Re: [FD] Mozilla extensions: a security nightmare

["Stefan Kanthak" <stefan.kanthak () nexgo de>]

"Bruce A. Peters" <bpeters () se-kure com> wrote:

[...]

> If they had to type in a password and were presented with a
> simple "do you want to install yayayhh.exe? (meta data) etc.)
> and an administrator password prompt, it would greatly reduce
> the chance of executing unwanted code.

No, this is wrong!

Correct is: it would reduce the chance of executing unwanted code
WITH administrative rights.

Execution of unwanted code with their own user rights is but NOT
controlled/restricted by UAC.

<https://support.microsoft.com/en-us/kb/2526083>

| One of the common misconceptions about UAC and about Same-desktop
| Elevation in particular is that it prevents malware from being
| installed or from gaining administrative rights. First, malware
| can be written not to require administrative rights, and malware
| can be written to write just to areas in the user's profile. More
| important, Same-desktop Elevation in UAC is not a security boundary
| and can be hijacked by unprivileged software that runs on the same
| desktop. Same-desktop Elevation should be considered a convenience
| feature, and from a security perspective, "Protected Administrator"
| should be considered the equivalent of "Administrator." By contrast,
| using Fast User Switching to log on to a different session by using
| an administrator account involves a security boundary between the
| administrator account and the standard user session.

Also see
<https://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx>,
<https://technet.microsoft.com/en-us/magazine/2007.09.securitywatch.aspx>,
<https://technet.microsoft.com/en-us/magazine/2007.06.uac.aspx> 

To restrict or inhibit execution of unwanted code you have to setup
SAFER a.k.a. software restriction policies (which are available
since FOURTEEN long years now).
See <http://home.arcor.de/skanthak/SAFER.html> or
http://mechbgon.com/srp/ for example.

> Microsoft doesn't do this because they know that people will
> bitch and complain. I say let them bitch and complain. 

Despite Microsofts bad habit to create (nowadays) "protected"
Administrator accounts during Windows setup they clearly advise
their users to create and use "standard user" accounts where UAC
operates the way you request!

<http://windows.microsoft.com/en-us/windows/user-accounts-faq>

| There are three types of accounts. Each type gives you a different
| level of control over the PC:
|
| * Administrator accounts provide the most control over a PC, and
|   should be used sparingly. You probably created this type of
|   account when you first started using your PC.
| * Standard accounts are for everyday use. If you're setting up
|   accounts for other people on your PC, it's a good idea to give
|   them standard accounts.
| * Child accounts are useful for parents who want to monitor or set
|   limits on their child's PC use, with the Family Safety settings
|   in Windows. For more info about Family Safety, see
|   Set up Family Safety.

JFTR: the default account type for user accounts created after setup
      is "standard user"!

<http://windows.microsoft.com/en-us/windows/change-users-account-type>

| When you set up Windows, you were required to create a user account.
| This account is an administrator account that allows you to set up
| your computer and install any programs that you'd like to use.
| Once you finish setting up your computer, we recommend that you
| create a standard account and use it for your everyday computing.
| If you create new user accounts, you should also make them standard
| accounts. Using standard accounts will help keep your computer more
| secure.

stay tuned
Stefan

PS: I consider top posting and full quotes as an equally bad habit!