the prompts turned off? Or is it better to have them on?

[Brandon Live Veteran]

  MchWalte said:

So is UAC actually protecting with the prompts turned off? Or is it better to have them on?

Way, way better to have them on.

[ZonoBurk]

  Brandon Live said:

Way, way better to have them on.

Thanks. :)

[Brandon Live Veteran]

Also, regarding Secure Desktop - it serves another important purpose that wasn't mentioned here:

When a UAC prompt is shown on the Secure Desktop, a dimmed capture of your desktop is shown in the background. The window that caused the elevation prompt is highlighted in that image, so you know where the request originated.