I’m sure most of you are aware that Microsoft have a new operating system soon to be released called Windows Vista. This is the next generation desktop operating system which will supersede Windows XP. If you would like to find out more take a look at the Windows Vista homepage.

 

One of the first things that you will notice when you use Windows Vista and begin to launch applications is User Account Control (UAC). So what is UAC? UAC is a core security component of Windows Vista. The goal of UAC is to reduce the attack surface of the operating system by requiring that all users run in standard user mode and limiting administrator-level access to authorized processes.

 

With UAC you can run most applications, components and processes with limited privilege, but have "elevation" for specific administrative tasks and application functions. This significantly reduces the attack vector for malware (viruses, spyware...). Depending on configuration, privileges you have as the logged user and whether or not an application you are trying to run is signed or unsigned, determines your visual interaction with UAC.

 

Let’s review some scenarios:

 

Case 1 – You are logged on as a user who is part of the Administrators group, trying to run an unsigned application that requires Administrator privileges. Even though you are part of the Administrators group, you will be running as a Standard User. If an elevated privilege is required a UAC dialogue is brought up and you will have to allow elevation by pressing “Allow”. The UAC dialogue also indicates you are trying to run an unsigned application in the dialogue header.

 

By default UAC is configured for Administrators to prompt for consent to allow elevation of privileges to occur. There is no requirement to supply credentials, because you are part of the Administrators group.

 

Case 2 – You are logged on as a user who is not part of the Administrators group, trying to run an application that requires Administrator privileges. This time to allow the application to run because the user is not part of the Administrators group, the UAC prompt will ask for Administrator credentials – UserName/Password.

 

Case 3 - Another good indication that you are interacting with UAC in Windows Vista is the security shield icon, that you will see adorned against buttons, command links etc. To see an example of this try changing the date and time, using the “Change Date and Time…” button. This will require elevated privileges as indicated by the presence of the security shield on the button.

 

UAC elevation prompts are run on a secure desktop, which only allows trusted processes to run. This mitigates the opportunity for spoofing attacks.

 

It’s safe to assume that UAC will have a considerable impact on applications running on Windows Vista. If you are in the business of writing software you should be making provision now for testing your applications for compatibility under UAC on Windows Vista.

 

It is worth being aware that the file system and registry are protected by UAC and so if your applications are writing to the file system “Program Files” or to the registry “HKLM”, then this is considered bad practice under Windows Vista. For backward compatibility something called virtualiztion re-directs writes to “Program Files” and “HKLM” to a virtualized file and registry location.

 

If you are writing an application to be UAC aware, you need to add an application manifest. This immediately indicates to UAC, not to use virtualization. Inside the manifest it is possible to define required application privileges – set by the “requestedExecutionLevel” element in the manifest. This can take three values; requireAdministrator (Administrator privilege), highestAvailable (Highest privilege available for logged in user), asInvoker (Inherit privileges of parent process).

 

There are several great resources to get you up and running with UAC:

 

  1. User Account Control - Homepage – Comprehensive overview of UAC
  2. UAC Blog – Blog regularly updated by UAC product team
  3. Microsoft Standard User Analyzer – This tool helps diagnose issues that would prevent a program from running properly as a Standard User.
  4. Microsoft Application Security Website – UK Application Security website containing a wealth of Application Security resource