1
00:00:01,730 --> 00:00:08,710
If some program requests raising privileges it should do this in the secure desktop the secure desktop

2
00:00:08,710 --> 00:00:12,850
is not protected by the control alt delete key sequence.

3
00:00:12,910 --> 00:00:15,670
However it's well-designed designed so it's difficult to overlook

4
00:00:19,160 --> 00:00:25,160
the security desk top is primarily to minimize the risk of spoofing programs in a dialog box.

5
00:00:25,160 --> 00:00:29,640
The security only raises the level on the Internet.

6
00:00:29,660 --> 00:00:33,190
There are programs that emulate the window asking for additional privileges

7
00:00:36,010 --> 00:00:39,720
to secure desktop is also designed to draw our attention.

8
00:00:39,760 --> 00:00:43,900
It's hard to overlook such a window.

9
00:00:44,010 --> 00:00:47,130
Let's think about the purpose of User Account Control.

10
00:00:48,760 --> 00:00:53,770
Windows users unlike users of other systems are accustomed to the fact that they work in administrative

11
00:00:53,770 --> 00:00:56,910
accounts.

12
00:00:56,970 --> 00:01:01,020
It says a lot of historical justification.

13
00:01:01,090 --> 00:01:07,470
We log on to the Administrator account and we work on it the entire time.

14
00:01:07,550 --> 00:01:13,040
It's difficult to imagine how Microsoft while ensuring the safety of users and without compromising

15
00:01:13,040 --> 00:01:18,680
their reputation or the brand of their systems would have to convince all users to suddenly begin to

16
00:01:18,680 --> 00:01:20,680
use standard user accounts.

17
00:01:23,060 --> 00:01:29,110
All the more many programs do not run correctly if they do not have additional privileges.

18
00:01:29,120 --> 00:01:31,420
This is due to what we talked about a moment ago

19
00:01:34,120 --> 00:01:40,430
companies producing or creating and testing the software use the administrative account on a daily basis.

20
00:01:43,330 --> 00:01:47,430
The programmer wrote the program which ran the administrative account.

21
00:01:47,660 --> 00:01:53,170
Tester logged on to the administrative account and found that the program operates correctly.

22
00:01:53,170 --> 00:01:58,540
No one became especially involved in testing whether the program will also run when we take certain

23
00:01:58,540 --> 00:01:59,800
privileges away from it.

24
00:02:07,690 --> 00:02:12,970
The User Account Control mechanism is enabled by default and its configuration is reduced to a single

25
00:02:12,970 --> 00:02:15,880
dialog box.

26
00:02:15,890 --> 00:02:19,040
This is probably the ugliest dialog box in all of Windows

27
00:02:22,230 --> 00:02:23,070
in Windows Vista.

28
00:02:23,070 --> 00:02:28,650
This configuration was more extensive in Windows 7.

29
00:02:28,650 --> 00:02:33,630
It boils down to the fact that we can say how often we want to be asked whether we agree to attach the

30
00:02:33,630 --> 00:02:38,840
process to an administrative token.

31
00:02:38,910 --> 00:02:42,630
You've probably noticed in Windows 7 that this question is asked less often

32
00:02:45,360 --> 00:02:49,800
Windows 7 designers notice that there is no sense in asking such questions.

33
00:02:49,950 --> 00:02:55,860
If for example we run a trusted program such as a part of an operating system whose operation is determined

34
00:02:55,860 --> 00:03:02,100
in advance and it's known what a given function is doing.

35
00:03:02,240 --> 00:03:08,060
If we run a system component that's digitally signed by Microsoft it should automatically receive administrative

36
00:03:08,060 --> 00:03:12,630
privileges because it does not pose any threat to the integrity of the system.

37
00:03:14,890 --> 00:03:18,670
The simple fact has caused the number of questions to be greatly reduced.

38
00:03:21,360 --> 00:03:24,400
Let's see then how the user account control mechanism works.

39
00:03:26,210 --> 00:03:32,210
If we're still using a 32 bit operating system we'll also see how the mechanism allows running applications

40
00:03:32,620 --> 00:03:36,750
that for some reason require additional privileges.

41
00:03:36,760 --> 00:03:44,070
We'll see how the user account control mechanism automatically virtualise its processes in testing Windows

42
00:03:44,070 --> 00:03:51,960
7 run the command line although we're logged in as a user having administrative privileges.

43
00:03:52,070 --> 00:03:59,230
We've not asked for granting an additional token so the CMT X-C process runs with the standard user

44
00:03:59,230 --> 00:04:02,450
privileges.

45
00:04:02,450 --> 00:04:06,890
Let's go now to this system folder we're in the Windows folder.

46
00:04:09,160 --> 00:04:15,530
Without any problem we can read its contents.

47
00:04:15,610 --> 00:04:17,380
Let's try to write something in this folder

48
00:04:21,520 --> 00:04:29,310
an error message is displayed informing us about denial of access by default standard users do not have

49
00:04:29,310 --> 00:04:32,190
the rights to modify the content of the system folder.

50
00:04:36,140 --> 00:04:42,470
If we now run Windows Task Manager and find our program CMD DXi it turns out that we can virtualize

51
00:04:42,470 --> 00:04:49,830
it in virtualization option is automatically run for processes of third party applications.

52
00:04:52,010 --> 00:04:57,830
As far as CMG is concerned it's not automatically enabled because we should not virtualize this program

53
00:04:59,540 --> 00:05:03,890
we do this solely for the purpose of demonstration.

54
00:05:03,950 --> 00:05:10,460
If a third party application wants to perform an operation just as we did a moment ago it will be automatically

55
00:05:10,460 --> 00:05:14,150
virtual ised.

56
00:05:14,170 --> 00:05:15,520
Let's see what changed.

57
00:05:16,490 --> 00:05:25,230
Now the same file in the same folder can be created was a privilege to the folder changed rather not.

58
00:05:25,470 --> 00:05:27,430
Maybe this file wasn't even created.

59
00:05:29,640 --> 00:05:30,300
Let's check

60
00:05:38,110 --> 00:05:42,260
as we can see the file exists and the fragment of some text is saved within it.

61
00:05:43,810 --> 00:05:49,660
The question arises where is this file.

62
00:05:49,850 --> 00:05:55,830
In order to answer this question we run Windows Explorer but we run it from this process.

63
00:05:57,330 --> 00:06:02,980
Because the parent process has virtualise the newly run process will also be virtualise.

64
00:06:03,300 --> 00:06:09,520
We see that a new button appeared which normally we won't find in Explorer.

65
00:06:09,730 --> 00:06:13,210
When you click on this button it turns out that we can see our file.

66
00:06:13,570 --> 00:06:14,970
So what happened.

67
00:06:15,160 --> 00:06:18,180
Not the location of the file.

68
00:06:18,300 --> 00:06:20,630
It is no longer a system folder.

69
00:06:20,650 --> 00:06:28,180
It's a user folder all operations performed by the virtualization process or captured by user account

70
00:06:28,180 --> 00:06:33,570
control and redirected to a folder where they can be performed.

71
00:06:33,570 --> 00:06:38,970
This is a solution which is solely intended to enable older and poorly written applications to run.

72
00:06:38,970 --> 00:06:42,710
This is why virtualization is not available in 64 bit Windows.

73
00:06:45,400 --> 00:06:51,400
Microsoft's assumption is that the transition from 32 to a 64 bit platform is the equivalent to the

74
00:06:51,400 --> 00:06:54,880
transition to a higher quality.

75
00:06:55,000 --> 00:06:59,410
Here there should be programs written so that they work properly with standard privileges and do not

76
00:06:59,410 --> 00:07:04,540
have to be virtual ised.

77
00:07:04,550 --> 00:07:09,590
Unfortunately the only program that fully incorporates the integrity level mechanism and the user account

78
00:07:09,590 --> 00:07:10,120
control.

79
00:07:10,130 --> 00:07:19,200
Up to now is Internet Explorer this same Internet Explorer running on Windows 7 and on Windows XP offers

80
00:07:19,200 --> 00:07:23,170
completely different levels of security in Windows XP.

81
00:07:23,170 --> 00:07:26,680
It's not run in protected mode in Windows 7.

82
00:07:26,710 --> 00:07:28,360
It's run by default.

83
00:07:28,390 --> 00:07:29,560
How was it done.

84
00:07:31,560 --> 00:07:38,530
In one of the earlier lectures we said that the Internet Explorer process runs on a low level of responsibility.

85
00:07:38,750 --> 00:07:43,140
Therefore it cannot modify anything that is located at higher levels of responsibility

86
00:07:46,160 --> 00:07:49,160
if the user would like to perform such an operation.

87
00:07:49,160 --> 00:07:57,290
The proxy i.e. user X-C is used to use this proxy we have to explicitly agree to this.