So, you think you are secure and don't need precautions

I read about a report in Maximum PC that out of 10 viruses 8 ran WITH UAC enabled so you do need antivirus.

Can you provide a link to the report?

He was talking about this article: SophosLabs Sets Out to Prove Windows 7 Has Some Vulnerabilities | Maximum PC

I haven't used an AV in three years and still have not been infected, Vista's and 7's additions to the group and local security policy's made it possible for you to null the attack surface of Windows down to your preferences.

Firefox will be my primary browser while they keep nightly-builds as it helps stop drive-by-download exploits, nightly builds help make it near impossible for anyone to find/exploit a flaw and figure out a way to infect your machine before a new build is released all while without you knowing about it.

If UAC had a configuration wizard (like everything else :p) that allowed us to specify our own execution level for an application and instead hash checked the program and the dll's it loaded against the preferences we set if indeed we set one for that program, it would then have some real teeth against a huge range of infections or attacks. Vista and Windows 7 include CardSpace in Control Panel and its a secure digitial 'wallet' thats more than capable of acting like a while-list for UAC but has yet been utilized :(

The current implementation of only checking the executable for a requestedExecutionLevel flag set by the developer and willy-nilly allowing dlls to load into an elevated application and execute code is unacceptable, this is a known limitation since Vista RC1 and I have yet to hear a reason why it hasn't been fixed in two OS releases.
not a bad idea dmex...
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64Intel Core 2 Duo T9300 2.5 GHz4GB Kingston DDR2-800NVIDIA Geforce 8600M GT (512MB Model)
Computer Manufacturer/Model Number
Compal JFT02 (Custom Build Laptop)
OS
Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
CPU
Intel Core 2 Duo T9300 2.5 GHz
Motherboard
JFT02
Memory
4GB Kingston DDR2-800
Graphics Card(s)
NVIDIA Geforce 8600M GT (512MB Model)
Sound Card
Realtek HD Audio
Monitor(s) Displays
WUXGA Standard Laptop Display
Screen Resolution
1680*1050
Hard Drives
Toshiba 320GB 5400RPM Laptop HD
PSU
Standard Laptop Power Supply
Case
Standard Laptop Case
Cooling
Standard Laptop Cooling
Keyboard
Standard Laptop 105 Key-Keyboard
Mouse
Synaptics Touchpad
Internet Speed
Verizion Online DSL 3360/864 kbs (dl/up)
hi !

THANKS for all information in this thread, one of the best in a long time.

thanks:
1. pparks1 for all the info, really interesting.
2. Carbonyl for the tip on noscript in FF, i have upgraded my security now.

UrbanBounca: good luck...
 

My Computer My Computer

At a glance

W7-Enterprise + WS-2008 (Converted to Worksta...P4 2,4GHz (at 1,8GHz, "slow" RDRAM, only 400M...2GBNVIDIA QUADRO2 PRO 64MB
Computer Manufacturer/Model Number
Dell
OS
W7-Enterprise + WS-2008 (Converted to Workstation)
CPU
P4 2,4GHz (at 1,8GHz, "slow" RDRAM, only 400MHz FSB...)
Motherboard
Intel 850E
Memory
2GB
Graphics Card(s)
NVIDIA QUADRO2 PRO 64MB
Sound Card
Yes
Monitor(s) Displays
Dell 1702FP
Screen Resolution
1280x1024
Hard Drives
Yes
PSU
Yes
Case
Yes
Cooling
Yes
Keyboard
Yes
Mouse
Yes, and i also have Cats...
Internet Speed
University: 100 MBit/s, Home: UMTS 7,2 MBit/s
Other Info
W7 on a DINOSAUR: P2 with 266MHz CPU & 160MB RAM
If UAC had a configuration wizard (like everything else :p) that allowed us to specify our own execution level for an application and instead hash checked the program and the dll's it loaded against the preferences we set if indeed we set one for that program, it would then have some real teeth against a huge range of infections or attacks. Vista and Windows 7 include CardSpace in Control Panel and its a secure digitial 'wallet' thats more than capable of acting like a while-list for UAC but has yet been utilized :(

The current implementation of only checking the executable for a requestedExecutionLevel flag set by the developer and willy-nilly allowing dlls to load into an elevated application and execute code is unacceptable, this is a known limitation since Vista RC1 and I have yet to hear a reason why it hasn't been fixed in two OS releases.
not a bad idea dmex...

Thanks :p

I found this reference:
Nick on Silverlight and WPF : USER & GDI Compat, part 5 -- Miscellaneous
In order to inject a DLL into processes that link with USER32.DLL on Vista/Win7, you simply can add the DLL name to the value of the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs

UAC at its default level is easily bypassed on Windows 7 by medium integrity (user) apps hooking explorer's functions or finding a exe/dll outside secure locations like the ProgramFiles or the Windows directory and patching its code, Virus Protection is also worthless if that person or company was targeted specifically with something unknown or customized and its these instances where UAC and the local security policy are supposed to mitigate. Software Restriction policy's are a good start but its yet another system and could be integrated with CardSpace and it with UAC to provide decent UAC customization and control using built-in but completely different security configurations per-user reducing the attack surface of windows to near null.
 
If UAC had a configuration wizard (like everything else :p) that allowed us to specify our own execution level for an application and instead hash checked the program and the dll's it loaded against the preferences we set if indeed we set one for that program, it would then have some real teeth against a huge range of infections or attacks. Vista and Windows 7 include CardSpace in Control Panel and its a secure digitial 'wallet' thats more than capable of acting like a while-list for UAC but has yet been utilized :(

The current implementation of only checking the executable for a requestedExecutionLevel flag set by the developer and willy-nilly allowing dlls to load into an elevated application and execute code is unacceptable, this is a known limitation since Vista RC1 and I have yet to hear a reason why it hasn't been fixed in two OS releases.
not a bad idea dmex...

Thanks :p

I found this reference:
Nick on Silverlight and WPF : USER & GDI Compat, part 5 -- Miscellaneous
In order to inject a DLL into processes that link with USER32.DLL on Vista/Win7, you simply can add the DLL name to the value of the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs

UAC at its default level is easily bypassed on Windows 7 by medium integrity (user) apps hooking explorer's functions or finding a exe/dll outside secure locations like the ProgramFiles or the Windows directory and patching its code, Virus Protection is also worthless if that person or company was targeted specifically with something unknown or customized and its these instances where UAC and the local security policy are supposed to mitigate. Software Restriction policy's are a good start but its yet another system and could be integrated with CardSpace and it with UAC to provide decent UAC customization and control using built-in but completely different security configurations per-user reducing the attack surface of windows to near null.
I was talking to a friend who was wanting to bypass UAC (to prank his roommate...) and it occurred to me that UAC didn't protect against non-SYS DLLs...

It would seem to me that it would lock all DLLs down but that might provide some issues with running applications (on the elevated front) so they didn't implement it...

Who knows...
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64Intel Core 2 Duo T9300 2.5 GHz4GB Kingston DDR2-800NVIDIA Geforce 8600M GT (512MB Model)
Computer Manufacturer/Model Number
Compal JFT02 (Custom Build Laptop)
OS
Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
CPU
Intel Core 2 Duo T9300 2.5 GHz
Motherboard
JFT02
Memory
4GB Kingston DDR2-800
Graphics Card(s)
NVIDIA Geforce 8600M GT (512MB Model)
Sound Card
Realtek HD Audio
Monitor(s) Displays
WUXGA Standard Laptop Display
Screen Resolution
1680*1050
Hard Drives
Toshiba 320GB 5400RPM Laptop HD
PSU
Standard Laptop Power Supply
Case
Standard Laptop Case
Cooling
Standard Laptop Cooling
Keyboard
Standard Laptop 105 Key-Keyboard
Mouse
Synaptics Touchpad
Internet Speed
Verizion Online DSL 3360/864 kbs (dl/up)
I was talking to a friend who was wanting to bypass UAC (to prank his roommate...) and it occurred to me that UAC didn't protect against non-SYS DLLs...

It would seem to me that it would lock all DLLs down but that might provide some issues with running applications (on the elevated front) so they didn't implement it...

Who knows...

It wasn't done because it would cause massive overhead, UAC at its current implementation loads each exe into memory and scans it for its RequestedExecutionLevel tag set by the developer before continuing execution... If every exe and dll implemented a manifest then it would take awhile for Windows to load and scan each file which is expected to already be done by your anti-virus.

AppLocker and the Software Restriction policy's in ultimate do an awesome job in filling the gap left exposed by UAC but having three systems for the job UAC should and could do is nonsense.
 
I was talking to a friend who was wanting to bypass UAC (to prank his roommate...) and it occurred to me that UAC didn't protect against non-SYS DLLs...

It would seem to me that it would lock all DLLs down but that might provide some issues with running applications (on the elevated front) so they didn't implement it...

Who knows...

It wasn't done because it would cause massive overhead, UAC at its current implementation loads each exe into memory and scans it for its RequestedExecutionLevel tag set by the developer before continuing execution... If every exe and dll implemented a manifest then it would take awhile for Windows to load and scan each file which is expected to already be done by your anti-virus.

AppLocker and the Software Restriction policy's in ultimate do an awesome job in filling the gap left exposed by UAC but having three systems for the job UAC should and could do is nonsense.
I agree...another case of only protecting what you have to...
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64Intel Core 2 Duo T9300 2.5 GHz4GB Kingston DDR2-800NVIDIA Geforce 8600M GT (512MB Model)
Computer Manufacturer/Model Number
Compal JFT02 (Custom Build Laptop)
OS
Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
CPU
Intel Core 2 Duo T9300 2.5 GHz
Motherboard
JFT02
Memory
4GB Kingston DDR2-800
Graphics Card(s)
NVIDIA Geforce 8600M GT (512MB Model)
Sound Card
Realtek HD Audio
Monitor(s) Displays
WUXGA Standard Laptop Display
Screen Resolution
1680*1050
Hard Drives
Toshiba 320GB 5400RPM Laptop HD
PSU
Standard Laptop Power Supply
Case
Standard Laptop Case
Cooling
Standard Laptop Cooling
Keyboard
Standard Laptop 105 Key-Keyboard
Mouse
Synaptics Touchpad
Internet Speed
Verizion Online DSL 3360/864 kbs (dl/up)
Hurray for ESET Nod 32 and Smart Security.
 

My Computer My Computer

At a glance

Windows 7 32 bit build 7600Intel 7400 2.78 GHz 3MB L2 Cache2 x 2048 PC2ATI HD 4350
Computer Manufacturer/Model Number
HP
OS
Windows 7 32 bit build 7600
CPU
Intel 7400 2.78 GHz 3MB L2 Cache
Motherboard
Some crappy chipset
Memory
2 x 2048 PC2
Graphics Card(s)
ATI HD 4350
Sound Card
See motherboard
Monitor(s) Displays
HP 2159m and AOC 2236
Hard Drives
Some hitachi thing
PSU
Bad
Case
bad
Cooling
bad
Back
Top