back to article Program Names govern admin rights in Vista

Developers have discovered that the name given to a Vista executable affects whether or not it will require admin rights to run. Security experts said the feature might seem odd, but helps to catch out spyware. Reg Reader Mike, a C++ developer, discovered the behaviour after spending days trying to work out why just some of …

COMMENTS

This topic is closed for new posts.
  1. Dan

    I may upgrade after all

    ...but only if I can be sure that this 'feature' also includes 'heuristically' picking up files with "setup", "trojan", "worm", "virus", and "wga" in the filename. Otherwise I fail to see its usefulness...

    What year is this? Is this article from the past?

  2. Anonymous Coward
    Anonymous Coward

    Feel the Wow

    This is old news to most developers! Rather than a security feature, it's actually a workaround (aka nasty, cheap hack) to let older installers run properly *despite* the glorious new security features in Vista.

    Without this "feature", an installer that wasn't marked with a manifest that requests full admin rights would likely fail to install correctly. This bit of guesswork by Vista helps to give older installers the rights they need to run properly and be able to write to the program files folder, system folders, HKLM in the registry and so on.

  3. Tom

    Better than nothing?

    It was ever-so-slightly better than nothing until details were published on a high traffic internet news site.

    Security through obscurity doesn't work.

  4. Rich Silver badge

    I'm lost for words

    "This is a little bit silly: just name the installer something else, and Vista lets it through," Chess said.

    Well, quite!

    So if I want my new virus to bypass Windows' "security" (I use the term loosely to the point of ridicule), all I have to do is name it "MS Office" maybe, or "explorer"? It beggars belief (or as the spell check has just helpfully pointed out, maybe that should be spelt with a 'u'?).

    This aside, it has always been a complete mystery to me WHY so many (ok, pretty much all) Windows apps NEED to write to privileged areas of the OS. I mean, why? Compared to (say) Unix, where I can pretty much take any app and install it locally in my home directory. No privileges needed beyond what I already have. As long as it doesn't contain a driver, then what's the problem?

    Oh, and of course, you also have the fun of rebooting every time you stick a new app on the machine! Why? No idea. Does anybody know?

    I could rant on about Mickey Mouse toy OS' and my continuing amazement that otherwise sensible and sane people still buy them, but I'm sure you'll be pleased to learn I'll resist on this occasion.

    Rich.

  5. Ben

    Installer Detection has nothing to do with SpyWare

    Installer Detection is primarily designed for backwards compatibility, it's purpose is to scan the name and resources of an EXE to determine whether an application is "likely" to be an installer program. If Vista thinks it is an installer then it is assumed that admin privileges will be required and the user is prompted to run the program with the required privileges.

    An executable is assumed to be an installer if the executable name or description contains the strings "install" or "setup".

    Installation programs designed for Vista use Manifest files to let Windows know that they require admin privileges, pre Vista installations won't contain this information. Without Installer Detection old installation programs would never have admin privileges and would always fail.

    User Access Control (UAC) ensures programs do not have admin privileges by default which does help prevent SpyWare but Installer Detection has nothing to do with SpyWare prevention.

  6. Ian Ferguson

    Little better than nothing

    I wouldn't say it's like an airport metal detector - that suggests that it actually detects something suspicious. It's more like an ignorant airport security guard who strip-searches everyone Arabic because they might be a terrorist.

    Naturally, now that spyware coders know this, all they need to do is call their executable pineapple.exe, not evil-spyware-installer.exe. Hardly taxing.

  7. Michael J Smith

    Utter Rubbish

    A broken security system is not "better than nothing" it is worse than nothing. It makes you think you have protection when you do not.

    Exactly how many trojan writers will be unable to rename their product? Just change "install-nasty-hack.exe" to "show-bunny-pictures.exe" and the user (who thought they were protected) is left wide open.

    Bah humbug!!

    Michael

  8. Ross Aitken

    Not like a metal detector

    A metal detector will actually detect if you have a nasty weapon about your person. It makes it very hard to take a weapon onto a plane and makes nasty acts much harder to perpetrate because getting onto a plane without going through a metal detector is very difficult. This is more like a security official asking you if you are terrorist.

  9. James

    Use a manifest

    Of course, the correct way to get around Vista's attempts to detect installers automatically is to include a manifest with your application that overrides this behaviour.

    There's an example here.

    http://msdn2.microsoft.com/en-us/library/bb206295.aspx#Setting_the_Execution_Level_in_the_Application_Manifest

  10. Anonymous Coward
    Anonymous Coward

    I feel a hot wind / on my shoulder

    It would be interesting to know if Microsoft has localised this feature - even if it is the case that "install" and "setup" transcend nations, what about languages that use other character sets?

    When the Microsoft person says that Vista heuristically detects installation programs, is this just flip-flam for "Vista has a short text file somewhere, which perhaps could be hacked or bypassed, assuming that the virus-writer does not call his executable instal.exe or installl.exe"?

  11. BenN

    Want an explanation?

    They do this for legacy programs - no installer written for XP will know that it now needs to ask for admin privellages, so they took an educated guess that any file with "setup" or "install" in the title might require them and then ask the user to grant those privellages.

    Contrary to the article though, any files not named setup or install are not "let through" - they don't get admin privellages so can't do any/much damage. If, when they run, it turns out that they want to do some administrative stuff, that is when Vista will ask the user to grant those privellages to the program.

    Just a little fact checking required by El Reg required here.

  12. Anonymous Coward
    Anonymous Coward

    Guess what the next spyware is going to be called?

    Wonderful. That's going to give the trojan and virus writers plenty of trouble to come up with a new approach. It'll take them at least 3/10th of a second to rename the executables..

  13. Anonymous Coward
    Anonymous Coward

    it's "better than nothing" - Not Anymore

    Well it was better than nothing, but now that the cat is out of the bag it is now "Nothing". If these hackers are smart enough to write spyware, then this article just gave them some of the tools needed to circumvent Vista securities.

    When XP was launched, it to was very secure and touted as the most secure yet which was true at the time because no one knew of the flaws associated with it which is the same for Vista. But articles like this and after about 6 months of more findings and we will be right back as though it is XP all over again with a cry from Microsoft as to why we will need Vista SP1 and time goes by SP2 and then eventually the successor to Vista.

    How many times must we fall prey to this revolving door of security problems as an excuse to keep upgrading the OS?

    It also seems that when we do get an OS secure after 3 or 4 Service Packs and all of the holes are closed, another OS is suppose to be the answer.

  14. Martin Kirk

    Absurd

    "Installation programs are applications designed to deploy software, and most write to system directories and registry keys. These protected system locations are typically writable only by an administrator user, which means that standard users do not have sufficient access to install programs."

    Write protection, anyone? It isn't rocket science. If a program, whatever its name is, tries to write to a protected area, that is the time to either reject the operation or prompt for the admin password to temporarily raise the privilege level. You either have a system with proper separation of user and admin roles or you don't. UAC fudges it to try and make admin painless for the non-technical user, but in reality they will almost always say yes to whatever the system asks them. It really only provides Microsoft with the ability to say "Well, we warned you", when things go horribly wrong.

    Basing security on program name is frankly absurd.

  15. Paul Crawford Silver badge

    Next to useless

    At first I thought this was an April Fool. I can't believe the statement "The Vista feature you've run into is the equivalent of an airport metal detector", this is more like the US landing card asking you if you are a terrorist or are guilty of war crimes in the 1939-45 war, etc.

  16. Ian

    (I think) Simple fix - use a manifest file....

    This has been a known item for a long time. Basically heuristics (well, strstr()) are used to guess whether the software may need admin privs - anything called *setup*, *update*, or *install* for example, and in those instances, a LUA prompt will be popped up.

    However, this (IIRC - I may be wrong) can be overridden if a manifest be applied to the .exe. As a rule of thumb, there should always be a manifest file with executables destined for Vista. The manifest can, IIRC, specify whether or not admin privs are required. The only problem with manifest files are that with some versions of XP, crashes can result. There was both a fix, and a workaround, for this issue - I can't remember the details though.

    For more info, have a look at: http://blogs.msdn.com/uac/archive/2006/01/13/512776.aspx

  17. M

    This contradicts itself

    In one part of this article it is saying "By default, programs under Vista don't run with administrator privileges" in a different part it says "This is a little bit silly: just name the installer something else, and Vista lets it through"

    This is a contradiction. If the name is changed Vista does NOT let it through. It runs it with reduced privileges! This feature in Vista is designed to ensure that installers do work, it is not designed to ensure other applications don't work, though it may well have this effect.

  18. Geoff Winkless

    Title misleading

    The program name doesn't govern the rights, only the rights required to run it.

  19. Alan Stepney

    backdoor in Vista ?

    Just wondering whether it is likely that Microsoft have put some kind of backdoor in Vista ,given that so many overseas Countries/Government's use Microsoft OS's I cannot believe that someone like CIA would have done a deal with MS and allow them access to such overseas computers ?.

    What do you think ?.

    Alan

  20. Joe

    not quite

    Slightly misleading towards the end. What actually happenes under UAC is that a flagged program will prompt you when run to either allow the program to run with administrator rights or not to run at all. An unflagged program will run with user-level rights unless you right-click it and say run as administrator at which point you get the familiar UAC prompt.

    With UAC enabled NOTHING that you run can run as administrator without your consent. If it runs silently when you double-click it, it's running with user level rights.

  21. Pascal Monett Silver badge

    Side-splittingly efficient

    "Windows Vista heuristically detects installation programs" - No wonder it took as much money to make Vista as it took to send Armstrong to the Moon. With complicated heuristical analysis as elaborate as [If NameOfProgram = "Install.exe" Then ForceAdminFlag = True], it sure justifies the tens of millions spent.

    Additionally, this is a boon to malware writers everywhere. Just make an Install.bat program that launches Anything.exe and you can install whatever you want - completely bypassing the heuristics which, suddenly, seem ridiculously inefficient.

    So let me sum that up again : Vista requires twice the hardware power to run half as well as XP, with a level of security that can be completely bypassed by simply avoiding the name "Install" in installation programs, and a User Account Control that might just be worth something, but is so annoying that it is bound to be deactivated after five minutes. And all that is wrapped in Hollywood-approved DRM goodness that is just begging for a chance to totally deactivate your license if you sneeze wrong.

    But, it has 3D windows. Well now that changes . . . what exactly ?

  22. The Lost Admin

    You call *THAT* security?!?

    Are you guys seriously calling that "heuristic" a security *feature*? I would call it more of a problem than a fix to system security in Windows. I've posted details at The Lost Admin blog, http://blog.hedron.org/. In summary (for those who don't wish to leave the Reg:

    1. It will make insecure programming even easier as inexperience programmers will assume even more security is automatically added.

    2. It will increase end-user click OK without reading

    3. It will may corporate IT's job more difficult when trying to protect end-user systems and still remain flexible.

  23. Alfred

    Maybe I'm missing the point...

    ... but are you saying that Vista will, if it thinks you're using some kind of installation program that will require higher access, offer to allow that kind of access? Seems pretty sensible to me. If it's an instaillation program and you don't get higher access, it won't work and you'll smack your own forehead and try again, having given fred.exe the higher access it needs manually.

  24. David S

    Heuristics?

    Hmm...

    Is it not reasonable to assume that the heuristics which Vista applies to judge the installiness of a program might include the name, but also other aspects such as the behaviour of the program. If it starts copying executables onto the hard disk or writing changes to the registry, for example, then it _might_ be a good idea to treat it with suspiscion...

    The word "install" being part of the program's name could be a big clue. There may well be others. If it's the only clue for a given project, then its removal will, naturally, remove the "danger" flag. If there were other clues, on the other hand, it probably shouldn't.

  25. James Anderson Silver badge

    ... If I was going to write a malicious installer

    ... I would call it anything but "installer.exe".

    I would be asking the user to run something like "DebbieDoesDallas2.exe" or "CutePuppy.exe".

  26. Jay Giusti

    Misleading security lulls users into false sense of Vista marketed security

    "He added that although the feature is imperfect and inconvenient, it's 'better than nothing'."

    No it's not, actually.

    Users presented with irregular requests for administrative verification may feel falsely assured that when no admin rights are requested there is no possible threat, particularly given MS's extreme marketing effort to identify Vista with "security first and always."

  27. Anonymous Coward
    Anonymous Coward

    Better than Nothing?

    Heuristically detect installers? This is *worse* than nothing. It is exactly this kind of un-transparency that makes Windows incomprehensible to its users. When users have no idea what is going on, then they have to really on the opporating system to tell them what is safe. This is just another case of Microsoft covering up past mistakes with new, bigger mistakes.

    This is a disturbing trend in "Security". The term used to mean preventing other people from performing actions on your system by fixing buffer overflows and such. Now "security" seems to mean protecting the user from him self through countless pop-ups and restrictions.

    True security can best be acheived by designing software to work transparently and informing users so that they can make intelligent choices.

  28. Chris

    Flawed analogy

    Basing the rights required on the project name is not the same as a metal detector at an airport. It's the same as asking someone if they are carrying weapons, and then taking action based on their answer. If they say "yes" (a program named "install"), additional actions will be performed. If they say "no" (a program named "fred"), they are allowed through. This is, effectively, no security.

    If this is true, then it will not stop or reduce spyware at all. Spyware is most often installed without the users' permission (as this "protection" is specifically designed to protect against). But a program that tries to install itself without permission will rarely call itself "install". And any spyware that IS installed as part of another software's install (GAIN or 180Solutions, anyone?) has already received admin rights when the user said OK to the original install. So what is this going to protect against, exactly?

  29. Anonymous Coward
    Anonymous Coward

    What a marketing slogan!

    Vista Security - Better than Nothing!

  30. regadpellagru

    Metal detector, really ?

    ""The Vista feature you've run into is the equivalent of an airport metal detector," explained Dr Brian Chess, chief scientist at Fortify Software"

    Ok, good. Now, how good would those detectors be if

    any object could just be able to reshape (change names)

    when the beam hits them and after ? Wouldn't the scan

    operator be misled some times ?

    The comparison falls flat, to me, Chess ...

    I'm no Windows expert, but it's down to the very

    implementation of Windows here, that "security" relies.

    Not a design paradigm, like Redmond likes

    to claim to the masses.

    There have been vulns of Unix system in execve() in the past,

    in the exact same way it treated suid #! headers ...

    Can happen to Vista, given where Redmond starts from,

    in terms of security !

  31. Anonymous Coward
    Anonymous Coward

    Discovery?

    Not sure why this is a "discovery". It's been documented behaviour in Vista since Sep 2006. See http://msdn2.microsoft.com/en-us/library/aa905330.aspx

    If reg reader "Mike" wants to avoid the "problem" all he has to do is add the correct manifest to his project as documented.

  32. Anonymous Coward
    Anonymous Coward

    Not quite....

    That's not strictly accurate. The installer detection uses a number of heuristics to determine whether or not to flag the executable as requiring Admin rights - of which the filename is only one.

    However it's really only a shim for legacy applications - the heuristics (and all associated backwards compatibility testing) is automatically disabled if the application is marked as being Windows Vista aware in it's manifest.

  33. Mostor Astrakan

    Erm.

    Now I am as impressed with Windows Bargepole[1] as the next guy, but THIS ain't no security problem. If your program is called "install.exe", then it'll request admin privileges. If you don't type in the Admin password[2], then it will fail.

    Why a program can't decide for itself whether or not it needs admin privileges and do the Microsoftish variant on su is beyond me, but then again I'm used to *real* multi-user OSes.

    This falls in the category "stupid but harmless".

    ==========

    [1] As appropriate a name as any since every Vista discussion seems to include the word.

    [2] You *do* need to type in that password don't you? Even Microsoft wouldn't be happy with a simple click on "yes"? Please?!

  34. Anonymous Coward
    Anonymous Coward

    It seems most people have misunderstood how this works

    If a program is likely to be an installer (via allsorts of analysis, including whether it has "install" in the name), then Vista *suggests* that it is run as admin, since it is likely to fail otherwise. The user gets to interactively decide whether or not to actually allow this.

    Renaming the file so that it doesn't contain "install" stops Vista from prompting (assuming nothing else triggers its heuristic detection), but DOES NOT run it in admin mode - it simply runs it as a limited user, which stops it from making any system changes.

    Therefore the comments that Chris says, WRT malware authors simply avoiding calling their software "install" (which of course, 99% of them don't in the first place), simply isn't valid or correct. I'm picking out one example there, but there are countless other example of confusion, including with the original author, John Leyden.

  35. RW

    'Heuristics" means "we guess the answer": Nice Security , Guys.

    "Windows Vista heuristically detects installation programs."

    What M$ call "heuristics" the rest of the world calls "guessing."

    Vista security depends on guesswork, it would seem. Doesn't M$ realize that when they guess, they are often going to guess wrong? What kind of approach to security is that?

  36. Alun Harford

    Eugh.

    I don't know who Dr Brian Chess is, but he's just made a fool of himself (unless you've misquoted him, in which case he should sue).

    This has precisely nothing to do with spyware.

    When a program is run, Vista has to work out whether it needs admin rights to work correctly. If it doesn't have a manifest (the preferred method) Vista tries to work out whether it's an installer and if it is, assume that it needs to run as admin, and display the UAC prompt (Windows su).

    If a malware author doesn't include a manifest file and 'tricks' the system to make sure that it doesn't appear as an installer, the program will not be run with admin access, and so won't be able to screw the system over.

    The downside of this idea happens when a normal user wants to install an application only to their own account. If Vista detects that it's an installer (and it's very good at that - it's not only the name it looks at) Vista won't let it run without admin rights (to 'protect' the user from the installation failing) when in fact they have the rights they'd need to install the program.

    An admin can disable this behaviour by setting the security policy item: "User Account Control: Detect application installations and prompt for elevation" to Disabled.

  37. Remy Redert

    backward compatibility

    Like several people have already pointed out, this is NOT a security feature, it's an attempt at backwards compatibility, allowing installers designed for older versions of Windows to get the proper rights so they can run correctly.

    Installers that don't get these rights can't install drivers or write anything to protected sections of the HD, at all.

    Vista's security is undoubtedly flawed and easily bypassed, but this has nothing to do with security at all.

  38. Keith Langmead

    Re: It seems most people have misunderstood how this works

    Finally someone with some sense, who actually read the article without jumping to conclusions and making a decision.

    Reading peoples comments on this just made me madder and madder as I went down the page! It seems lots of you would point your fingers and start grumbling regardless of what the truth was, just because it was Microsoft!

    Yes I had a laugh and a gasp when I first read the article, but once the little grey cells engaged I could see the truth.

    But incase there are still some of the hard of thinking...

    Vista will not run ANY program which touches the protected areas of the system when you are logged in as a normal user, regardless of name. Vista programs are aware of this, so know to tell the system they need admin access, so up comes the prompt asking for the login. Old programs don't know this, so will just try to run regardless, and therefore fail. By assuming that anything called setup.exe or install.exe is an installation program, you get around this problem, and again you are presented with the login prompt. If you have any old installation files which have a different name, but still require access to the system files they will fail unless you use runas.

    If there is a problem with this, it is purely that you now get prompted to run old setup.exe files as administrator, even though with some apps this may not actually be required, but compared to how XP handled it it's an improvement.

  39. Tone

    Bandwagon

    Have to agree with poster above, some really silly posts.. just hope those posters carry out a little more research before they go about their daily work....

    ;)

  40. Anonymous Coward
    Anonymous Coward

    Wow, I can't believe how vigorously everyone is missing the point.

    This scheme is _far_ far worse than nothing. It is a major monkey wrench in what was supposed to be a big Security improvement in Vista: not running everything as Admin.

    Trojan authors will not "work around" the "problems" by renaming their installers _away_ from "install". Far from it. They will rename their Trojans _to_ "install", because now Vista will helpfully ask the user to run their code as an administrator, even though the user is supposedly being "forced" by Vista to do everything as an unprivileged user.

    This reduces the difficulty level of doing something evil. All the malware author has to do is convince you to run his program. He can present it as a greeting card or a slide show or whatever -- all the old tricks -- but now he has a guaranteed way of getting the OS to run it with administrator privileges. Oh sure, it won't happen until Vista has asked the user whether to do so, but get real. Anyone who has been using Vista for more than half an hour is already automatically granting privilege any time the dialog pops up. Remember, the user already decided he _wanted_ to run whatever this malware is.

    So way to go MS, you've included a nice social engineering-to-pwn hole right in the middle of your New Improved Super Secure OS.

  41. Anonymous Coward
    Anonymous Coward

    Collective intelligence....

    Once again the anti-Microsoft masses rise up and parade their ignorance.

  42. Joe Cooper

    Old feature

    Everybody needs to chill out, there's a big misunderstanding here.

    By default, all programs are NOT given Admin rights. If it's not called install, it will be "let through" in the sense that it will run as non-Admin. You have to log out and log back in to run it if you need Admin privileges.

    This is a convenience feature that has been around since Windows 2000: If you run a program called install.exe (or was it setup?), it will prompt you for the password.

    I know that Windows 2000 exhibits this behaviour because I have Windows 2000, and I have seen it do it. Any program named install will prompt for the Admin password. It's a convenience method.

    "They will rename their Trojans _to_ "install", because now Vista will helpfully ask the user to run their code as an administrator"

    This is true. Linux has this same feature in fact.

    In Fedora, if you click an RPM, it will simply prompt for the root password and install it. It would be extremely easy to deploy a spyware this way.

    The only reason it doesn't happen is that spyware and adware companies are in it for the money and there just aren't enough Linux users to bother.

    You can say security through obscurity is a myth all you want, but for spyware at least, there's at least a dozen ways to penetrate Linux and in fact the same tricks that work in Windows can work on Fedora and Ubuntu, among others, and including the derivitives.

    This is one of them.

  43. Herbys

    Wrongly reported

    Yes, if Microsoft had done this they would be utterly stupid. But they didn't. File name is NOT used to make privilege decisions for executables. The article (and the comments) are misintepreting what the OS does with the name.

    What Vista does is ASKING FOR ELEVATION based on many factors, which include file name. But asking for elevation just equates to asking the user is asked if this is an install program and should run elevated. If the user says yes, then it is run elevated (the decision is on the user). If the user says no, the app is run without privileges and if it is an installer or malware requiring privileges it will fail. The feature is just a shortcut to ease the users lifes by suggesting that certian applications might need privileges and letting the user decide if they should be granted. The user is the only one that knows (hopefully) what he or she is attempting to do.

    Does this mean you can fool the system by using another name? NO! If your file does not have such a name, elevation will not be requested and the file will be run without privileges. So if it is malware or an installer, it will just fail, unless ran by a full time admin (the Administrator account, or manually launched with "run as administrator").

    So those of you drawing conclusions that Vista security is flawed because of this I would suggest go and grab a decent security book, because you are seriously confused.

    Nothing to see here, move along...

  44. Charissa Cotrill

    The real problem...

    The sad truth is that any given security system, from a wooden shield to software, is only as good as its weakest link. It doesn't matter how tight you write your code if the end user's ability to discern a threat never improves. I'd be willing to bet my entire life's income on a future increase in Linux targeted attacks, especially with the increase in user-friendly distributions.

  45. Joe Cincotta

    Old News Wrong News

    I have to admit, it took a little while to completely get the (non) problem myself. But this is certainly old news. Steve Gibson from GRC.com had commented on this functionality literally months ago.

    I had noted the impact on applications which were non-installers which looked like installers (due to their filename) in my blog - which is a rather lame situation by any measure...

    http://blog.pixolut.com/2007/04/16/why-does-my-application-throw-up-uac-dialogs/

    I too thought that the opposite may happen, regarding elevation of privilege through filename heuristics, but alas that is not the problem. It is simply a switch for the UAC when a manifest is absent.

    ...the real problem is that after the installer for my non-Vista aware application runs (thanks to the UAC heuristics on the setup filename) - UAC may not ask about privilege elevation if my application doesn't have a manifest and doesn't have 'setup' in the filename.

    Therefore whilst the bloody installer may well work thanks to the little filename hack the application itself may silently fail or not trap errors which previously could not occur.

    This opens up a whole dimension of potential issues for which there is not really a workaround - potential denial of service security flaws and the like in applications which were previously stable.

    Joe Cincotta

    http://blog.pixolut.com

  46. Tim

    The REAL problem....

    The real problem is that the OS is inherently insecure as it is written. M$ continued insistence on backward compatibility all the way to DOS is a major problem.

    To answer the above poster, the difference is that in Unix (or Linux) one program would not be able to run at such a level to take down the entire system. The design of any Unix OS is much different than Windoze and naturally more secure, even when running X in stupid mode.

  47. Anonymous Coward
    Anonymous Coward

    This is a feature...

    that has turned out to be a bad idea on unix systems a long time ago. The vista heuristics can be seen as a filename based setuid flag. This has been used in the past to allow a unix program to set a new password when called by one name, but only read the user list from another file when called by a different name. Vista has went back to this abandoned feature, while the Run as... option provides the same solution as the sudo command on a unix system. The elegant solution would be to require the user to run the program as root (aka. admin). If the os wanted to be nice, it could include an 'Install as administrator...' right click option. Or as a better option, tag all binaries that are not the result of a setup process as possible installers. This would have the nice effect of banning all new binaries from running until the user correctly categorizes them as installers, installed programs or stand alone executables. This way all malware have to be enabled at least once manually before run. (some combined virus scanners/firewalls provided this in the past as well as some not so widespread oses)

  48. Adam T

    Silly indeed.

    "The Vista feature you've run into is the equivalent of an airport metal detector"

    And yet people still manage to get weapons and explosives through airport security.

    I'm only half suprised by this though. Microsoft has the baggage (or should that be luggage?) of legacy apps and installers to worry about and support.

    Does this simply mean that because of the Old Crappy Windows, all New Crappy Windows will forever be burdened with poor security?

  49. Anonymous Coward
    Anonymous Coward

    Funny how the FP-ers are always rabid anti-MS ...

    Oh, look - a Microsoft post on security! Quickly - compare it to Linux, or Unix, or the everpresent Mac!

    It must really sting to know that Microsoft still owns a majority of the desktop market - it can't be because they make using the computer instinctively easy to use and user-friendly with almost total backward compatibility, can it? Of course not.

    In all of these posts there is a vaguely concealed, and sometimes overtly blatant, sneer at anyone who didn't chose *their* operating system. This post is a message for YOU PEOPLE. Everyone else is excused.

    Did you ever think what viruses and security holes might plague other systems had they achieved market superiority? What if every desktop user had your level of technical training - wouldn't trojan infection and the like simply disappear? The fact is, they don't. They bought the computer and they just want it to work. They don't want to have to hire a sysadmin just to get a word processor to work.

    Also - RTFA!!! Even if a trojan renames itself, it still cannot do any destructive writing, because Vista will block it. And yes, many users may just simply click OK because it's easier, but those who are intelligent or cautious enough will now have a chance to evaluate it themselves. If you put the same uneducated user behind a Linux terminal and sent him a virus, he might probably try and install it too! (Please note: I don't care if it would work or not.)

    Try and read the article properly, then THINK, then reply. Try not to get Pavlovian when you see the terms Microsoft and Security in the same article. Other posters will thank you for it. You will feel better for it - trust me. Lord knows the Sony fanboys will carry the half-baked firstpost torches from you if you want to give them up.

    </rant>

  50. Sean Healey

    Airport Metal Detector

    Duh!

    The airport metal detector will still flag up an alert for your concealed knife even in you had painted it a cute soft pink colour(*) and tied a pretty bow around the handle ... can't say the same for this 'heuristic' method.

    (*) which *is* spelled correctly thank you!

    Oh, and for the bod who couldn't resist the good old line about there being 'hardly any Linux users', sorry mate but by using this forum you're actually one of them:

    www.theregister.co.uk = Apache/2.0.54 (Debian GNU/Linux)

    (http://uptime.netcraft.com/up/graph?site=www.theregister.co.uk)

    The pro-microsoft crowd tend to overlook that a large chunk of the sprawling internet is powered by Linux and BSD, which ought to make it an ideal target for attack when there are rich pickings to be had from all kinds of fraud and extortion related angles (credit card data theft, user impersonation, malware distribution, ...)

  51. malle herbert

    Windows + Security = B*ll*cks !

    Since any user will soon be sick and tired of Vista asking for their admin credentials that UAC will probably be disabled by many of them, I don't see how this will inprove security.

    This entire "looking for words like install and setup" thing is nothing more than an attempt to achieve at least some backwards-compatibility with all those different installers out there.

    This feature has ABSOLUTELY NOTHING to do with blocking spyware, adware or other nasty stuff.

    All those spyware writers would have to do is simply create an installer that actually runs without requiring admin privileges, then let that program create a login-screen that looks exactly like the UAC login screen and capture the

    (l)users admin-password... it's as simple as that !

  52. Clay Garland

    In addition.

    I hear that Vista will "heuristically" detect any application called iTunes, OpenOffice, StarOffice, Quicktime, Flash, Firefox, or Opera and force the user to download an "appropriate" alternative, be it Office 2007, Windows Media Player, Internet Exploder 7, or Silverbollocks.

  53. Anonymous Coward
    Anonymous Coward

    No, of course not.

    "it can't be because they make using the computer instinctively easy to use and user-friendly with almost total backward compatibility, can it? Of course not."

    There's many a true word spoken in jest and those were just a few.

    I spend a greater portion of my waking life supporting the poor souls who've had Microsoft's excuse for an operating system inflicted on them, and I can state quite unequivocally that there's nothing 'intuitive' about Vista (or any other version of Windows for that matter).

    As for this latest retro-fit gaffe: Have Microsoft considered employing the crew of Sealab to do their coding & testing? I suspect they'd do a considerably better job.

  54. Gordon Fecyk

    This is news? Where were you all seven years ago?

    Um... Windows 2000 Terminal Server in application server mode does this. You run anything that looks like an installer based on the filename and the OS stops you, telling you to use Add/Remove programs or change user /install.

    Of course XP had this because it has fast user switching and remote assistance, both based on terminal server. Even if you ignored 2K Server, how can you all ignore XP?

    And don't get me started about airport security... bah! too late!

    http://www.vmyths.com/column/1/2000/11/1/

  55. Rob Ashton

    RE: Bandwagon

    I wanna join too.

    Sorry El Reg, but you've completely missed the point. Like, totally, utterly and amazingly. See every other learned posters comments =/

  56. Dale Richards

    Wow

    I find it disconcerting that this non-issue has sparked a) a "news" item on El Reg; and b) so many mindless comments.

    Firstly, this feature is NOT a security feature, nor is it documented as such. It is purely for compatibility with non-Vista-aware applications. The decision to run something with or without admin rights is still left up to the user, regardless of the name of the executable.

    Secondly, this is NOT a security hole, as was suggested here:

    "Trojan authors will not "work around" the "problems" by renaming their installers _away_ from "install". Far from it. They will rename their Trojans _to_ "install", because now Vista will helpfully ask the user to run their code as an administrator"

    Vista-aware trojan authors can do this anyway by the manifest method, so it makes no difference what the executable is called.

    So this whole "problem" is nonsense. I'd expect this kind of reporting from the Queen of Non-Issues, Steve Gibson, but I expected better from The Register.

  57. Alan Esworthy

    What's in a name?

    An anagram of "installer" is "NilAlerts" and "setup" similarly yields "stupe". HTH

  58. Mike Gledhill

    It gets worse...

    I sent this article to The Register at the weekend, after wasting many hours tracking down a drag'n'drop bug in my code (when running on Vista) which didn't exist.

    Two addition comments to make:

    First off, yes, I do now know that if I add a manifest file to my .exe, then this Vista problem goes away.

    But first, you need to know that this filename quirk is what's CAUSING the problem in the first place. No such files are required in XP, and my program ISN'T doing anything even slightly malicious.

    This problem all came about as my .exe (with "install" in it's filename) has a screen where you can drag'n'drop files into it. It doesn't change system files, doesn't overwrite Windows directories or anything... it simply lets you drag'n'drop files into it, and it was THIS behavior that refused to work under Vista, until I changed the .exe filename.

    It gets worse though: I thought it would be useful to look out for this behaviour happening, so I could warn the user about it. But you can't do it.

    If I kept the filename with "install" in it, and tried to use the 10+ year old Microsoft C++ GetVersionEx() function to test which operating system the .exe is running on, then Vista actually LIES.

    It actually tells my app that it's running on a Windows "version 5.1" machine - or Windows XP to you and me.

    So, my app can't allow users to drag'n'drop files into it due to a Vista security measure, but Vista then tells my app that it's running on Windows XP, so my app has no idea that this problem might be happening.

    It's ridiculous !!!

    Once again, if I remove "install" from the filename, it all works fine, and that GetVersionEx() function is back to telling my app that it's running on Vista.

    Aaaah, I'm sure there's logic in there somewhere.

  59. Anonymous Coward
    Anonymous Coward

    Windows Security: Oxymorons-R-Us

    @ Joe Cooper: "there's at least a dozen ways to penetrate Linux "

    As opposed to the "More than 180,000 threats [which] exist today" for Windows users, according to McAfee?

    I'll take my chances with Linux, thanks.

  60. Daniel Ballado-Torres

    This is Russian Reversal of actual feature!

    As much as I love to bash M$, I have to point out that the point is taken backwards ... it is basically a "Russian Reversal" play on the feature that makes it *seem* it is useless.

    The case is, if UAC is enabled, every single program that *doesn't* have a manifest, will run in mortal-user mode. If they have the manifest, you will get the UAC prompt.

    But ... if the name is called something like install, setup and similar, then it will behave just like if it had a manifest and ask for admin privs.

    No, naming your program anything else doesn't "bypass the metal detector". It actually keeps you out the gate altogether.

    HOWEVER, this only is effective if:

    - User has UAC enabled, and

    - User has a non-admin account for everyday use. There was a Reg article some time ago about this.

    So it is more a backwards hack to allow unaware pre-Vista installers to run. Calling it "false security" reminds me of a friend back in '97 running SMIT as normal-user and then claiming he "hacked" the box.

    Anyway, happy bug hunting! Vista is bound to show off some major security hole sometime in the future...

    PS: Hm... somehow everytime I type UAC, I think of DOOM.

  61. Timothy Tuck

    UAC != Security

    Gee, when was the last time i saw virus's and spyware hanging out in the various TEMP folders, and they are not protected at all? How about daily!

    Working on windows systems every hour of the day, and day of the week tells me one thing. THANK GOD I JUMPED SHIP YEARS AGO. I jumped to linux cold turkey about 10 years ago and it has paid me back a million-fold. Sure it was hard, its much easier now.

    Thank god not everyone has done it though. doubtful i could have all of the work i do if it wasn't for Microsoft's failed attempts at security and reliability.

    Why don't they just speak the truth. "Windows - Now Almost Secure This Year." Do the Nasty, Everyone else is.

    Last time i lost data...... running windows, 10 years ago.

    Last time i got a virus .. Also running windows, 10 years ago.

    Last time i missed windows? about 9.75 years ago.

    Last time i was GLAD i quit using windows.....Every day for the last 9.75 years

    This is not to say linux is perfect, its not, it needs lots of improvement, but its been getting it every day and every day it just gets better.

    That is the major difference, if Linux did something like this anyone in the world could look through the code and if they had a better solution they could implement it, some might suck even worse, but everyone who wanted to would have a equal chance of replacing it with their code. Nobody but Microsoft can fix the mess that we call windows and even they have proven they are not capable. Linux, everyone has the opportunity to step to the plate.

    Who here can seriously tell me windows has ever gotten better or even between releases got better. I mean better in the ways that matter too, not just more lipstick on the pig, kind of better.

    Ill give you that 2000 was better than Windows ME, but dude, 98 to ME was pure and total carnage, like twin towers kind of bad.

This topic is closed for new posts.

Other stories you might like