As the long-awaited release of Windows Vista approaches, it's a good idea to get acquainted with some of the security enhancements we can expect in Microsoft's latest operating system. With Vista, Microsoft has made some interesting changes to user security controls.
User rights and abilities will expand with the goal of tighter control of overall domain security as well as less interaction with using an administrator account. Microsoft has done away with the power user mode, and the standard user mode will include a host of new abilities.
Standard user mode will now include the following privileges and abilities:
- View system clock and calendar
- Change time zone
- Install Wired Equivalent Privacy (WEP) to connect to secure wireless networks
- Change power management settings
- Add printers and other devices that have the required drivers installed on the computer (or that an administrator has allowed via Group Policy)
- Install ActiveX Controls from sites approved by an administrator
- Create and configure a VPN connection
- Install critical Windows updates
Representing some of the most common tasks performed by users, these new privileges will require less interaction with administrators. If this seems like too much freedom to grant to your end users, don't worry: administrators will be able to restrict these privileges through Group Policy.
However, many programs still require the user to have administrative rights. These programs typically require the ability to write to a non-system area of the OS, usually protected against the standard user write ability — most often, the program files directory or a restricted portion of the Registry.
Vista virtualises this process by providing the application with a private copy of the file or Registry key and placing that copy in the user's profile. This function extends the continued use of older or custom applications while reducing the vulnerability caused by giving everyone administrator status in order to run a specific application.
Vista takes two approaches to administrators and their rights: Admin Approval Mode and the Over-the-shoulder (OTS) Credential approach. When operating in Admin Approval Mode, administrators log on and run applications such as email and Web browsing as a standard user.
When a task or application requires administrator privileges, the system notifies the administrator through a pop-up. Depending on the configuration of system policy settings for the domain, the pop-up asks the user to give consent to the operation or input additional administrative credentials.
This reduces the need for administrators to maintain a separate user account. In addition, at the operating system level, it enforces the use of least privilege for tasks not requiring administrative rights.
In the second approach — OTS Credential — the use of administrative credentials assists standard users requiring administrative rights to perform a task, such as the installation of new software. The system prompts the user to enter the local administrative password in order to allow the operation to proceed.
If a user doesn't know the local administrative account password, he or she can request remote assistance from an administrator. In addition, Vista also displays a shield icon beside actions that require administrative account rights to let users know in advance that it's an administrative function.
Microsoft has finally addressed user rights and their abilities to perform daily functions that don't have an impact on the overall security of the workstation or domain. Automatically running programs in user mode — regardless of the account used to log in &mdash: will thwart attacks targeting administrators too lazy to log in with user credentials when checking email or browsing the Web, and it's about time!
Mike Mullins has served as an assistant network administrator and a network security administrator for the US Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.
Talkback
What would prevent someone from writing a piece of malware to mimic the "Please enter Administrator password" dialogue box? And how useful is a Vista PC if you don't know what the Admin password is?
If it's that important to Mike Mullins then why didn't he put in place solutions that would have given him what he believes Microsoft Vista will give him (after handing over a bag of money and the usual blood, sweat and tears to actually implement it) much sooner?
This way it looks more like an excuse to warrent an update to Vista on the basis of 'nice to have' (given that likely he would have waited even longer if Microsoft wasn't about to give him what he deems to be important at this moment) rather then on the basis of 'must have' (because then why didn't he implemented it much earlier).
In short, I can picture the administrational hell that will come with putting the Vista's new user security model into some use. But let your own findings be the judge of that. Just remember that there's a difference between findings beforehand (usually assumptions) findings afterwards (reality bites). And yes, those nasty little details do matter.
You cant write anything that mimics the admin login box due to the CTRL ALT DEL!