Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: So, you think you are secure and don't need precautions

06 Jan 2010   #61
Zidane24

Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
 
 

Quote   Quote: Originally Posted by dmex View Post
Quote   Quote: Originally Posted by ultraplanet View Post
Quote   Quote: Originally Posted by Dogz View Post
I read about a report in Maximum PC that out of 10 viruses 8 ran WITH UAC enabled so you do need antivirus.
Can you provide a link to the report?
He was talking about this article: SophosLabs Sets Out to Prove Windows 7 Has Some Vulnerabilities | Maximum PC

I haven't used an AV in three years and still have not been infected, Vista's and 7's additions to the group and local security policy's made it possible for you to null the attack surface of Windows down to your preferences.

Firefox will be my primary browser while they keep nightly-builds as it helps stop drive-by-download exploits, nightly builds help make it near impossible for anyone to find/exploit a flaw and figure out a way to infect your machine before a new build is released all while without you knowing about it.

If UAC had a configuration wizard (like everything else ) that allowed us to specify our own execution level for an application and instead hash checked the program and the dll's it loaded against the preferences we set if indeed we set one for that program, it would then have some real teeth against a huge range of infections or attacks. Vista and Windows 7 include CardSpace in Control Panel and its a secure digitial 'wallet' thats more than capable of acting like a while-list for UAC but has yet been utilized

The current implementation of only checking the executable for a requestedExecutionLevel flag set by the developer and willy-nilly allowing dlls to load into an elevated application and execute code is unacceptable, this is a known limitation since Vista RC1 and I have yet to hear a reason why it hasn't been fixed in two OS releases.
not a bad idea dmex...


My System SpecsSystem Spec
.
06 Jan 2010   #62
hackerman1

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

hi !

THANKS for all information in this thread, one of the best in a long time.

thanks:
1. pparks1 for all the info, really interesting.
2. Carbonyl for the tip on noscript in FF, i have upgraded my security now.

UrbanBounca: good luck...
My System SpecsSystem Spec
06 Jan 2010   #63
dmex

 

Quote   Quote: Originally Posted by Zidane24 View Post
Quote   Quote: Originally Posted by dmex View Post
If UAC had a configuration wizard (like everything else ) that allowed us to specify our own execution level for an application and instead hash checked the program and the dll's it loaded against the preferences we set if indeed we set one for that program, it would then have some real teeth against a huge range of infections or attacks. Vista and Windows 7 include CardSpace in Control Panel and its a secure digitial 'wallet' thats more than capable of acting like a while-list for UAC but has yet been utilized

The current implementation of only checking the executable for a requestedExecutionLevel flag set by the developer and willy-nilly allowing dlls to load into an elevated application and execute code is unacceptable, this is a known limitation since Vista RC1 and I have yet to hear a reason why it hasn't been fixed in two OS releases.
not a bad idea dmex...
Thanks

I found this reference:
Nick on Silverlight and WPF : USER & GDI Compat, part 5 -- Miscellaneous
In order to inject a DLL into processes that link with USER32.DLL on Vista/Win7, you simply can add the DLL name to the value of the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs

UAC at its default level is easily bypassed on Windows 7 by medium integrity (user) apps hooking explorer's functions or finding a exe/dll outside secure locations like the ProgramFiles or the Windows directory and patching its code, Virus Protection is also worthless if that person or company was targeted specifically with something unknown or customized and its these instances where UAC and the local security policy are supposed to mitigate. Software Restriction policy's are a good start but its yet another system and could be integrated with CardSpace and it with UAC to provide decent UAC customization and control using built-in but completely different security configurations per-user reducing the attack surface of windows to near null.
My System SpecsSystem Spec
.

06 Jan 2010   #64
Zidane24

Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
 
 

Quote   Quote: Originally Posted by dmex View Post
Quote   Quote: Originally Posted by Zidane24 View Post
Quote   Quote: Originally Posted by dmex View Post
If UAC had a configuration wizard (like everything else ) that allowed us to specify our own execution level for an application and instead hash checked the program and the dll's it loaded against the preferences we set if indeed we set one for that program, it would then have some real teeth against a huge range of infections or attacks. Vista and Windows 7 include CardSpace in Control Panel and its a secure digitial 'wallet' thats more than capable of acting like a while-list for UAC but has yet been utilized

The current implementation of only checking the executable for a requestedExecutionLevel flag set by the developer and willy-nilly allowing dlls to load into an elevated application and execute code is unacceptable, this is a known limitation since Vista RC1 and I have yet to hear a reason why it hasn't been fixed in two OS releases.
not a bad idea dmex...
Thanks

I found this reference:
Nick on Silverlight and WPF : USER & GDI Compat, part 5 -- Miscellaneous
In order to inject a DLL into processes that link with USER32.DLL on Vista/Win7, you simply can add the DLL name to the value of the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs

UAC at its default level is easily bypassed on Windows 7 by medium integrity (user) apps hooking explorer's functions or finding a exe/dll outside secure locations like the ProgramFiles or the Windows directory and patching its code, Virus Protection is also worthless if that person or company was targeted specifically with something unknown or customized and its these instances where UAC and the local security policy are supposed to mitigate. Software Restriction policy's are a good start but its yet another system and could be integrated with CardSpace and it with UAC to provide decent UAC customization and control using built-in but completely different security configurations per-user reducing the attack surface of windows to near null.
I was talking to a friend who was wanting to bypass UAC (to prank his roommate...) and it occurred to me that UAC didn't protect against non-SYS DLLs...

It would seem to me that it would lock all DLLs down but that might provide some issues with running applications (on the elevated front) so they didn't implement it...

Who knows...
My System SpecsSystem Spec
07 Jan 2010   #65
dmex

 

Quote   Quote: Originally Posted by Zidane24 View Post
I was talking to a friend who was wanting to bypass UAC (to prank his roommate...) and it occurred to me that UAC didn't protect against non-SYS DLLs...

It would seem to me that it would lock all DLLs down but that might provide some issues with running applications (on the elevated front) so they didn't implement it...

Who knows...
It wasn't done because it would cause massive overhead, UAC at its current implementation loads each exe into memory and scans it for its RequestedExecutionLevel tag set by the developer before continuing execution... If every exe and dll implemented a manifest then it would take awhile for Windows to load and scan each file which is expected to already be done by your anti-virus.

AppLocker and the Software Restriction policy's in ultimate do an awesome job in filling the gap left exposed by UAC but having three systems for the job UAC should and could do is nonsense.
My System SpecsSystem Spec
07 Jan 2010   #66
Zidane24

Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
 
 

Quote   Quote: Originally Posted by dmex View Post
Quote   Quote: Originally Posted by Zidane24 View Post
I was talking to a friend who was wanting to bypass UAC (to prank his roommate...) and it occurred to me that UAC didn't protect against non-SYS DLLs...

It would seem to me that it would lock all DLLs down but that might provide some issues with running applications (on the elevated front) so they didn't implement it...

Who knows...
It wasn't done because it would cause massive overhead, UAC at its current implementation loads each exe into memory and scans it for its RequestedExecutionLevel tag set by the developer before continuing execution... If every exe and dll implemented a manifest then it would take awhile for Windows to load and scan each file which is expected to already be done by your anti-virus.

AppLocker and the Software Restriction policy's in ultimate do an awesome job in filling the gap left exposed by UAC but having three systems for the job UAC should and could do is nonsense.
I agree...another case of only protecting what you have to...
My System SpecsSystem Spec
07 Jan 2010   #67
starfox444

Windows 7 32 bit build 7600
 
 

Hurray for ESET Nod 32 and Smart Security.
My System SpecsSystem Spec
Reply

 So, you think you are secure and don't need precautions




Thread Tools




Similar help and support threads
Thread Forum
What precautions should I take when using a public network?
Besides using a VPN connection when using a public WIFI, what other precautions should I take? Let's say I'm connected to the WLAN but not surfing the net, is Windows firewall enough to protect me?
Network & Sharing
New CPU Any Precautions?
As the title states i'm currently running an AMD Phenom II x6 1090t AM3 and i'm purchasing an AMD FX-8350 Vishera AM3+ is there anything i should do while installing the CPU have just done straight swaps in the past but want to lower possibility of problems. I'm hoping i don't have to re install...
Hardware & Devices
Precautions before buying on line
I have had many good experiences buying from internet companies. Recently I ordered a camera from such a company. Alongside the picture of the camera was a delivery promise of 1-2 days, but when the e mailed acknowledgement came the delivery was quoted as 1-7 days. After 3 days I sent an e mail...
Chillout Room
ESD precautions advice being sought.
I know it is important to protect your PC from ESD when ever you either upgrade or do anything inside the PC, the thing is though I am not sure what best practise is or am I doing it correct. I currently only have a wrist strap but was looking at buying a ESD floor mat as well as a mat for the...
Hardware & Devices
Upgrading Hard Drive and RAM, precautions?
I am upgrading my MacBook's RAM and hard drive (from 2GB to 4GB and from 250GB to 500GB respectively), what is the easiest (and preferably most reliable) way to reinstall Windows and to restore programs, settings etc. to my new hard drive? I have backed my Windows partition up to Time Machine...
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:56.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App