Hi Jimmy,
So, you're saying that UAC should remember what program launched the
admin program, and then only prompt if a different program tries to
launch the program?
That's a good idea.
Unfortunately, it 1) still doesn't ensure that *you* are the one
launching the program, it just ensures that a certain program is doing
the launching, and 2) it is not yet possible for the system to make that
assurance.
Thanks
although the credit goes to the developers of Comodo -- I've
learned about the technologies from them recently.
'It is not yet possible for the system to make that assurance'. -- from what
I've seen on Comodo, it can assure who starts the program and if it's *not*
able to, it detects it as an 'Invisible parent' -- meaning it's not you as
well.
Again, I need to remind you that altho I've done some development a few
years back in C++ VS 6.0, I'm no 'expert' in these matters. What I perceive
as them being able to detect the parent might be different as how I'm
describing it.. the best way for you guys to know for sure would be to test
it yourselves although the Vista version isn't out yet.. only XP (Vista
version is Beta as of now).
For example, let's say you launch a program from the start menu that you
want to always elevate without asking.
That's all well and good, and it seems like a reasonable tradeoff
between security and usability, but in reality it only appears so.
It is trivial to run code in the process of explorer, and really in any
process that lives in the same privilege level, and its not merely a
matter of "checksumming the file" to verify it hasn't been changed,
there are ways to get code to run inside of a process that wouldn't be
detectable using that method.
- Aye, if they are checksumming to verify the integrity of the file, perhaps
you are right, but from what I've seen, they seem to use something else..
I've tried changing an .exe myself using an hex program and restart it, and
it detected it as changed -- no clue as to how they do that but so far, it
seems to work.
It's not just about you trusting the program, but just as much if not
more about ensuring that you are the one starting it.
- I hear you there... that's the purpose of the security added the Vista and
I'm *all* for security (not a fanatic, but I scan my PC every month, boot
intense scan every 3 months or so -- I even rescan every files I'm
downloading even tho my scanner is scanning them while I download
etc).
As I mentionned previously, from what I've seen, I am not able to start a
program other than my double clicking on it without Comodo detecting it..
again, not being an expert, perhaps someone at MS could play around with it
and who knows, find a way to make UAC even better than it already is
--
there's always place for improvements. just need to find the correct way to
do it
I do think it is possible to do this without a prompt; however, the
problem is much more challenging than it appears at first glance
.
That I completely agree with you
and indeed it *is* challenging, but I
have faith in the team to come up with a solution in the near future --
there's no stopping progress after all
btw, I'd like to thank you for replying.. I think this is a very interesting
subject and who knows, it might lead to some sort of a glimpse of a
solution... who knows
Regards...
--
Rej
btw if you're interested in testing the software in question, I could send
you the link altho I'm sure if it's in the forum rules or not. another easy
way is to search for it using 'comodo firewall pro'.