Comments on: Want UAC-Free iReboot? You got it: iReboot 1.1 released!

By: BK

BK — Mon, 29 Dec 2008 18:27:50 +0000

What a childish rant. Is anyone in your operation over 20 years old?

By: El Silencio

El Silencio — Mon, 10 Nov 2008 21:27:24 +0000

Guys and girls. We are here to discuss iReboot and not Microsoft Vista. No one has any doubts anymore that Vista is a failed OS which is just window dressing of XP. The usefulness can only be gauged by those selling new compatible software and hardware at the users expense since said users are not getting anything of value by being forced to buy a new system with a new OS instead of the good old OS. When I say being forced, I mean like buy a new SONY VAIO with Vista and install XP on it, your XP update for hardware will stay at 0 all the time. Microsoft does not want you to find any hardware updates for the spanking new vista compatible hardware to be used with XP or else every one who knows how will install XP and keep using their own programs that they have already paid for. Why should I be forced to buy the same programs over and over again or upgrade them while they are not doing anything new or that I need? How many USD100 are the changes worth to the general public between Office Pro for win3.1 and office 2007? Zilch. Some legislation is required and now that Obama is in the house maybe human beings can see some action that is of service to humanity instead of narrow minded ($$$) vested corporate interests.

Did I mention that this was about iReboot and not Microsoft? Well let’s get on with it then.

By: StephenTanner.net » Blog Archive » When Facts are Propoganda

StephenTanner.net » Blog Archive » When Facts are Propoganda — Wed, 22 Oct 2008 21:44:09 +0000

[...] paraphrasing but thats the general idea. First off UAC part of the new security focus can be easily coded around already. They have effectively proven that the UAC dialog boxes can be completely bypassed with a [...]

By: MiniNoticias » Blog Archive » El mecanismo UAC de Windows Vista, poco seguro

Tue, 26 Aug 2008 21:22:01 +0000

[...] “Las limitaciones de seguridad recién implementadas en Windows Vista son como mucho artificiales, fáciles de sobrepasar, y que sólo dan la impresión de seguridad”, escribían los desarrolladores de iReboot en su blog. [...]

By: Big Business Proprietary Means “Secure” Part II « Microsoft Haters

Big Business Proprietary Means “Secure” Part II « Microsoft Haters — Sat, 14 Jun 2008 18:06:38 +0000

[...] from the non-profit NeoSmart Technologies have published a report detailing their experience with coding around Windows Vista’s UAC limitations, including the steps they took to make their software perform system actions without requiring [...]

By: Noticias » Blog Archive » El mecanismo UAC de Windows Vista, poco seguro

Mon, 12 May 2008 17:03:20 +0000

By: Harry Johnston

Harry Johnston — Thu, 01 May 2008 00:11:58 +0000

This may be of interest to those following this thread:

http://blogs.msdn.com/crispincowan/archive/2008/04/28/uac-desert-topping-or-floor-wax.aspx

By: Mark

Mark — Wed, 30 Apr 2008 11:16:03 +0000

Just wanted to say thanks for iReboot, it’s a real awesome utility!

Now I can just restart my PC via iReboot, go take a shower, come back and find the right OS booted

By: Vista UAC isn’t just annoying and stupid; it’s insecure too! | Arno# - The cutting edge of developer waffle

Tue, 29 Apr 2008 15:23:09 +0000

[...] Read the full details of how NeoSmart bypassed UCA to get their iRebbot product working with Vista. [...]

By: Mad, Beautiful Ideas

Mad, Beautiful Ideas — Tue, 29 Apr 2008 15:00:18 +0000

Secure Applications Programming…

Neosmart Technologies recently posted a diatribe about Windows Vista’s UAC subsystem, and how it basically forced them to rewrite their iReboot application. iReboot is an interesting Windows application which allows you to set the bootloader to l…

By: Eludir la protección de Vista, o programar como se debe « SeMaToVe

Eludir la protección de Vista, o programar como se debe « SeMaToVe — Tue, 29 Apr 2008 07:14:57 +0000

[...] Want UAC-Free iReboot? You got it: iReboot 1.1 released! http://neosmart.net/blog/2008/ireboot-and-working-around-uac-limitations/ [...]

By: Mahmoud Al-Qudsi

Mahmoud Al-Qudsi — Tue, 29 Apr 2008 02:35:57 +0000

Larry, the default account in Windows Vista is an administrator – but like you mention, it too runs in “Administrator Approval Mode” w/ UAC enabled.

Lew, I will not bother to answer your question. Just re-read the article and the comments.

Richard Steven Hack:

If iReboot is a user-initiated application, why shouldn’t it do what my openSUSE Application Updater forces me to do whenever it tells me I have new software updates to install: ask me for the admin password? Or be run using “Runas”.

That’s exactly what iReboot 1.0 used to do. Except that Windows Vista wouldn’t require an application that asked for the admin password to run at startup, hence the need for iReboot 1.1 to automate the whole thing.

By: Morten Mertner

Morten Mertner — Mon, 28 Apr 2008 23:30:52 +0000

Larry, I’m running Vista with an Administrator account as I strongly prefer a long and complex password (which just isn’t viable with a regular user account and UAC). Force people to re-enter the password often enough and they’ll pick something easy, count on it.

Harry, “program accounts” is just regular system accounts except that they cannot be used for interactive logins by users. This allows programs to run with tailored permissions.

Lew, that’s just arrogance speaking. Don’t presume that people without formal CS training can’t comprehend complicated security issues. Separation of concerns is good (QMail is a prime example of this), but there are many other concerns for application developers: performance, time-to-market (developer productivity), maintenance complexity, etc. If you want developers to write secure programs, just make it cost-effective to do so. Or at least reasonably cost-effective.

By: Nick

Nick — Mon, 28 Apr 2008 23:24:48 +0000

To Lew:

For your reference, since you asked, I have a BS in Comp Sci / Mathematics (from a fairly good college), and over 10 years of experience.

And for those people not familiar with Vista:

The reason you need a dual-component implementation is that anything which interacts with the shell (which is required to display a tray icon) cannot be running in a privileged context. If you want a tray icon context menu command or click operation to perform an operation which requires a privileged context, it must logically make a LPC/RPC call to another elevated process which can. Pre-Vista, services could interact with the user window session under certain conditions (Interact with Desktop), so the separation wasn’t always necessary.

Hope that explanation helps.

By: Lew Nathan

Lew Nathan — Mon, 28 Apr 2008 22:57:03 +0000

Now that all the pissing and moaning has stopped, I was just wondering: how many of those with opinions about network/computer/system security actually have the schooling and training that accompany the acquisition of a Computer Science degree? I suspect that those who were in favor of the dual-component implementation actually have this training because the ’separation of privilege’ paradigm is a core requirement for well-implemented security models.

I will not spend the time to detail the aforementioned security issues, but suffice to say, that if the only difficulty bothering the implementers is the amount of work involved or some other annoyance associated with writing software, maybe they should learn to touch-type… it will facilitate their jobs as programmers.

And although I loath most everything M$, they actually HAVE made VISTA more secure (not TOTALLY secure) than any of their previous products.