Feeds

Program Names govern admin rights in Vista

It's not what you do, it's what you say you do

Top three mobile application threats

Developers have discovered that the name given to a Vista executable affects whether or not it will require admin rights to run.

Security experts said the feature might seem odd, but helps to catch out spyware.

Reg Reader Mike, a C++ developer, discovered the behaviour after spending days trying to work out why just some of his projects required elevation (admin rights) to be run on his Windows Vista machine. To his disbelief, Mike realised that the different properties were simply due to projects being named differently.

"If Vista sees that you have created a Microsoft Visual C++ project with install in the project name, then that .exe will automatically require Admin Rights to run. Create exactly the same project, but call it, say, Fred, and the problem disappears," he explained. "Vista's security isn't just concerned with what an .exe is doing to your PC, but what it's actually called."

Mr Executable

We put these points to Microsoft, which responded with a statement that explained why installation programs might need admin privileges to run but not why this changes depending on the name given to a project.

"Installation programs are applications designed to deploy software, and most write to system directories and registry keys. These protected system locations are typically writable only by an administrator user, which means that standard users do not have sufficient access to install programs. Windows Vista heuristically detects installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows Vista also heuristically detects updater and uninstallation programs. Note that a design goal of UAC [User Account Control] is to prevent installations from being executed without the user's knowledge and consent since they write to protected areas of the file system and registry," it said.

Secure coding specialist Fortify Software said Microsoft's Installer Detection technology acted as a screen against spyware. While imperfect, and odd in the way its behaviour is affected by the names given to project, the feature is better than nothing.

"The Vista feature you've run into is the equivalent of an airport metal detector," explained Dr Brian Chess, chief scientist at Fortify Software

Spyware is a big problem on Windows (yet another reason I have a Mac), and Vista takes steps to make spyware harder to write. By default, programs under Vista don't run with administrator privileges. By requiring administrator privileges to run something that looks like an installer, Vista is making it more difficult for a program to automatically throw some unsavoury gunk on to your machine without your knowledge.

He added that although the feature is imperfect and inconvenient, it's "better than nothing".

Clarification

Changing the name of a compiled executable doesn't change its properties. But different names during the app development process do have an effect, as Mike explains.

If I use Visual C++ to compile a program called, say, "Mikes Installer.exe", then Vista will popup the security message, drag'n'drop won't work (as it requires extra security rights), and if may app asks which version of the OS it's running on, then Vista will tell it that it's Windows XP.

If I recompile the app as "Mike.exe", then these problems all go away, and Vista correctly tells my app that it's running on Windows Vista. Simply renaming the file from "Mikes Installer.exe" to "Mike.exe" isn't enough to solve the problems. Vista still (somehow) knows that the original filename had install in it's name.

I wasn't simply trying to do some simple Microsoft-bashing. This is all simply all about the filename of your .exe's affecting the way they run in Vista. But the solution is to build your .exe files in Visual C++ with a different filename, or to add a Manifest .xml file, as some of your readers did mention.

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.