Windows 7 UAC replacer

[TheAnimus]

Sounds like a deal to me. Would the National Trust be alright with you?

can't find the book, think a mate has borrowed it and i've forgotten.

Installers are still signed though, and there is a certificate chain that will hopefully lead to a trusted CA. That is how the publisher is confirmed. There is even an issue in the validator that means it can't check the signature on large files.

Your right i thought it was only when it from a foreign zone.

Windows would have to prompt when the shortcut was first changed, and yes, it would be a security risk, but security is always a tradoff between security and convenience and I think it would be nice to have a little more granular control of this balance.
Don't get me wrong here, I think UAC is a good thing and the balance that MS have achived on Windows 7 is good, this is just a suggestion for future enhancements.

But then you'd have to have some signing mechanism, and it would become an attack vector so fast.

Lets pretend there was some badly written software that seamed to insist on running as admin for no good reason, now this software has say an xml config file which specifies the modules which are late bound loaded. All of this would have to be covered by the security model.

It would be a real problem because of the piss awful developers.

[pipTheGeek]

...
Lets pretend there was some badly written software that seamed to insist on running as admin for no good reason, now this software has say an xml config file which specifies the modules which are late bound loaded. All of this would have to be covered by the security model.

What I was thinking of was an extra tick box on the shortcut properties where you could set to allow silent elevation. Obviously setting this option would require elevation. When this option is set, UAC would no longer prompt when running this application as this user from this shortcut. I don't know if this could actually be implemented in a secure manner. I realise that this would weaken the effectiveness of UAC, but that is the tradeoff between usability and security, and I would understand the implications of this choice and only apply it to programs that I trust. (Live VS 2005). Maybe make this an extra choice in the UAC dialogue, so it could be completly disabled by default and only enabled by users that understand what they are doing. Afterall, if someone doesn't like UAC to the point of turning it off, this option might mean they could leave it turned on and at least get some protection from it.

It would be a real problem because of the piss awful developers.

There sadly seem to be both many problems, and many piss poor developers. Of course, if all us developers never made mistakes then UAC would have less of a job to do, and DEP wouldn't be required at all.

[aidanjt]

Well nobody writes 100% perfect code, so DEP and ASLR is still useful. But triggering a UAC prompt is a matter of piss poor design.

[rushholme]

Well nobody writes 100% perfect code, so DEP and ASLR is still useful. But triggering a UAC prompt is a matter of piss poor design.

Is it wise to enable DEP for all programs in Win7 64bit, I understand that all native 64bit code already runs with DEP enabled.

Also, what is the best rootkit discovery software for my OS ?

Cheers