Security that WORKS!!!

[DeWild1]

Hi, my name is Dean.
I got 20 years experience and I have helped thousands of normal every day users.
(not boasting, just saying please listen )

I know what the average computer user likes and I have made a solution for XP and vista and with it I am able to offer something no one else dares too... Guaranteed Protection.


Not selling here, trying to offer a better way than UAC or guest accounts.

You see, people like admin privileges and hate guest accounts, but as you all know, it just takes one click and everything goes to shit with an admin account.
UAC is flawed in the same way.. SO who CARES if you get an extra prompt before the user clicks OK.. THEY STILL CLICK "ALLOW" and UAC is dead with just a couple of reg deletes and malware can take over..
One extra click does not do anything but annoy people more..

So, I am not sure if your registry hives have permissions, (I just saw your web site this morning for the first time), and I see you have not made something like NTFS so you still can not set permissions on files and folders, but, when you get to it, do what I do.. It works...

Run Admin accounts with guest Privileges on all the critical areas that malware attacks. Setting a different owner on the permissions helps too.
Have a simple icon on the desktop that asks for a password and the user can click on it, put in the password, the permissions get set to full, they install the new hardware or software, it gets locked back down with read only permissions, they go along their marry way...

No need to log into an admin account, install something, log back out, log into the guest account, etc..

Its not perfect protection, nothing is, but that concept plus good automated AV and AS that works without user intervention, has worked for me and all my clients..

I will take an infected computer, clean it, (no format), install my stuff and I have a 98% "Stay Clean" rate.. Only about 2% come back to me re infected and I offer a year guarantee.

Again, not selling, just proving my system works so you guys can take my experience and maybe use it in your design here..
If someone wants to see proof that I know what I am talking about.. PM me and I will send you a link..

I wish you the best and I am amazed at how far you have gotten and I look forward to the beta.
Simply amazing!!!

[vicmarcal]

If you want to contact with our developers, you can contact through ReactOS IRC in Freenode or ReactOS Mailing Lists

[DeWild1]

Thanks, but my stuff works with Microsoft tools, through scripting, I am NOT a developer... The concept is the most important part.
I PMed fireball and that is about as much as I can help.
I can share my code and help with questions but these guys here are MILES above me.

[unofficialforum]

Run Admin accounts with guest Privileges on all the critical areas that malware attacks.

i don't want to knock something that's working for you, but isn't this just a fancy kind of security from obscurity? locking down the half of the system that is attacked more (indeed, building a security model based on that) would have attackers change their angle of attack, right?

i'm just saying it doesn't sound like something that would be reliable.

what it actually is may be quite different from what it sounds like, so take this as curiosity, not criticism.

[Ged]

The default account in reactos will be a user not an admin, so we'll already be as locked down as we can be in this area.

[swight]

(This post may be off topic)

This would have to be well documented but how about we allow programs to give a reason for why they need such and such permission? This if provided would then be displayed to the user allowing them to a more informed choice on each security issue and allowing only as much as necessary.This would probably have to be optional since I don't think windows has it(though I think the .net framework has some security stuff like requesting permissions it is not easy to use and is optional in most programs). Maybe some type of text file that can be included with programs that lists the reasons for each permission required and maybe whether or not the program can function without said permission. This could be a feature above what windows has if we can get enough of the programs that need it to use it. Usage wise it might be best to only prompt the first time the user uses a feature of a program that requires permission and just for that permission. This could help with potential spam issues.

[zefklop]

Windows vista and higher has this feature (not as complete as you describe though), which is called UAC. It works pretty well for me on W2k8 with a single user account.

[swight]

Yeah I know , I see this as a step up from that feature. and on vista it can be annoying dealing with the pop up every time you want to use a program(so it is currently turned off on my system). part of the reason I mentioned that it should only pop up on the first use of a feature requiring a permission. Another problem with UAC is that it gives almost no info as to what the program it is blocking is trying to do. This increases the likely hood that users will just click through without thinking about it.

[hto]

http://en.wikipedia.org/wiki/Capability-based_security
http://en.wikipedia.org/wiki/File_dialog#Powerbox

[DeWild1]

don't want to knock something that's working for you, but isn't this just a fancy kind of security from obscurity? locking down the half of the system that is attacked more (indeed, building a security model based on that) would have attackers change their angle of attack, right?

i'm just saying it doesn't sound like something that would be reliable.

what it actually is may be quite different from what it sounds like, so take this as curiosity, not criticism.

Yes, and not that my business is as popular as Norton or anything, but, changing permissions, especially when there is a different owner, is a tricky thing.
I RARELY see malware that changes permissions and I am sure if everyone had my software, then we would see a lot more of it.

Try it for your self, log in as admin, make another admin user, log in as that new admin, change the Owner on some parts of the registry, and set the permissions to Everyone Read, log out, log back in as the regular Admin and try to make write to that area or set it to Full for you or Everyone.
Now try to find a program or malware that can change it.

Nothing is bullet proof but two or three more very difficult steps for malware to do before it can run - install is working very well for us..

The default account in reactos will be a user not an admin, so we'll already be as locked down as we can be in this area

In the real world, people do not run limited-regular user accounts.
In most corporate worlds with an IT department, it is run that way, but with my system you get a balance and you can fire your IT department...
This means that every time a kid, or anyone for that matter, wanted to install something, they would have to log out, log in as administrator, install it, then log out and log in as a User and then HOPE and PRAY the program actually runs.
With my system, you get a balance...

Just a click or two, a password, and there is no need to log on and off, yet 99% of malware bounces off or at the very least, it does not survive a reboot.

Again, not selling, I am giving you an idea that is better than Vista's UAC and if you put it in by default and give people what they want... (they want something like XP, that is more secure and they want to be able to run their programs and install their drivers and they do not want to be stuck with Microsoft nor feed the monster )

Google "user account control annoying"... Results 1 - 10 of about 552,000 for user account control annoying.

Windows vista and higher has this feature (not as complete as you describe though), which is called UAC. It works pretty well for me on W2k8 with a single user account.

When Vista first came out, I wanted to sue their asses. . But I do not have a billion dollars to throw away and Vista's and 2008 UAC is different and even does some crazy stuff with virtual registry (The heart of most incompatibility issues BTW )

Its flawed by the fact that people become numb to clicking AAAALLLLOOOOWWWW and it only takes one AAAALLLOOOWWW and the system is a zombie - crack whore with all kinds of viruses..

[Ged]

In the real world, people do not run limited-regular user accounts

You mean in the windows world.
Linux exists in the real world and this uses regular user accounts, as does the mac and pretty much most other OS'.
This isn't Windows, we can and will do things differently by default, which means using user accounts for everyday use and elevating to admin when required. (As per Windows, albeit not default)
There's no real requirement for your system, which is pretty much what Windows already provides but more intuitively.

[DeWild1]

You mean in the windows world.
Linux exists in the real world and this uses regular user accounts, as does the mac and pretty much most other OS'.
This isn't Windows, we can and will do things differently by default, which means using user accounts for everyday use and elevating to admin when required. (As per Windows, albeit not default)
There's no real requirement for your system, which is pretty much what Windows already provides but more intuitively.

Going from User To Admin, Elevating, is a way... Its what Vista does, MAC, and maybe even Unix-Linux.
My way, Admin with Read Only on many areas, with a special way to give it Full when needed, is another way...
It works on XP home - Pro, Vista-All and 2003 and most likely 2008.. (never played with, too busy and no market for 2008 as we mainly work with home users.. )
To each their own..

Mine requires no extra programming and may work on your system and personally, I think it is easy to go from Admin to Guest on some areas, then to Full when needed, then back to Limited because the Original user is already Admin..
Rather than to go from a limited User to Admin just for this or that.. Vista has not been able to make it flawless, I wish you luck.
This is just me and my opinion... (I also have thousands of clients who find this option to be less annoying and more user friendly)

You may wish to see http://www.beyondtrust.com/ as well. They do it this way as well, (I think, never tested).

Just trying to help, and my "real world" comment was not meant to be offensive, just silly. I was talking about all the Joe Home User I work with.

[Ged]

Going from User To Admin, Elevating, is a way... Its what Vista does

No it doesn't.
Vista's default account is also admin, but UAC provides functionality similar to what you describe but much more robust.
Instead of the default privlidges token which comes with an admin account, Vista also creates a filtered token which is used in general use giving the impression of a user account. The privlidged token replaces the filtered one when the user clicks 'yes' in the UAC dialog, tempererarly providing elevated privlidges for that process.

Your method isn't really viable for a number of reasons. You can't go around changing ACE's and DACL's on predefined objects.