• [ Kill the Process, Use Killbox if your Access Denied ]

[In Windows Vista Run As Administrator, After Execution System Will Restart]

• %Windows\System\svhost.exe
• %Windows\system32\drivers\sysdrv32.sys
  [ No Exact Information about Files, search above related files in Program files Folder ]
  If you have any of these files in running process from task manger, end the process before removal.
  Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg [ Right Click - Save Target As/Linked Content As ]
  Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

Today, the Internet Explorer Team took over New York City’s Time Warner Center and San Francisco’s Justin Herman Plaza where local artists used food cans to create sculptures of the Empire State Building in New York and the Golden Gate Bridge in San Francisco. After the sculptures are completed, the cans will be donated.

 
(Credit: Diane Bondareff – Left / Pete LaPage – Right)

It’s all part of our Browser for the Better campaign. Turns out that during the school year over 17 million U.S. children receive free or reduced-price breakfast and lunches at their schools. But once the school year is ends and summer begins, these children longer receive this benefit as they are no longer in school until the fall. In response, we are joining forces with Feeding America to help these children this summer.

For every completed download of Internet Explorer 8 through the Browser for the Better website, we will donate the financial equivalent of 8 meals to Feeding America’s network of 206 local food banks. These food banks supply food to more than 25 million Americans each year! The Browser for the Better campaign starts today and will run through Aug. 8, 2009.

To also help kick off the campaign, the Browser for the Better website is hosting a series of new viral videos staring Dean Cain and directed by Bobcat Goldthwait which highlight features of Internet Explorer 8. Here is one of the 2 videos available today with 2 more coming soon!

Dean Cain is absolutely hilarious in these videos!

So what are you waiting for? Go download Internet Explorer 8 today and help us fight hunger in the United States this summer!

Oh and of course after downloading, give Internet Explorer 8 a try. Not only does it include features such as Web Slices and Accelerators for finding the information you want quickly on the web, it’s also fast and secure too.

I admit, as a non-programmer, I have very little knowledge about the inner-workings of Windows. However, as an enthusiast, I thought I had a basic but firm understanding of what User Account Control is, how it works, and why it exists. That’s no longer true. After reading reading an article by Windows-god Mark Russinovich, “Inside Windows 7 User Account Control“, I’m bewildered by the changes to UAC in Windows 7.

At first, Mark provides this logical explanation for UAC elevation prompts.

Elevation prompts also provide the benefit that they “notify” the user when software wants to make changes to the system, and it gives the user an opportunity to prevent it. For example, if a software package that the user doesn’t trust or want to allow to modify the system asks for administrative rights, they can decline the prompt.

Bearing this in mind, you’re probably familiar with the commotion raised months ago over a concern over how applications can silently turn off UAC prompts in Windows 7 which Microsoft addressed (after a fair dose of community effort), but what you might not know is that there is another and more serious “exploitative” UAC vulnerability breaking exactly what Mark described.

The other UAC exploit, discovered, demoed, extensively documented by Leo Davidson, is a code-injection vulnerability made possible by the new Windows 7 auto-elevation system. To summarize War and Peace into a short story if you will, it allows applications without UAC prompts (medium-level) to run code or other applications with administrative privileges (high-level), assuming the default security configuration in Windows 7 (don’t notify changes to Windows).

It was my original intentions to not publically address this until Windows 7 has been finalized, giving them an opportunity to fix it, which they have not in RC or later builds, but Mark’s article today tells me they’re doing no such thing.

Knowing the vulnerability, I was of surprised to see the article conclude with a direct reference to this exploit.

Several people have observed that it’s possible for third-party software running in a PA account with standard user rights to take advantage of auto-elevation to gain administrative rights. For example, the software can use the WriteProcessMemory API to inject code into Explorer and the CreateRemoteThread API to execute that code, a technique called DLL injection. [...]

The follow-up observation is that malware could gain administrative rights using the same techniques. Again, this is true, but as I pointed out earlier, malware can compromise the system via prompted elevations as well. From the perspective of malware, Windows 7’s default mode is no more or less secure than the Always Notify mode (”Vista mode”), and malware that assumes administrative rights will still break when run in Windows 7’s default mode.

Ultimately Mark dismisses the exploit and that’s where he lost me.

Mark points out though, excluding this vulnerability, there are actually other known methods for malware to compromise the system via elevation exploits, a flaw in the UAC design. What he misses though is the fact that the problem is more serious in Windows 7 than in Windows Vista.

How these variations of elevation vulnerabilities work is that they all piggyback on elevated application with COM objects that can be exploited to run functions at elevated privileges. However, in Windows Vista, the applications that can be piggybacked on would have displayed a UAC prompt at one point or another to elevate, whereas in Windows 7, there are known Windows executables that can be launched, silently elevated and piggybacked on.

What’s more is that this applies not only to malware but to any application. By that I mean legitimate developers can write applications that take advantage of this code-injection vulnerability to make their applications run in administrative privilege without UAC prompts. Of course, the likelihood of this is low, but not impossible. For example, competing softwares could leverage this to make their software appear “less annoying”. If you’re having to doubt if an application is following the rules, it would damage the reputation of the whole ecosystem.

Putting the “security barrier” jargon aside, I argue as a direct result of the auto-elevation white-list, the UAC in Windows 7 by default is fundamentally less secure than Windows Vista’s default. I recognize that UAC was not designed to be a “security feature” to begin with, but with each new version, an operating shouldn’t become less secure and expose more risk to the user.

Granted it is highly unlikely Microsoft is willing to revert Windows 7 to UAC-prompt-hell, what they can and should do is communicate that there is a difference in security between the Windows 7 default UAC setting and the “Always Notify” mode. If users then accept the increased risk, then they should be able to enjoy a less annoying Windows.

Thoughts?

Update: I have a video demonstration of this vulnerability in play at an updated post here. The source code has also been released.