Vista: About UAC and DEP confusion

There has been a large amount of confusion and concern out there about Vista’s new user security model especially about UAC and DEP mechanisms. 

User Account Control (UAC) is a new security mechanism introduced in Vista, whose primary goal is to force users to work using restricted accounts, instead working as administrators. Everybody runs as Standard User, a new user account security construct, UAC, acts as gatekeeper of process security boundaries – a doorway to process security context elevation. This decision will probably (if not already) cause many complaints as people who use Windows XP according some surveys, in usual day-to-day activities, log onto system as administrators or local administrators in 90% or more cases. Many applications have been written having in mind administrative privileges on machines. According some authors, this can cause that almost 50% of applications will not work because of lack of privileges and they should be fixed to work with less privileges. People that understand security well know that many problems are caused by fact that majority of users and applications have been written to work in environment and mode with highest instead of least privileges. That is huge software design and development fault.

Another topic for many discussions (and where Microsoft had to make important security design decision in terms of convenience vs. security is strategy) is enabling Data Execution Prevention (DEP) in Windows Vista.  In simple terms, DEP treats data as data and code as code, and then blocks execution of any data content.  The benefit of this is that if there is a vulnerability in the system (or in an application) that allows a data buffer to be overrun, with DEP enabled, it is harder for the attack to execute the malicious code that was placed in the data buffer – thus blocking the attack.  DEP is turned on by default for the kernel and it is a great way of protecting other parts of the system (like Internet Explorer) and applications from buffer overruns.  Here is the problem:  it turns out that there are some third-party add-ons that generate code dynamically and store the code in the data region (sometimes referred to as “jitting”), and there is no method for DEP to distinguish between these add-ons and malware.  So you either have more security or potential application compatibility issues. Many people experienced this with very basic add-ons, for example Adobe Reader plug-in.

Interesting articles to read and video to watch are this, this and this.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.