[cap-talk] Windows Vista: security by admonition

[David Hopwood]

David Hopwood wrote:
> David Hopwood wrote:
>>Karp, Alan H wrote:
>>>David Hopwood wrote:
>>>
>>>>If any random user application can scribble over "trusted" 
>>>>dialogs, it's not a trusted path, period. This needs to be 
>>>>shouted from the rooftops, otherwise MS's marketing will win 
>>>>out by default.
>>>
>>>It's a problem only if the click in the overlay window gets passed
>>>through to the window underneath.  I don't believe that happens, but it
>>>is Microsoft, so you never know.
>>
>># With UIPI enabled, the following shared USER resources are still shared
>># between processes at different privilege levels.
>>#
>># - Desktop window, which actually owns the screen surface
>>
>>So you can scribble anywhere on the screen, "above" other windows (by drawing
>>on the DC returned by GetDC(NULL)) without needing an overlay window. Yes,
>>this is a documented "feature" that is still intended to work on Vista:
>><http://blogs.msdn.com/nickkramer/archive/2006/04/07/571162.aspx>.
> 
> It appears that this has now been fixed, by displaying UIPI prompts on the
> same desktop as used for the logon prompt; see the entry for May 3 at
> <http://blogs.msdn.com/uac/>.

Oh, but hang on: there's still a very effective social engineering attack,
where malicious software can convince you to enter your Administrator password
on something that *looks* like the Secure Desktop, but is actually the normal
desktop.

Without a secure attention key combination (and user training not to enter
passwords without having pressed this combination), it's difficult to see how
to avoid this.

> (Never let it be said that I'm not fair to Microsoft when they do actually
> fix something -- even if my overall impression of their security efforts
> with Vista is still that it's like rearranging deckchairs on the Titanic.)

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>