Jump to content
Posted 11 December 2011 - 09:41 AM
Posted 11 December 2011 - 05:52 PM
SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.
Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"
Posted 11 December 2011 - 10:45 PM
What is User Account Control?
When an administrator logs on to a computer that is running Windows 7 or Windows Vista, the user is assigned two separate access tokens. Access tokens, which contain a user's group membership and authorization and access control data, are used by the Windows operating system to control what resources and tasks the user can access. The access control model in earlier Windows operating systems did not include any failsafe checks to ensure that users truly wanted to perform a task that required their administrative access token. As a result, malicious software could install on users' computers without notifying the users. (This is sometimes referred to as a "silent" installation.)
Even more damaging, because the user is an administrator, the malicious software could use the administrator's access control data to infect core operating system files, and in some instances, become nearly impossible to remove.
Unlike earlier versions of Windows, when an administrator logs on to a computer running Windows 7 or Windows Vista, the userís full administrator access token is split into two access tokens: a full administrator access token and a standard user access token. During the logon process, authorization and access control components that identify an administrator are removed, resulting in a standard user access token. The standard user access token is then used to start the desktop, the Explorer.exe process. Because all applications inherit their access control data from the initial launch of the desktop, they all run as a standard user.
Posted 12 December 2011 - 06:23 PM
Edited by Striper, 12 December 2011 - 06:49 PM.
Posted 13 December 2011 - 10:19 AM
0 members, 0 guests, 0 anonymous users