Permitting a specific exe to run in standard user mode.

The app is copyright 2003. I have contacted the publisher, though I
doubt that there will be an update available.

While I accept that UAC has some benefits for the future and that in x
years time all applications might conform to the vista spec, there are
going to be a huge number of legacy applications that won't. Ever.

The present UAC model gives a choice a) don't use the app, b)use the app
but be plagued by authorisation requests or c)disable UAC or in some
circumstances d) upgrade the user to an administrator.

People being people are likely to opt for c) which defeats the purpose
of UAC (but lets microsoft off the hook if there are problems with the
'they disabled our protection' excuse) or d) which introduces other
problems (but is better than c)

In practical terms I feel that a register of 'authorised apps' including
a MD5 checksum and other protections would have been an appropriate
solution to the situation I find myself in. Yes, there is a remote
possiblity that an application could be replaced by malware, but this
risk has to be weighed up against the disadvantages of creating
administrator accounts for people who should be to be standard users or
disabling UAC.

I suspect that we will have to agree to differ (not that there is much
chance of Microsoft changing their position).

I read that Vista take up is significantly lower than XP. I will be
warning fellow parents of my own experiences advising them to stick with
XP or 2000 for the time being.

Regards

Phil



cquirke (MVP Windows shell/user) wrote:
> On Sun, 18 Feb 2007 08:44:47 +0000, Philip Roberts
>
>> The game (an educational title for 4 to 6 year olds) probably isn't even
>> coded properly for XP.
>
> When was it written?
>
>> I understand the concept of UAC but question whether sufficient
>> usability testing was done for the impact on legacy programs which are
>> huge in the (cash short) educational sector.
>
> Most of the thrust of UAC is to live with legacy-written apps.
>
>> If any MVP's have an influence on what happens in Service Pack 1, please
>> try to get a workaround for this issue - It has to be safer for
>> specific applications to be authorised to 'run silently' (even if there
>> are an appropriately large number of hoops to jump through to enable
>> this) than to drive the users to disable UAC.
>
> I don't think so. We've had 5 years of XP, where it was manifestlyy
> obvious to programmers that they should write software to work without
> needing admin rights, and most of 'em stayed fast asleep at the wheel.
>
> Vista's bending over backwards to cater for these apps, but I think
> it's time badly-written apps got Darwin'd off the platform. I think
> Vista's currently as far bent for pre-XP-mentality app writing as it
> is going to get, and if anything I expect SP1 may tighten things
> further, especially if compromises made for such apps get exploited by
> malware. Any app that is written since 2003 for 4 year olds that
> needs admin rights is long overdue for the thresher.
>
>
>
>> --------------- ---- --- -- - - - -
> Saws are too hard to use.
> Be easier to use!
>> --------------- ---- --- -- - - - -

"Philip Roberts" <pjr@keane_getridofthisbit_roberts_andthisbit.co.uk> wrote
in message news:Oz9bY25UHHA.3948@TK2MSFTNGP05.phx.gbl...
> The app is copyright 2003. I have contacted the publisher, though I doubt
> that there will be an update available.
>
> While I accept that UAC has some benefits for the future and that in x
> years time all applications might conform to the vista spec, there are
> going to be a huge number of legacy applications that won't. Ever.
>
> The present UAC model gives a choice a) don't use the app, b)use the app
> but be plagued by authorisation requests or c)disable UAC or in some
> circumstances d) upgrade the user to an administrator.
>
> People being people are likely to opt for c) which defeats the purpose of
> UAC (but lets microsoft off the hook if there are problems with the 'they
> disabled our protection' excuse) or d) which introduces other problems
> (but is better than c)
>
> In practical terms I feel that a register of 'authorised apps' including a
> MD5 checksum and other protections would have been an appropriate solution
> to the situation I find myself in. Yes, there is a remote possiblity that
> an application could be replaced by malware, but this risk has to be
> weighed up against the disadvantages of creating administrator accounts
> for people who should be to be standard users or disabling UAC.
>
> I suspect that we will have to agree to differ (not that there is much
> chance of Microsoft changing their position).
>
> I read that Vista take up is significantly lower than XP. I will be
> warning fellow parents of my own experiences advising them to stick with
> XP or 2000 for the time being.
>
> Regards
>
> Phil
>
<snip>
The other alternative is to download a free copy of Microsoft's Virtual PC
and install your old version of XP into a virtual environment. It's very
simple to setup and is in fact a really good way to "sandbox" your child's
computer environment away from yours. If you have any questions, please ask


Wayne McGlinn
Brisbane, Oz

On Sun, 18 Feb 2007 20:44:32 +0000, Philip Roberts

>The present UAC model gives a choice a) don't use the app, b)use the app
>but be plagued by authorisation requests or c)disable UAC or in some
>circumstances d) upgrade the user to an administrator.

Compare that with XP: a) don't use the app, or d) upgrade the user to
an administrator. At least UAC gives you more choices.

BTW: Some things that may help are the compatibility settings, i.e.
setting the app's Properties to run as if in XP, Win98, etc.

>People being people are likely to opt for c) which defeats the purpose
>of UAC (but lets microsoft off the hook if there are problems with the
>'they disabled our protection' excuse) or d) which introduces other
>problems (but is better than c)

We're already hearing prissy folks claim "if you were not running as
administrator..." as a mitigating factor, e.g. in exploit
documentation, ignoring the reality that XP in anything less that
admin rights simply can't run most consumer apps and games.

So, IMO we're on the right track. Vista gives you more choices,
forces app writers to get with the program (as they have failed to
respond to being "asked nicely"), lessens the risks of the most of us
that run as admin all the time... and as these pressures Darwin sweare
writers into shape, it will be more and more practical to limit user
accounts short of admin rights in the real world outside pro-IT.

>In practical terms I feel that a register of 'authorised apps' including
> a MD5 checksum and other protections would have been an appropriate
>solution to the situation I find myself in. Yes, there is a remote
>possiblity that an application could be replaced by malware, but this
>risk has to be weighed up against the disadvantages of creating
>administrator accounts for people who should be to be standard users or
>disabling UAC.

UAC is the first security technology from MS that puts the interactive
user above software automation in terms of power. As such, any
programmaticly-possible way to white-list an app against UAC alerts is
going to undermine the main purpose for UAC.

I do see the problem, though; for me, the ickiest bits are:
- startup apps that need admin rights (no workarounds)
- editing the "All Users" Start Menu (nag, nag, nag)

OTOH, you're ahead of me, trying to use non-admin rights in the real
world. I tried that once in XP Gold, and when I saw that dropping
rights re-duhfaulted the UI back to MS settings (hiding file name
extensions etc.) I thought I'd rather have a safer UI than whatever
notional advantages limited rights might have offered.

>I read that Vista take up is significantly lower than XP. I will be
>warning fellow parents of my own experiences advising them to stick with
>XP or 2000 for the time being.

I wouldn't accept delivery of a new PC with XP, as it's like being
1-year-depreciated from Day Zero. But I wouldn't upgrade XP to Vista
either, and if I could hold off getting a new PC awhile, I might do
that too. It's always hard with new OS and drivers etc. but I don't
subscribe to the "wait for SP1" mentality either.

And yes, there's much to like in Vista, and I'm not just talking
eye-candy either. Try new functionalities like the Reliability
Monitor, the WinRE built into the installation DVD, etc.; all expand
XP's placeholder stubs into real and useful functionality.



>--------------- ---- --- -- - - - -
Saws are too hard to use.
Be easier to use!
>--------------- ---- --- -- - - - -

Hi,

Sorry to be late jumping in here. When an application doesn't run right, it
may be worth investigating what the app is doing that causes the failure.
Olden programs, especial games, frequently do "bad" behavior like writing to
the C:\program files\Badgame folder. Or a little worse, the C:\Badgame\
folder.

You might try setting the NTFS rights on the badgame folder to allow your
son to have read and write (full) privileges. Does it weaken security by
doing this? Yes, but only a tiny fraction compared to making your son an
administrator.

There's other bad behavior the game could do like writing in the windows
folder, or writing to system registry settings. But that seems less likely.

If the above suggestion doesn't work and you're really willing to dig, then
try the tool
http://www.microsoft.com/technet/sys...es/Regmon.mspx

It will you what type of files and registry settings the program is
accessing. Perhaps we can change the privileges of whatever the program is
doing so that it will work as a standard user.

To see an example of how Lee Holmes cracked programs so they would run as
non-admin's under XP, take a look here:
http://www.leeholmes.com/blog/Cracki...sNonAdmin.aspx


Good luck!

Knox

"Philip Roberts" <pjr@keane_getridofthisbit_roberts_andthisbit.co.uk> wrote
in message news:Oz9bY25UHHA.3948@TK2MSFTNGP05.phx.gbl...
> The app is copyright 2003. I have contacted the publisher, though I doubt
> that there will be an update available.
>
> While I accept that UAC has some benefits for the future and that in x
> years time all applications might conform to the vista spec, there are
> going to be a huge number of legacy applications that won't. Ever.
>
> The present UAC model gives a choice a) don't use the app, b)use the app
> but be plagued by authorisation requests or c)disable UAC or in some
> circumstances d) upgrade the user to an administrator.
>
> People being people are likely to opt for c) which defeats the purpose of
> UAC (but lets microsoft off the hook if there are problems with the 'they
> disabled our protection' excuse) or d) which introduces other problems
> (but is better than c)
>
> In practical terms I feel that a register of 'authorised apps' including a
> MD5 checksum and other protections would have been an appropriate solution
> to the situation I find myself in. Yes, there is a remote possiblity that
> an application could be replaced by malware, but this risk has to be
> weighed up against the disadvantages of creating administrator accounts
> for people who should be to be standard users or disabling UAC.
>
> I suspect that we will have to agree to differ (not that there is much
> chance of Microsoft changing their position).
>
> I read that Vista take up is significantly lower than XP. I will be
> warning fellow parents of my own experiences advising them to stick with
> XP or 2000 for the time being.
>
> Regards
>
> Phil
>
>
>
> cquirke (MVP Windows shell/user) wrote:
>> On Sun, 18 Feb 2007 08:44:47 +0000, Philip Roberts
>>> The game (an educational title for 4 to 6 year olds) probably isn't even
>>> coded properly for XP.
>>
>> When was it written?
>>
>>> I understand the concept of UAC but question whether sufficient
>>> usability testing was done for the impact on legacy programs which are
>>> huge in the (cash short) educational sector.
>>
>> Most of the thrust of UAC is to live with legacy-written apps.
>>
>>> If any MVP's have an influence on what happens in Service Pack 1, please
>>> try to get a workaround for this issue - It has to be safer for specific
>>> applications to be authorised to 'run silently' (even if there are an
>>> appropriately large number of hoops to jump through to enable this) than
>>> to drive the users to disable UAC.
>>
>> I don't think so. We've had 5 years of XP, where it was manifestlyy
>> obvious to programmers that they should write software to work without
>> needing admin rights, and most of 'em stayed fast asleep at the wheel.
>>
>> Vista's bending over backwards to cater for these apps, but I think
>> it's time badly-written apps got Darwin'd off the platform. I think
>> Vista's currently as far bent for pre-XP-mentality app writing as it
>> is going to get, and if anything I expect SP1 may tighten things
>> further, especially if compromises made for such apps get exploited by
>> malware. Any app that is written since 2003 for 4 year olds that
>> needs admin rights is long overdue for the thresher.
>>
>>
>>
>>> --------------- ---- --- -- - - - -
>> Saws are too hard to use. Be easier to use!
>>> --------------- ---- --- -- - - - -

"cquirke (MVP Windows shell/user)" <cquirkenews@nospam.mvps.org> wrote in
message news:5kgkt2lgnlg4r3kgr3e54a6qnlvvug3rua@4ax.com...
> We're already hearing prissy folks claim "if you were not running as
> administrator..." as a mitigating factor, e.g. in exploit
> documentation, ignoring the reality that XP in anything less that
> admin rights simply can't run most consumer apps and games.


Beg to differ here, Chris - this is not ignoring reality, it's trying to
change behaviour.

Not running as administrator is a mitigating factor, except in the case that
you run as administrator.

The reality that most consumer apps and games run as administrator is cause
to chastise the authors of consumer apps and games, who should not be
insisting that you run as the computer administrator when you are totalling
up your cheque book payments, or trying to teach your kid how to add.

Reality ... that's telling your software vendors "this behaviour is
unacceptably dangerous, and is the reason I keep getting viruses - I refuse
to use your software, because your software forces me to cut my arm and
apply the wound to the sewer."

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

"Philip Roberts" <pjr@keane_getridofthisbit_roberts_andthisbit.co.uk> wrote
in message news:uf8HIF1UHHA.3592@TK2MSFTNGP06.phx.gbl...
> My best option is making him an Admin then


No.

Your best option is to have the game's authors fix its bad behaviour.

Your second best option is to return the game for a refund, and buy a
suitably safe game instead.

Your third best option is to find a way to fool the game into thinking it
has the admin rights it thinks it needs.

Making your kid an admin is way down the list of options, and by no means
appears as one of the "best".

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

"Philip Roberts" <pjr@keane_getridofthisbit_roberts_andthisbit.co.uk> wrote
in message news:uf8HIF1UHHA.3592@TK2MSFTNGP06.phx.gbl...
> My best option is making him an Admin then


No.

Your best option is to have the game's authors fix its bad behaviour.

Your second best option is to return the game for a refund, and buy a
suitably safe game instead.

Your third best option is to find a way to fool the game into thinking it
has the admin rights it thinks it needs.

Making your kid an admin is way down the list of options, and by no means
appears as one of the "best".

Oh, and quit being so coy. Name the app. Submit it to
http://www.threatcode.com/admin_rights.htm - it's in good company, given the
list there and at http://www.microsoft.com/kb/307091

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

On Fri, 23 Feb 2007 13:22:46 -0800, <alun@texis.invalid> wrote:
>"cquirke (MVP Windows shell/user)" wrote

>> We're already hearing prissy folks claim "if you were not running as
>> administrator..." as a mitigating factor, e.g. in exploit
>> documentation, ignoring the reality that XP in anything less that
>> admin rights simply can't run most consumer apps and games.

>Beg to differ here, Chris - this is not ignoring reality, it's trying to
>change behaviour. Not running as administrator is a mitigating
>factor, except in the case that you run as administrator.

We're saying the same thing.

It's interesting that we talk of big monopoly vendors having power
over the industry, but it often doesn't work that way. IBM declares
the PC obsolete, to be replaced by thier PS/2 systems; the industry
tells them to get lost. Intel trumpets RAMBus as a must-have; the
industry tells them to sod off. MS says "all device drivers should be
signed" and "sware should work with limited-rights user accounts" and
the sware dudes just shrug and carry on doing the same old stuff.

After 5 years of QuickBooks needing admin rights, just about every
game needing admin rights, etc. clearly the mountain had to move
towards sware bad practice. What's the alternative; wait another 5
years for sware vendors to get a clue?

Hence UAC, and a lot of behind-the-scenes smarts that we haven't seen
since the Win95 mission-impossible brief to run DOS and Win3.yuk apps
better than the native platforms (Win3.yuk could barely run DOS apps
at all, especially games) plus do all the 32-bit stuff. In 4M RAM.

Vista-64 is the place to dig in the heels; new platform, no
compromises. Sign your drivers or die. Run with limited rights or
die. Stay the hell out of the kernel, etc.


Mind you, I always thought it was ridiculous to graft NT's
corporate-orientated user-based model to consumerland in the first
place - it's as irrelevant as oars on a bus. Why should I pretend to
be different people with different job descriptions to use my own PC?
Why should I have to log in and out just to do different things?
Makes no sense, from a consumer's perspective.

So we didn't see consumers asking sware vendors to get it right, and
we still don't... except that as new apps emerge that work better with
Vista, folks will say "I want some of that". It won't be "work with
lowered rights", it will be "work" - the mechanics of why it doesn't
work will no longer be an incompatibility with an option feature
no-one really likes or understands, as limited user accounts are.

Also, no matter how limited an account is, it always has the right to
write (and therefore, to destroy) the user's data - which is the most
important thing for the user, even if it's irrelevant to the vendors.

>The reality that most consumer apps and games run as administrator is cause
>to chastise the authors of consumer apps and games, who should not be
>insisting that you run as the computer administrator when you are totalling
>up your cheque book payments, or trying to teach your kid how to add.

Yup. We tried beating the sware dudes, for 5 years of XP, and it
hasn't got us an inch closer to being able to use limited accounts in
consumerland. Time to try a different approach.

Frankly, I'd stop trying to make everyone pretend to be an MSCE
bullying a herd of headcounts on behalf of a non-existant boss.

Instead, I'd re-abstract a model based on what we actually want.

What we want is for sware to state upfront what it will do, and then
be limited to doing that and nothing else.

"Hi, I'm a cute screensaver!"

' Fine, then you have no business snorting my data or accessing the
Internet. Here's your box; screensave your ass off, but if I catch
you groping my data or calling home, you WILL get stomped '

"Hi, I'm your friendly media player! I call home all the time, to
send out 'anonymous traffic statistics' !"

' That sucks. Next! '

"I'm also a media player, but I can just play audio files and CDs
without having to call home or wave adverts in your face!"

' Cool, you got the job '

"I'm an accounting app, so I need to access your data"

' That's fine, but that means you don't get to call home. Ever. '

Internet access. Data access. Pick one.

IOW, abstract application categories according to data and Internet
access, automation, whatever else we're interested in and want to
maintain a watch over. The app has to state upfront in language that
the user can understand, and isn't allowed to do anything else.

Breaking those barriers is a clear breach of faith, actionable by the
FTC with a minimum of evidence required (i.e. cleap to sue).

Of course, sware vendors would hate this, because they're used to the
OS colluding with them. Write a crappy little mouse driver; sure, you
need to poll for "updates" every six hours, and browbeat the user to
"register" so their asses can be sold to "business partners".

It would be nice to see an end to those slimeball games...



>--------------- ---- --- -- - - - -
Saws are too hard to use.
Be easier to use!
>--------------- ---- --- -- - - - -