Chapter 14: UAC Security


The previous chapters have dealt with general Visual Basic programming tasks. They show how to write the Visual Basic code needed to build an application.

This chapter discusses User Account Control (UAC) security issues. UAC is a system implemented by the Windows Vista operating system that allows programs to elevate their privileges only when they absolutely must.

In earlier operating systems that don’t have UAC, users often logged in with administrator privileges to perform fairly routine tasks because the programs they used might need administrator privileges. Now, with UAC, users can run with normal user privileges and only elevate their privileges to perform the specific tasks that need them.

UAC Overview

In general, a program cannot perform actions that require privileges that the user doesn’t have. If the user doesn’t have permission to delete files in the Windows directory, a program that the user can run should not be able to delete those files either. Otherwise, the user could perform actions that are supposed to be prohibited.

Developers have long known that an application should require the fewest privileges possible to get its job done. If a program needs a lot of privileges, then only the users who have those privileges can use it.

Unfortunately, many applications occasionally perform some fairly powerful operations. They may sometimes need to create or delete a file in the Windows directory, access system-related parts of the Registry, or modify environment settings. If the program needs those privileges, then the users running the program must have those privileges. That means that many users run programs while logged in as a system administrator so that they have the necessary permissions.

Carrying all of those permissions around comes with some additional risk. If the program misbehaves, it could wreak havoc on the operating system. Even if the program itself works properly, the user might accidentally do something disastrous while logged on as an administrator.

An accidental keystroke or mouse click could delete important files or drag them into oblivion, making it difficult to restore the system.

A better solution would be to allow a program to temporarily increase its privileges while it performs these powerful operations. If the program made a mistake while running some other part of its code, it would not have enough privileges to do serious harm. The user would not need to constantly have administrative privileges, so system-destroying accidents would be much less likely.

This chapter describes some of the new tools that you can use to minimize the user’s exposure to administrator privileges. It explains how to write applications that normally run with normal user privileges, but can use more powerful administrative privileges when necessary.

In older versions of the Windows operating system, when you logged in, the system gave you an access token that later determined the kinds of operations you were allowed to perform. If you logged in as an administrator, your token would let you do just about everything.

The Windows Vista operating system’s UAC system takes a slightly different approach. Now, when you log in as an administrator, the system creates two tokens. The first token has only standard user privileges, while the second has full administrative privileges. You begin running using the first token, while the second is saved in case it is needed later.

When you try to perform a task that requires extra privileges, UAC displays a dialog box asking for your approval. If you approve the action, your privileges are elevated to the full administrator token until you finish the action. Then your privileges return to the normal user-level token.

If you are a logged in as a normal user without administrative privileges, you may still be able to perform administrative tasks. When you try to execute a command that requires elevated privileges, UAC presents a dialog box warning you and allowing you to log in as an administrator. If you log in successfully, you are granted administrator privileges until you finish the action.

The difference between these two scenarios is small. If you are logged in as an administrator, UAC only asks you to confirm that you want elevated privileges. If you are logged in as another user, UAC requires you to enter an administrator’s password.




Visual Basic 2005 with  .NET 3.0 Programmer's Reference
Visual Basic 2005 with .NET 3.0 Programmer's Reference
ISBN: 470137053
EAN: N/A
Year: 2007
Pages: 417

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net