Program Names govern admin rights in Vista

[rollcage]

Developers have discovered that the name given to a Vista executable affects whether or not it will require admin rights to run.

 

Security experts said the feature might seem odd, but helps to catch out spyware.

 

Reg Reader Mike, a C++ developer, discovered the behaviour after spending days trying to work out why just some of his projects required elevation (admin rights) to be run on his Windows Vista machine. To his disbelief, Mike realised that the different properties were simply due to projects being named differently.

 

"If Vista sees that you have created a Microsoft Visual C++ project with install in the project name, then that .exe will automatically require Admin Rights to run. Create exactly the same project, but call it, say, Fred, and the problem disappears," he explained. "Vista's security isn't just concerned with what an .exe is doing to your PC, but what it's actually called."

 

Mr Executable

 

We put these points to Microsoft, which responded with a statement that explained why installation programs might need admin privileges to run but not why this changes depending on the name given to a project.

 

"Installation programs are applications designed to deploy software, and most write to system directories and registry keys. These protected system locations are typically writable only by an administrator user, which means that standard users do not have sufficient access to install programs. Windows Vista heuristically detects installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows Vista also heuristically detects updater and uninstallation programs. Note that a design goal of UAC [user Account Control] is to prevent installations from being executed without the user's knowledge and consent since they write to protected areas of the file system and registry," it said.

 

Secure coding specialist Fortify Software said Microsoft's Installer Detection technology acted as a screen against spyware. While imperfect, and odd in the way its behaviour is affected by the names given to project, the feature is better than nothing.

 

"The Vista feature you've run into is the equivalent of an airport metal detector," explained Dr Brian Chess, chief scientist at Fortify Software

 

Spyware is a big problem on Windows (yet another reason I have a Mac), and Vista takes steps to make spyware harder to write. By default, programs under Vista don't run with administrator privileges. By requiring administrator privileges to run something that looks like an installer, Vista is making it more difficult for a program to automatically throw some unsavoury gunk on to your machine without your knowledge.

 

"This is a little bit silly: just name the installer something else, and Vista lets it through," Chess said. He added that although the feature is imperfect and inconvenient, it's "better than nothing".

 

Source: The Register

 

Wow, that shouldn't be hard for hackers to get around. Somebody should be fired for actually giving that system the ok.

[EFI]

Even in all fairness of Microsoft implementing this feature with good intentions....I can clearly see this feature being exploited in the future for malware purposes.