“With the introduction of Windows Vista, Microsoft has added a new form of mandatory access control to the core operating system. Internally known as ‘integrity levels’, this new addition to the security manager allows security controls to be placed on a per-process basis. This is different from the traditional model of per-user security controls used in all prior versions of Windows NT. In this manner, integrity levels are essentially a bolt-on to the existing Windows NT security architecture. While the idea is theoretically sound, there does exist a great possibility for implementation errors with respect to how integrity levels work in practice. Integrity levels are the core of Internet Explorer Protected Mode, a new ‘low-rights’ mode where Internet Explorer runs without permission to modify most files or registry keys. This places both Internet Explorer and integrity levels as a whole at the forefront of the computer security battle with respect to Windows Vista.”
Serious approach to the issue and well written.
Please more quality (like this) and less pointless bashing
I think this is good for a lot of Windows users that are theoretically more secure. Anyway, and taking a look at Microsoft history, it may be just one more buggy piece of software that could break more things than it tries to fix.
the summary is deceiving, this is an article about an exploit based on this feature.
That was a good read. From what i gathered, the real problem is that this bug can give full access if you are running as an administrator with at least one program running with full authenticated privileges. This is because it gives you full access to the processes of your user. It seems that this could have been less scary of a bug if when you authenticated a program for privilege escalation, it was run as a different user, like how authenticating on OS X/Unix runs the program as root, not the user that started the process.
Kind of an odd article. It could be summed up as “if you exploit UAC, you can do bad things”. Granted, this kind of exploit is not a good thing, especially when people are being told that IE is locked down now, but still. The author even says that it will be fixed in SP1, so its not like this is an issue MS is ignoring.
My only real problem with UAC is that there is no reason to go the MAC direction for desktop operating systems. The advantages to that kind of model are finely grained access control over specific processes, the disadvantages are far more complexity. Why would you go for the more complex system when you are aiming this at non technical users?
IMHO, Fedora’s approach is the best. They have the ridiculesly complex SELinux installed by default, however their policy targets only system processes, for userland it lets people stick with the easy to understand DAC model.
Edited 2007-11-13 20:13 UTC
> for userland it lets people stick with the easy to understand DAC model.
This will change. But just for things really important. Like ~/.gnupg .
“IMHO, Fedora’s approach is the best. They have the ridiculesly complex SELinux installed by default, however their policy targets only system processes, for userland it lets people stick with the easy to understand DAC model.”
selinux-policy-targeted is slowly getting more and more profiles.
In the long run it will include user applications such as firefox and konq/nautilus/etc.
– Gilboa
In the long run it will include user applications such as firefox and konq/nautilus/etc.
The targeted profile allready covered firefox,thunderbird etc in FC7. Have a look at the SELinux booleans
My mistake.
mozilla_exec_t does exist.
I wonder how sandboxed the firefox profile is.
– Gilboa
If Windows 7 is to Vista, what XP was to ME im sure it will be great, so i will definitly not buy vista. Holding out to switch untill 2009 does not seem too long either. As said before, no matter how pretty the flower is that grows in a piece of dung, it still is a piece of dung.
IE8 might be in Win7 and might also be the break from crappyness that IE7 started out to be. But i sincearly hope they make a browser with a engine chooser. If i want to use gecko, opera och an other engine inside IE and they would allow it, that would be amazing. And for browser testing purposes it would be awsome. BTW never gotten a spyware with malware with lynx. =)
But i sincearly hope they make a browser with a engine chooser. If i want to use gecko, opera och an other engine inside IE and they would allow it, that would be amazing.
How is this a big issue? I mean, why can’t you just install Firefox?
haha very true – if you take away the engine from IE – what do you have left?
is there some attractiveness to the window border and menus of IE that i’ve been missing all this time? If anything I’d want to keep firefox and use a different rendering engine – at least firefox has cool features like plugins.
hang on for a bit, some KDE4 will make the leap from Linuxland to Windowsville, and Windows users will at long last be able to sample the browsing goodness of the mighty Konqueror.