9

When UAC was first introduced, most well-behaving applications were installed into Program Files folder, so any tampering with executable files without explicit user consent became impossible. So when a user executes a malware application, only this user's data could be destroyed.

However, a lot of applications are installed into AppData nowadays. Some applications want to make installation for restricted users possible, some applications don't want to ask for user consent every time they are autoupdated. Other apps ask for administrator rights during installation, put their files into Program Files, but change permissions of their folders.

Some examples:

  • Google Chrome is installed into AppData. I've installed it into Program Files, but later found out it actually uses executable in the AppData folder.
  • Valve Steam gives full access to SteamApps folder for all users during installation. This folder contains executables and data of all games managed by Steam.

Okay, Google Chrome doesn't seem to ask for admin rights, so if during its work it shows UAC dialog in yellow color, it'll be highly suspicious. But Steam games regularly ask for admin permissions when being run for the first time. Users will blindly say "Yes" to any dialog which appears during installation. And the result? The whole system for all users is compromised.

Applications like this seem to make UAC even weaker, even easier to bypass. Any executable file can change executable files used by all users. I guess PCs with multiple users with admin rights is insecure by design, but UAC provided at least some protection in this case.

How does this affect security and should I worry about it? If yes, can I do anything about it?

Athari
  • 191
  • 1
  • 6
  • About Google Chrome, there is a business version of Chrome that is supposedly better behaved (https://www.google.co.uk/chrome/business/browser/admin/) when it comes to installations, according to a comment here: http://serverfault.com/questions/574724/what-are-the-pros-cons-of-blocking-a-program-from-running-in-appdata-temp – x457812 Nov 26 '15 at 16:25
  • The problem is not "applications-installing-into-appdata-folder" but "Steam games regularly ask for admin permissions". No well-behaved application has ever required administrator rights to install. Administrator rights are for modifying the operating system and system-wide configuration. Anything that is not part of the OS should be capable of being installed in a profile-local way. (Admittedly, very few application installers are well-behaved) – Ben Voigt Jul 19 '16 at 21:37

1 Answers1

2

Applications installed using something like the "for myself only" option go in that user's AppData folder.

Malicious software run from another non-privileged user's account cannot (without exploiting a vulnerability) damage content within the AppData folder of another user if the system permissions haven't been misconfigured. The defaults leave this location secure against trivial tampering by other user accounts.

If you want UAC to be effective, then nobody can log in regularly to their workstations as administrators (even local administrators) as it breaks the model. Emergency local admin accounts may be needed for practical reasons and you can use LAPS (Local Administrator Password Solution) to achieve that.

Alain O'Dea
  • 1,615
  • 9
  • 13