Geekly Articles each Day
📜 ⬆️ ⬇️

Setup UAC in Windows 7

Starting with Windows Vista, Microsoft has included a user account management mechanism (UAC) as part of the operating system. Most users perceived the mechanism of UAC operation negatively, since the endless additional validations in the form of screen shading and clicking the Yes buttons could ruffle even the most patient. Often, UAC did not function correctly, which resulted in inability to work with a number of programs that were written for earlier versions of Windows. With the release of SP1 for Vista, UAC has been improved, but users have already managed to disable UAC and forget what it is.

In Windows 7, UAC has acquired additional settings. And I would like to tell you exactly how to make UAC a really useful tool for protecting the OS.


Windows vulnerabilities


It so happened that most Windows users work under the administrator account with all the ensuing consequences. Since the administrator is practically unlimited in his rights, virus writers actively use this to spread their code.
There are several of the most important targets for virus attacks:
  1. File system (usually: infecting executable files)
  2. Windows Services
  3. Registry

And here the question arises how to isolate the user from the system, even when working as an administrator. For these purposes, and serves as UAC.
')
When UAC is enabled, any attempt to access system files, services or the registry will be blocked and a window will appear, which will require confirmation of the user for further actions.

UAC setup


In Windows 7, you can customize the alert level for UAC. The UAC configuration screen looks like this:

Fig. 1. Configure UAC in Windows 7.

There are four UAC alert levels available:
  1. The highest level - warnings for any attempts to modify the system settings and files, as well as during software installation
  2. The second level - warnings only when trying to make changes to the system configuration and user settings
  3. The third level - warnings only when trying to make changes to the system configuration
  4. The fourth level is the total shutdown of UAC.

But much more important, in my opinion, are the additional UAC settings in security policies (Fig. 2):

Fig. 2. UAC settings in security policies.

Consider in more detail some of the UAC policies:

  1. Behavior of the elevation prompt for administrators - allows you to specify the behavior mode of the validation window when elevating administrator rights. For example, you can enable confirmation of rights with a password (prompt for credentials) or leave confirmation of rights only by pressing OK (prompt for consent).
  2. Behavior of the elevation prompt for users - similar to the first item, but for user-mode accounts.
  3. Switch to the desktop desktop when prompting for elevation — to switch the desktop to safe mode when validating. For the user, the inclusion of this policy is reflected in the form of desktop shading when passing the test. In effect, the role of this policy is to isolate the validation procedure from other running programs in order to prevent UAC windows from being intercepted programmatically.
  4. Write files and registry virtualization. Allows you to work with programs in virtualization mode in order to eliminate damage to the file system and registry (sandbox mode).

Recommendations for configuring UAC:

Personally, I use the highest security settings of UAC, including the need to enter a password during validation. It gives me full protection of system files, registry and Windows services. Typically, the software uses the system files and the registry is read only. Exceptions here can only be represented by system utilities, where the confirmation of access rights to the system is fully justified. The use of a password is due to the fact that sometimes not only I work under my account, therefore, only pressing the Yes button is not a sufficient security condition.

Problems with old programs


As a rule, problems in the work of old programs when UAC is enabled are related to incorrect interaction with the system and the complete unwillingness of developers to adhere to any security standards and to delineate user access to system resources. Usually, the problem can be solved by running the program as an administrator, but this is especially dangerous in the case of network applications, since it allows full access to the system in case of exploiting vulnerabilities of this program.

As an example, you can take the old program that stores user profiles not in user mode folders, but in Program Files, as a result, correct work is possible only from the administrator, since all the created files and directories in Program Files inherit the write and modify access level for the administrator. The easiest way to solve a problem is to add permissions to modify profile data for ordinary users.

In general, it is advisable not to put old programs in ProgramFiles to avoid problems with access rights.

Additional protection


Although the goal of UAC is to protect system data, you can use UAC to protect user files. This is done by simply reducing the file permissions for the user account: it is enough to remove the modification and writing rights, leaving them only for the administrator.

File access permissions can be configured in earlier versions of Windows, but if you are working as an administrator, any program can change the access level without asking the user. In the case of UAC enabled, the rights can be expanded only when passing validation.

Verifying the operation of UAC protection



As already mentioned, the purpose of UAC is to protect the user from changing system files and settings. Therefore, the best way to check the security of the system here is to study the operation of viruses when UAC is enabled.

I will give an example of the functioning of the virus when UAC is enabled.

As an example, I'll take a Win32.Injector Trojan. This Trojan is quite simple: it writes itself to the C: \ Windows \ System32 directory and writes its load to the registry. As a result, after restarting the computer, a large number of cmd.exe and services.exe start up. The easiest way to distribute is to run from autorun on flash drives.

We will try to launch this Trojan with UAC enabled. I have an executable file nsshell.exe, which by default is also hidden.

Fig. 4. Trojan program nsshell.exe.

To verify that this is indeed a virus, check nsshell.exe using antivirus:

Fig. 5. Antivirus shows that nsshell.exe is a trojan.

Attempting to launch this executable file will trigger the UAC mechanism, as the Trojan attempts to register itself in the system directories and registry:

Fig. 6. UAC triggered when nsshell.exe starts

As you can see, the cap in the UAC window in this case has acquired a yellow color. On a closer look, you can see that the program also lacks a trusted publisher and certificate of authenticity. Thus, few people dare to confirm the launch, especially if this happened when mounting a flash drive.

Conclusion


Thus, the use of UAC is really justified from the standpoint of operating system security. If an application program has required elevation to the administrator level when it starts up, this is already somewhat annoying, especially if there is no information about the publisher and a digital signature. I recommend to get acquainted in more detail with the mechanism of work of UAC and still leave it on.

PS: Most of the settings and actions described are true for Windows Vista.

Source: https://habr.com/ru/post/57473/

More articles:


All Articles