Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Vista
admin account
file management
games
general
hardware assessment
hardware devices
installation
mail
multimedia
networking sharing
performance
print_fax_scan
security
  
 
date: Tue, 16 Sep 2008 20:55:40 -0500,    group: microsoft.public.windows.vista.security        back       


UAC not a "security boundary."    
Does anyone know, why MS does not consider UAC to be a security boundary? 
And what are the trade-offs involved with making it one? Is it not possible 
to make it a security boundary?  It seems kinda anti-customer to say "if we 
find a security exploit in our code (in UAC) we won't fix it," doesn't it? 
I wish this would be fixed in Windows 7, but I admit I don't understand all 
the issues involved, so any help would be nice.
date: Tue, 16 Sep 2008 20:55:40 -0500   author:   James R. Gentile

Re: UAC not a "security boundary."    
http://www.microsoft.com/technet/technetmag/issues/2007/06/UAC/default.aspx

Right near the bottom.

"James R. Gentile"  wrote in message 
news:bK2dnfIw_fEv_k3VnZ2dnUVZ_judnZ2d@comcast.com...
> Does anyone know, why MS does not consider UAC to be a security boundary? 
> And what are the trade-offs involved with making it one? Is it not 
> possible to make it a security boundary?  It seems kinda anti-customer to 
> say "if we find a security exploit in our code (in UAC) we won't fix it," 
> doesn't it? I wish this would be fixed in Windows 7, but I admit I don't 
> understand all the issues involved, so any help would be nice.
date: Tue, 16 Sep 2008 22:44:18 -0400   author:   FromTheRafters

Re: UAC not a "security boundary."    
Hi,
Mark Russinovich explains it best in his presentation "Windows Security 
Boundaries". You can view it on technet spotlight here: 
http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=993

-- 
Victor Constantinescu aka YounGun
Security MVP
http://victor-youngun.blogspot.com/


"James R. Gentile"  wrote in message 
news:bK2dnfIw_fEv_k3VnZ2dnUVZ_judnZ2d@comcast.com...
> Does anyone know, why MS does not consider UAC to be a security boundary? 
> And what are the trade-offs involved with making it one? Is it not 
> possible to make it a security boundary?  It seems kinda anti-customer to 
> say "if we find a security exploit in our code (in UAC) we won't fix it," 
> doesn't it? I wish this would be fixed in Windows 7, but I admit I don't 
> understand all the issues involved, so any help would be nice.
date: Sat, 20 Sep 2008 13:18:56 +0300   author:   Victor Constantinescu

Re: UAC not a "security boundary."    
Good article, and good video, thanks to both of you.

"James R. Gentile"  wrote in message 
news:bK2dnfIw_fEv_k3VnZ2dnUVZ_judnZ2d@comcast.com...
> Does anyone know, why MS does not consider UAC to be a security boundary? 
> And what are the trade-offs involved with making it one? Is it not 
> possible to make it a security boundary?  It seems kinda anti-customer to 
> say "if we find a security exploit in our code (in UAC) we won't fix it," 
> doesn't it? I wish this would be fixed in Windows 7, but I admit I don't 
> understand all the issues involved, so any help would be nice.
date: Thu, 25 Sep 2008 01:58:20 -0500   author:   James R. Gentile

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us