Windows

The Register gets it wrong on UAC


A lot of hay has been made over the new UAC feature in Vista. Apple has gotten a lot of mileage by poking fun at it. Users have all said how annoying the feature is by constantly forcing them to click OK to run programs. Some of the comments seem to be based in fact, others in hysteria or ignorance.

One of the latest misstatements I've found about Vista's UAC comes directly from The Register. They recently published an article online claiming that you can bypass UAC while installing a piece of software by simply renaming an executable's file name

When I read the article, I was a bit stunned by such an obvious oversight. Surely it didn't really work that way. I checked the date of the article: April 23rd, not April 1st. So, I next checked with some TechRepublic staff, Bill Detwiler and Mark Kaelin, and neither of them have heard of this either.

So naturally, I fired up a copy of Vista to confirm or deny it myself. I downloaded three different programs off of the Internet and ran their basic setup routines. Sure enough UAC caught them every time. Following the article's instructions, I renamed the install routine of the first program to Fred.exe. For good measure, I named the others Barney.exe and Dino.exe.  When I ran all three, UAC caught them all.

 

 

 

The programs, in case you were wondering, were AIM, YM, and WinZip. All were pre-Vista versions that I downloaded from OldVersion.com. The exact same thing happened when I downloaded the demo version of OneCare from Microsoft's Vista Web site. UAC caught it even after I renamed it to Wilma.exe.

In every case, whether Vista recognized the publisher of the application, as it did with OneCare, AIM, and YM, and when it didn't, as with WinZip, UAC challenged the installation of the program and prompted for an administrator password.

So what's going on here? An innocent oversight? Microsoft bashing? Journalistic laziness?  It's hard to tell. All I know, is that it took just a few minutes of testing to determine that this 'security warning' was a bunch of hogwash. 

The last quote in the article says:

""This is a little bit silly: just name the installer something else, and Vista lets it through.., Chess said. He added that although the feature is imperfect and inconvenient, it's "better than nothing""

To me, it's a little silly when someone starts writing articles about something as important as security without doing a little bit of fact-checking. It's worse than nothing.

13 comments
bookkeeper
bookkeeper

I can't say if Vista is a good thing or not I only got a chance to play with for a little while on somebody else's laptop but, I work with a lot of different types of users and most of them run Windows XP or Earlier. If they where to run Windows Vista i would say frustration would settle in first. I think the cleaner and simpler things are the more people will like it,although i will have to admit one thing i do like the looks of Vista its pretty. Signed Just an opinion

Fil0403
Fil0403

Quite normal most people use Windows XP ir earlier, Vista was released just 3 months ago; give it 1 year and you'll see. If, in their case, frustration would settle in first, that would mean they 1st) prefer convenience over security (which is dumb) and 2nd) are not aware they can just turn it off. Signed, Just a fact

apotheon
apotheon

"[i]prefer convenience over security (which is dumb)[/i]" Generally, I agree. There are limits, however. The amount of inconvenience I'm willing to endure must be balanced against the amount of security that comes with that inconvenience. Considering that Vista's security "features" impose significant convenience costs for dubious security benefits, I'm not terribly surprised people don't want to deal with the way UAC and other such features are implemented. That's especially the case, considering that you can get far better security through use of third-party software without sacrificing much convenience (comparably speaking).

John Sheesley - TechRepublic Pro
John Sheesley - TechRepublic Pro

I just rechecked the article. Looks like The Register has added a "Clarification" to their article: ------------ Clarification Changing the name of a compiled executable doesn't change its properties. But different names during the app development process do have an effect, as Mike explains. If I use Visual C++ to compile a program called, say, "Mikes Installer.exe", then Vista will popup the security message, drag'n'drop won't work (as it requires extra security rights), and if may app asks which version of the OS it's running on, then Vista will tell it that it's Windows XP. If I recompile the app as "Mike.exe", then these problems all go away, and Vista correctly tells my app that it's running on Windows Vista. Simply renaming the file from "Mikes Installer.exe" to "Mike.exe" isn't enough to solve the problems. Vista still (somehow) knows that the original filename had install in it's name. I wasn't simply trying to do some simple Microsoft-bashing. This is all simply all about the filename of your .exe's affecting the way they run in Vista. But the solution is to build your .exe files in Visual C++ with a different filename, or to add a Manifest .xml file, as some of your readers did mention. ------------ The 'clarification' clarifies the way that UAC works. Unfortunately, I'm not a programmer, so I can't confirm nor deny this aspect of the article. What the 'clarification' does however is completely proves my point about the article being completely off the mark. Another thing it does is answer the question I raised in the blog. It wasn't Microsoft-bashing that lead to this misstatement. It was a mix of both Journalistic Laziness and Innocent Oversight.

apotheon
apotheon

From what I've seen, it seems that the problem is that an installer named something like fred.exe from the very moment it was compiled, rather than renamed later, bypasses UAC. It's only when you rename install.exe to fred.exe that it can still recognize it as an installer, based on what he said. Another possibility, of course, is that the programs you tested are so well-known that they are specifically accounted for in UAC's operation, but less well-known programs might bypass UAC protection. I doubt that's the case -- the explanation given by the Register's guy is probably the correct explanation. In other words, it sound like it's perfectly on the mark -- it just wasn't very clearly explained.

nacht
nacht

It's completely off the mark because you go from renaming an installer (which anyone can do) to having to recompile it (which requires development software and a bit of knowledge.)

apotheon
apotheon

If someone's compiling malicious software that needs to bypass UAC for some reason, it's still a relevant complaint about how MS Windows Vista works.

georgeou
georgeou

Absolutely zero fact checking on theregister's part.

Freebird54
Freebird54

This does not necessarily invalidate the possibility of renaming for bypassing UAC - it just shows that 'random' names do not produce this effect. Has anyone tried using incorrect but 'known' names? I have no idea whether the original authors erred or not, but that is the possibility that comes immediately to my mind. Would that not be the first thing you'd try if you were trying to bypass a checkpoint? Would you try to bust security at a plant as Fred Flintstone, or as ? Let's get the whole story - either way it comes out...

John Sheesley - TechRepublic Pro
John Sheesley - TechRepublic Pro

That was a pretty good idea, so I took the same files and changed their names to notepad.exe and Solitaire.exe, both of which are valid Windows Vista executables. UAC still flagged the renamed executables. The 'real' Notepad and Solitaire would execute without UAC flagging them, but the renamed ones wouldn't. Good theory to test, but still - The Register's article still gets it wrong.

gary.douglas.hall
gary.douglas.hall

I recollect the Register's article was referring to the the executable's properties not the filename. I recollect the test performed was that if a setup application which contained the would setup, installer etc. in the product name/file description properties of the file then the UAC would capture it.If these properties were removed it would not capture it. Thus I do not belive that the test of just renaming the file would work anyway. However even if a setup application could get round this initial detection I would suspect if the installer needed to write to a UAC protected area (i.e. Program Files folder, Windows folder, HKLM registry hive etc) then the UAC would probably kick in at that point. The article did not mention that this was the case and implied just removing the properties would allow the installer to run. Has anybody got the time to build a installer to test this correctly?

richman316
richman316

Unfortunately this seems to be a true for ALL mainstream media. They rush to be 1st to publish a story that they forget to check the facts. Shame..

georgeou
georgeou

I've made some mistakes trying to rush things too and no one's perfect, but I've made sure I at least correct the error when someone points it out. I've notified their editorial staff and they're looking in to this when their European staff wakes up.

Editor's Picks