Original URL: http://www.theregister.co.uk/2007/04/23/vista_program_naming_oddness/

Program Names govern admin rights in Vista

It's not what you do, it's what you say you do

By John Leyden

Posted in Security, 23rd April 2007 11:47 GMT

Developers have discovered that the name given to a Vista executable affects whether or not it will require admin rights to run.

Security experts said the feature might seem odd, but helps to catch out spyware.

Reg Reader Mike, a C++ developer, discovered the behaviour after spending days trying to work out why just some of his projects required elevation (admin rights) to be run on his Windows Vista machine. To his disbelief, Mike realised that the different properties were simply due to projects being named differently.

"If Vista sees that you have created a Microsoft Visual C++ project with install in the project name, then that .exe will automatically require Admin Rights to run. Create exactly the same project, but call it, say, Fred, and the problem disappears," he explained. "Vista's security isn't just concerned with what an .exe is doing to your PC, but what it's actually called."

Mr Executable

We put these points to Microsoft, which responded with a statement that explained why installation programs might need admin privileges to run but not why this changes depending on the name given to a project.

"Installation programs are applications designed to deploy software, and most write to system directories and registry keys. These protected system locations are typically writable only by an administrator user, which means that standard users do not have sufficient access to install programs. Windows Vista heuristically detects installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows Vista also heuristically detects updater and uninstallation programs. Note that a design goal of UAC [User Account Control] is to prevent installations from being executed without the user's knowledge and consent since they write to protected areas of the file system and registry," it said.

Secure coding specialist Fortify Software said Microsoft's Installer Detection technology acted as a screen against spyware. While imperfect, and odd in the way its behaviour is affected by the names given to project, the feature is better than nothing.

"The Vista feature you've run into is the equivalent of an airport metal detector," explained Dr Brian Chess, chief scientist at Fortify Software

Spyware is a big problem on Windows (yet another reason I have a Mac), and Vista takes steps to make spyware harder to write. By default, programs under Vista don't run with administrator privileges. By requiring administrator privileges to run something that looks like an installer, Vista is making it more difficult for a program to automatically throw some unsavoury gunk on to your machine without your knowledge.

He added that although the feature is imperfect and inconvenient, it's "better than nothing".

Clarification

Changing the name of a compiled executable doesn't change its properties. But different names during the app development process do have an effect, as Mike explains.

If I use Visual C++ to compile a program called, say, "Mikes Installer.exe", then Vista will popup the security message, drag'n'drop won't work (as it requires extra security rights), and if may app asks which version of the OS it's running on, then Vista will tell it that it's Windows XP.

If I recompile the app as "Mike.exe", then these problems all go away, and Vista correctly tells my app that it's running on Windows Vista. Simply renaming the file from "Mikes Installer.exe" to "Mike.exe" isn't enough to solve the problems. Vista still (somehow) knows that the original filename had install in it's name.

I wasn't simply trying to do some simple Microsoft-bashing. This is all simply all about the filename of your .exe's affecting the way they run in Vista. But the solution is to build your .exe files in Visual C++ with a different filename, or to add a Manifest .xml file, as some of your readers did mention.