DanS <t.h.i.s.n.t.h.a.t@r.o.a.d.r.u.n.n.e.r.c.o.m> wrote:
>>>Actually, the list could be UAC protected too, so that doesn't really
>>>apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
>>>checksum) the exe file and if it changed, then UAC could pop up a
>>>warning saying 'this previously allowed program has changed'.......
>>
>> Dave was right. The whole point of UAC would be defeated by using
>> (which btw would be something far beyond MD5) cryptographic lists.
>
>The list (in the registry ?) doesn't need to be encrypted.
The MD5 (or other algorithm) hash is cryptographic - I wasn't
referring to any specific method of storing the allowed-programs list.
> It just needs
>to be UAC protected, like much of the registry is now. And the MD5 hash
>is just of the exe file. The hash is created, and stored in the UAC
>protected area of the registry. When the program is launced, UAC would
>check its list, and rehash the exe file. If the hash is still the same as
>as when the UAC exception was created, it will run the app. If the hash
>has changed, that means something changed the exe file, UAC will report
>this, and the exe will not run w/o the UAC prompt.
>
>I fail to see how that defeats anything. We can agree to disagree, and
>leave it at that.
I'm not suggesting that you couldn't have software to use the
technique you describe - but that it wouldn't relate to the purpose of
UAC. The more exceptions you have to it, the more potential for
breaking it. And in this particular case, it'd be more of a total
backdoor than an exception - UAC is meant to give human interaction by
an authorized user, to approve potentially unsafe behavior.
Personally, I don't see the point of it, but it is necessary if one
wants the kind of file-system protection (and OS-settings monitoring)
that advanced operating systems are capable of. It would still be
possible to tweak one's system to avoid most UAC prompts, without just
disabling it and file-system protection altogether (but I'm glad that
they allow me to do that if I choose to).
--
Joel Crump