Today's News

08/03/06

Vista's user account protection flawed.

Microsoft's attempts to providecompatibility for older applications in its forthcoming Windows Vista operatingsystem is opening the door for attackers, security vendor Symantec alleged in astudy about the software's user account protection scheme.

Matthew Conover, a principal security researcher withSymantec, wrote in a whitepaper that he" expects several privilege escalation vulnerabilities to be discovered."

"Windows Vista's developers had to choose the best way to improve the overallsecurity model while still retaining the most backward compatibility. While mostof their decisions seem reasonable, two particular decisions lead to severalseemingly intractable implementation flaws."

The forthcoming operating system follows the 'rule of least privilege', whichcommands that users should only gain access to items that they require toperform tasks. It implies that access to additional features will only increasethe risk of exploits.

A likely way for malware to circumvent the new security scheme is byobtaining additional privileges, better known as privilege escalation.

Attackers targeting the Internet Explorer browser for instance will berestricted by a low rights clearance. Even if they succeed in installingspyware, their malware won't be able to access system elements such as theregistry or network resources. This effectively neutralizes the malware threat.

Symantec's Conover in his whitepaper however described several ways thatallows applications to obtain additional privileges in early versions of theWindows Vista Beta. Those security vulnerabilities have since been patched, buthe added that security researchers and malware creators are likely to find newsecurity vulnerabilities.

He also cautioned for potential security bugs in a key element of Vista'ssecurity that is designed to prompt the user for consent if an applicationrequires additional privileges. If flawed, it could allow attackers tocircumvent all of the operating system's security features.

"It's just a matter of an attacker finding one that can be abused," heconcluded.

The least privilege rule in Windows Vista directs that user will be providedwith a limited rights user account.

Each Windows Vista system has at least one Protected Administrator account.All processes that are launched by this user run with minimal privileges and theuser is prompted when applications require additional rights.

The software also provides for unrestricted administrator access as well asstandard user accounts.

Previous versions of Windows offered administrator and standard useraccounts, but users were forced to run the administrator mode to get access tostandard features such as the ability to change the system clock.

Symantec in its study asserted that most Windows Vista users will be runningin an administrator account because they are easier to set up than standardaccounts.

The operating system also introduces a process that's referred to as "mandatory integrity control". It provides processes with an integrity rankingand prevents it from interacting with a process with a higher integrity ranking.A low ranking process such as Internet Explorer for example will fail to accesssystem memory or change registry keys.

Similarly, a low ranking process is unable to communicate with a high rankingprocess. Malware in the past used this method to execute arbitrary code.

Symantec's whitepaper is available as aPDFdownload from the company's website.

Source: www.vnunet.com