Feeds

Program Names govern admin rights in Vista

It's not what you do, it's what you say you do

Website security in corporate America

Developers have discovered that the name given to a Vista executable affects whether or not it will require admin rights to run.

Security experts said the feature might seem odd, but helps to catch out spyware.

Reg Reader Mike, a C++ developer, discovered the behaviour after spending days trying to work out why just some of his projects required elevation (admin rights) to be run on his Windows Vista machine. To his disbelief, Mike realised that the different properties were simply due to projects being named differently.

"If Vista sees that you have created a Microsoft Visual C++ project with install in the project name, then that .exe will automatically require Admin Rights to run. Create exactly the same project, but call it, say, Fred, and the problem disappears," he explained. "Vista's security isn't just concerned with what an .exe is doing to your PC, but what it's actually called."

Mr Executable

We put these points to Microsoft, which responded with a statement that explained why installation programs might need admin privileges to run but not why this changes depending on the name given to a project.

"Installation programs are applications designed to deploy software, and most write to system directories and registry keys. These protected system locations are typically writable only by an administrator user, which means that standard users do not have sufficient access to install programs. Windows Vista heuristically detects installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows Vista also heuristically detects updater and uninstallation programs. Note that a design goal of UAC [User Account Control] is to prevent installations from being executed without the user's knowledge and consent since they write to protected areas of the file system and registry," it said.

Secure coding specialist Fortify Software said Microsoft's Installer Detection technology acted as a screen against spyware. While imperfect, and odd in the way its behaviour is affected by the names given to project, the feature is better than nothing.

"The Vista feature you've run into is the equivalent of an airport metal detector," explained Dr Brian Chess, chief scientist at Fortify Software

Spyware is a big problem on Windows (yet another reason I have a Mac), and Vista takes steps to make spyware harder to write. By default, programs under Vista don't run with administrator privileges. By requiring administrator privileges to run something that looks like an installer, Vista is making it more difficult for a program to automatically throw some unsavoury gunk on to your machine without your knowledge.

He added that although the feature is imperfect and inconvenient, it's "better than nothing".

Clarification

Changing the name of a compiled executable doesn't change its properties. But different names during the app development process do have an effect, as Mike explains.

If I use Visual C++ to compile a program called, say, "Mikes Installer.exe", then Vista will popup the security message, drag'n'drop won't work (as it requires extra security rights), and if may app asks which version of the OS it's running on, then Vista will tell it that it's Windows XP.

If I recompile the app as "Mike.exe", then these problems all go away, and Vista correctly tells my app that it's running on Windows Vista. Simply renaming the file from "Mikes Installer.exe" to "Mike.exe" isn't enough to solve the problems. Vista still (somehow) knows that the original filename had install in it's name.

I wasn't simply trying to do some simple Microsoft-bashing. This is all simply all about the filename of your .exe's affecting the way they run in Vista. But the solution is to build your .exe files in Visual C++ with a different filename, or to add a Manifest .xml file, as some of your readers did mention.

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.