A Preliminary Study on the account protection mechanism of Microsoft Vista operating system

Recently, there has been a lot of news about Vista, and WMP11, a new member of Vista, has also made its debut. Today, let's take a look at how Vista protects account security.
When talking about Microsoft's operating system, we always care about security. Because the penetration rate is very high, and countless users around the world are using it, there are a large number of quality applications running on Microsoft's operating system, the combination of all this highlights the security issues of Microsoft products.

For example, in the past two years, the network-infected viruses such as shock wave, ripple, and Sven, all exploit Microsoft Product vulnerabilities and the carelessness of users.

Microsoft naturally won't let this problem continue. For a long time last year, all Microsoft developers stopped their development work and began to check the security of existing products. This check has a direct impact on the launch time of Windows XP SP2 and Vista. However, from the Windows XP SP2 and Windows Server 2003 SP1 published after the check, the security has indeed been greatly improved, A long wait is worthwhile.

Although the security has been improved after the patch is installed, after all, the patch is still applied to existing vulnerabilities, which makes people feel uneasy. So what progress will the new next-generation operating system make in terms of security? We can try it through the Vista test version. This article takes Vista version 5219 as an example. In this version, a major security improvement is to add a User Account Protection function (UAP ).

Vista development trends

New Vista member WMP11 debut

As a Windows player, WMP has always had a huge user base. Every time a new version is released, WMP has attracted a lot of attention from fans of Windows. Recently, WMP11 was launched four months after Vista Beta1 was launched. The preview function is added to WMP11 to display thumbnails of video files. Its user interface is basically the same as the previous work, but in terms of details, it highlights the texture of the panel and complements the crystal clear Vista.

Beautiful Vista WMP11

You may think that this is a safe and convenient mechanism, because you only need to enter the user name and password once you log on to the system, you can directly perform any operation with permissions during the entire logon process. At the same time, as long as the SAM Database is well protected, there is no need to worry about system security issues. However, this is far from the case. This approach is convenient but not safe.

We can consider this situation: After logging on to the system using the Administrator account, any program we run will naturally have administrator privileges. What if we accidentally run a file that contains malicious programs downloaded from the Internet? When a malicious program runs, it uses the access creden。 of the current user. That is to say, the program process also has the Administrator permission, and the process can perform any operation on the system. Realize the risks involved.

Therefore, many articles about system security suggest that you do not use an administrator account to log on to your computer, but an account with lower permissions, the Administrator account is used only when maintenance is required occasionally or other necessary operations are required, or the Runas command is directly used. In this way, system security can be ensured.

TIPS: Runas commands that have to be mentioned

Here we will introduce the Runas command. With this command, we can run the program with the identity of another user while the current user is logged on. For example, for a program shortcut in the Start menu, you only need to right-click the shortcut and then click the "run mode" command, in the displayed dialog box, select the "following users" option, specify a user name and enter the password. In this way, the program can run with the specified user identity.

Of course, if you like to use the command line method, you can also run CMD to open a command prompt and use a command like this: "runas user: the path and name of the program to run with the user name. Press enter and enter the password of the user. For example, you can run the Registry Editor as administrator by running commands such as "runas user: Administrator regedit.

Although we can log on with a user name with low permissions at ordinary times, we can use the runas command to execute specific operations. However, this is still troublesome and requires too many additional operations. To solve this problem, Vista provides the UAP function.

Before introducing this function, let's take a look at how various permissions in Windows are controlled. This section uses Windows XP Professional in a standalone or working group environment as an example. It is also applicable to Windows 2000/2003 and not to Windows 98.

After the system is installed, all user creden (that is, usernames and passwords) are stored in the Security Account Manager database. When a user logs on to the system, he must first enter the user name and password. The information is obtained by the winlogon process and submitted to the SAM Database for verification by the LSA (Local Security Authority, Local Security authentication) subsystem.

If the SAM Database contains qualified records, the LSA subsystem generates an Access Token and passes it to the user. When the user needs to run a program or access resources, the system first searches for the corresponding permission information in the access token held by the user, then compare it with the permissions required for the operation you want to perform. If the permissions are sufficient, you can perform the operation. Otherwise, the operation will be disabled.

Take running a program as an example. When we try to start a program, the system uses our access token to start the program, so that the started program has the same permissions as the token owner. To verify this, you can open the process tab of Windows Task Manager. This tab lists all processes in the current system. Each process shows its "Identity" in the "user name" column ".

The program is also started by the current user, but the Runas command is used at startup, so it seems that the program is started by other users. Of course, because these three processes use different access tokens (that is, user identities), the permissions of these three programs will be different.

After this feature is enabled, Vista actually runs automatically on a security level that is much less privileged. If the system requires higher permissions for some operations, a dialog box is displayed and you need to enter the password. This password can only be used to initiate this request. Other operations that you perform subsequently, even the additional operations caused by this operation, are all run with the lowest permissions.

By default, UAP is disabled. To enable this function, click "All Programs (All Programs)" in the Start Menu )", click "Turn UAP settings On or Off (enable or disable UAP)". You will see the page shown in Figure 2. Click "Yes" to open UAP, then we need to log out and log on again.

Try to change the system settings. For example, if you open any control program in the control panel, you will see the dialog box shown in figure 3, asking you to enter the administrator user password.

Pop-up warning box

Enter the administrator password.

Some people are worried that this function will cause inconvenience in use after it is enabled. In fact, it is unnecessary to worry that UAP is only a protection, not a simple limitation. Assume that we have enabled the UAP function and want to execute an operation that requires certain privileges, such as modifying the registry, there may be two situations: if the account you are currently logged on to has the permission to modify the registry, a dialog box will pop up asking you if you want to continue the operation. You can make a choice; if the current login user does not have the permission to modify the registry, Vista will pop up a dialog box to inform the user of this situation, and allow the user to enter a user name and password with the corresponding permissions for the account, you can perform operations after the verification is successful.

If you think this is not intuitive enough, you can edit the Registry to open another UAP interface. Locate HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurre in the Registry Editor.
NtVersionPoliciesSystem: change the value of ConsentPromptBehavior to "1" and restart the system. In this way, when running a program that requires certain privileges, the dialog box shown in Figure 4 is displayed first. If you plan to perform this operation, click "I want to complete this action (I want to perform this operation)". Otherwise, click "I do not want to complete this action (I don't want to perform this operation) ", return to the desktop.

Select item

UAP is a very good improvement. It enhances security while maintaining ease of use. We recommend that you use it for every user. However, the biggest disadvantage of this function is its compatibility with existing programs. Because UAP is a new feature in Vista, some old programs (especially those that work at the underlying system level, for example, the old version of anti-virus software, firewall, backup software, etc.) may not work normally after UAP is enabled, or there are problems.

For example, the McAfee VirusScan Enterprise 8 we installed is not optimized for Vista, but it can be installed and used in Vista by default. However, there is a small problem after UAP is enabled. No matter which account you use to log on to the system (including administrators and guests), you must enter the user password with administrator permissions when the McAfee Anti-Virus Software is started.

In fact, it is inevitable to think about it. After all, Vista is too new, and most programs have not considered these new features during design. However, this problem is not serious. After all, given Microsoft's absolute dominance in the field of personal computer operating systems, if software developers cannot promptly release applications adapted to the new operating system, it will surely be abandoned by users. On the contrary, if you can keep up with Microsoft and launch applications that can be used in Microsoft's latest operating system at the first time, it will be a great success.

Therefore, it is certain that after Vista is officially released, the corresponding applications will immediately release the new version for Vista, or