If you've developed a remote control application as I've done, you must know that screen capture doesn't capture the UAC dialog when that dialog is pop up, and as a result the control can't be continued.
Anybody know a solution to this?
From what I understand, I believe what you're asking about is possible.
In addition to remote control software, test automation software and accessibility apps for those with disabilities also need a way to interact with protected UI and the secure desktop.
Regarding the issues UAC presents for remote control software, see:
http://www.uvnc.com/vista/
http://groups.google.com/group/microsoft.public.platformsdk.security/browse_thread/thread/acb3a0ccb7682506/d05b0a3026366423
Those links contain info on how the UltraVNC project works around UAC. UltraVNC is open source, so the code might be a good resource as well.
I think the solution to this type of problem probably always involves delegating high-integrity tasks to a service. I don't think there's any other way around it (besides disabling various UAC settings).
And needless to say, writing an app that has an unusually high level of control over the system is a tricky matter - a lot of care must go into the design to make sure it's safe for use without exploitation. :)
See also:
http://www.codeproject.com/KB/vista-security/SubvertingVistaUAC.aspx
http://www.codeproject.com/KB/vista-security/VistaSessions.aspx
http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/4aadadbd-fc3d-4239-ba0f-4d81f17ec938
That is the entire point of the UAC dialog.
So, to answer your question, "No, nobody knows - because it isn't or shouldn't be possible".
Related
I am working on building a system that can monitor how users react to security alerts on their systems (software updates, warnings etc.). It also needs to monitor the web traffic and the processes running on the system and I am looking to the community to help me design this system. We intend to provide users with test laptops and monitor their behavior over a period of time to see how they react to security alerts thrown by various applications and the OS(windows in this case).
Following are my questions
Can I use windows hooks to solve the first problem i.e finding how users reacted to the alerts thrown by various applications. Specifically, can global hooks be used to solve this?
(How this information should be collected (XML?) and relayed back to a server(how frequently?) is another problem)
Can I do this in C# or it has to be done only in c++ or VB?
Do you know any alternate approach to solve the problem? Is there any software that has these capabilities.
I have many more questions but getting these answered would be a good first step. Really hoping for some good insights from the knowledgeable people on this community
Thank you in advance
Edit:
Example scenario is when adobe prompts you to update the flash player or the antivirus prompts you to update definitions or any application displays a notification(security related having keywords like update, warning, install etc.) needing the user to take some action. Windows system updates is another example. I want to know how the user reacted to these alerts/notifications/updates (which are typically a pop-up window). So i was wondering if i placed a global hook that can monitor the content of the windows displayed on screen and notify me(server) when certain words like update, alert, warning etc. appear in the content/title of the windows and what the user did with the message(dismissed it, Oked it etc). Unfortunately, i do not have any more specifications than this. I can use anything I want to achieve this and I am not clear on what my choices are.
Edit 2:
After having reviewed my requirements and having read about hooks, I feel like I could achieve this by a combination of hooks and the following textGrab SDK, http://www.renovation-software.com/en/text-grab-sdk/textgrab-sdk.html. I want some guidance to know if I am on the right track. I am thinking if I can install hooks then it gives me handles to all possible windows on the screen and I can use the textGRAB SDK to look for certain keywords in those windows. Although this may capture some interesting text, I am still not sure how I will know what action the user had taken on the window. Anybody having any experience with either hooks or textGRAB, please let me know if this looks like a reasonable thing to do. If the community has some other Ideas on how I could possibly monitor security related messages thrown by any application in the system, please suggest. I am looking forward to some useful advice for completing a challenging project.
First of all, you need to define, how you will "see" security alerts in code. "Security alert" is quite a vague term. Will it be some window with some caption and some message to the user or ... ?
Next, about web and processes: Windows hooks won't help you with your task. They are more low-level and not as advanced as you'd need. You can't hook network traffic (you need either network filter driver for pre-Vista or Microsoft Filtering Platform for Vista and later). See this question for some information about checking the process list with C# (there seems to be no easy way to catch process startup either).
It honestly sounds like you need a more solid direction. I commend you for trying to provide details, but It appears that you still need more information about your problem(s)..
I will attempt to answer some of your questions, but like I said - it sounds like you need to know more about your problems before we can provide you with optimal answer(s).
-Alerts is too vague a term, you will need to define this better. Are these 'alerts' applications that YOU have control over or are they third party applications? Not every application will show an 'Alert' in the same fashion, and even if they did - I think using a System Level Hook would probably be too problematic to implement your solution with. I'm not saying it's necessarily impossible, but you're talking about possibly implementing a different set of logic(to determine the data for a given application's Alert(s)) for each application that you want to monitor.
-It's impossible for any of us to determine the optimal storage mechanism for your particular needs, that is something that you will either need to provide more details about or decide on your own.
-How often you collect data is also something that you will have to either provide more details for or decide for on your own.
-C/C++ Would probably provide you with the most portable solution, although there is nothing preventing you from using c# to call Win32 API. (Not everyone has the .NET framework installed - believe it or not)
-The problem that you mentioned appears to be a somewhat specialized problem... I don't know of any existing software that will do everything that you want to do.
Another possible issue that you haven't touched on:
You haven't specified your target audience for this 'service', but I want you to know that if I found an application monitoring as many events as what you're talking about doing, I would promptly remove it and write a nasty letter to the company that wrote it.
In summary, Read this Article on hooks to get a better understanding of how they work.
I know blocking a website is a popular question but none of the answers I've seen address my particular situation:
I want to block a website (to be selected by the user, which must also have Admin rights, on Windows XP), without forcing her to restart her browser.
The well known technique of modifying the hosts file requires some browsers to be restarted. I want to accomplish that in a way that is browser-independent (e.g. Content Advisor works in IE but not in FF) and which doesn't require the user to restart his browser.
Please note that I am interested in knowing how to do this programmatically, so http://superuser.com or http://serverfault.com aren't really the right places for this question, as they mostly suggest tools and services, while I am interested in the underlying knowledge so that I can implement it myself.
Ideas?
Thanks.
Please note that I am interested in
knowing how to do this
programmatically, so
http://superuser.com or
http://serverfault.com aren't really
the right places for this question, as
they mostly suggest tools and
services, while I am interested in the
underlying knowledge so that I can
implement it myself.
Such tools would filter traffic by implementing a NDIS Intermediate Driver. See also this other question.
I'm wondering if there is a way to intercept that a Windows session is about to be locked and essentially provide a pop-up just before. We've got an intranet punch in/out facility, and many people forget to punch in or out before leaving for lunch or for the day. Essentially I'm looking for a way to give the users the option to log out when they lock their machines.
I am also completely open to the possibility that this may not be possible due to security concerns, but I wanted to see what the community's take on it was anyway. Thanks!
Haven't tried it, but the Microsoft.Win32.SystemEvents class might have what you want.
Specifically, you may want to try the SessionSwitch event. According to this bytes.com post, it should work:
Handle the Windows Lock Desktop event/message?
You can use the Remote Desktop Services API WTSRegisterSessionNotification to get lock notifications, but there doesn't appear to be any way to override the lock.
Personally I hate auto-created desktop shortcut icons, but some folks seem to think that unless your installer clutters up your desktop, it hasn't worked correctly!
Are there definite guidelines for this (for Windows?)
(Having a "Leave clutter on my desktop?" checkbox in the installer is one option, but to my mind, that's just put MORE clutter into the installer...)
From here: https://learn.microsoft.com/en-us/windows/win32/uxguide/winenv-desktop
If your users are very likely to use your program frequently, provide an option during setup to put a program shortcut on the desktop. Most programs won't be used frequently enough to warrant offering this option.
Present the option unselected by default. Requiring users to select the option is important because once undesired icons are on the desktop, many users are reluctant to remove them. This can lead to unnecessary desktop clutter.
If users select the option, provide only a single program shortcut. If your product consists of multiple programs, provide a shortcut only to the main program.
Put only program shortcuts on the desktop. Don't put the actual program or other types of files.
My take is this: the installer must ask me if I want a desktop icon - to which I can reply yes or no.
Any app that just blindly and without asking installs its icon on my desktop is a bad installation in my opinion.
Ask for permission - if I deem your app important enough to me personally, I might say yes (but most likely I won't). Give your users a choice - don't just assume since it's your app, it's so darn important to everyone that everyone will want to clutter up their desktop with your program icon.
The same goes for the installation directory - unless you have a very good technical reason why you can't install anywhere, allow me to change the program's installation target directory. Not everyone is a big fan of the "c:\program files" folder hierarchy (I'm not, for one - I like to keep my apps in C:\bin for instance).
So in general: any decent installer should ASK the user installing for these things and present sensible defaults - but always give me the option to change the settings to my liking (to my standards).
I don't know of any meaningful guidelines, other than your conscience. As a programmer, I sympathize: I don't want icons on my desktop, either :-) However, having watched non-technical family members struggle with installing software and then trying to run it, I think it's worth noting that
1) There are more non-techies than techies
2) Techies can cope with checkboxes on installers
Based on that, I usually go for having a checkbox on the installer for creating icons, which defaults to on. I don't mind anything other than the "always create icons" approach. (I'm looking at you, Adobe.)
I think that depends on what you see your client doing with the app, the level of the client's expertise with computers and how frequently you see him using it.
If the client is not very well versed with computers he would prefer to have the icon on the desktop where he can access it. If you target market is experienced users you don't need to bother because he can make the icon himself if he wants it.
If the application is for daily frequent use like a web browser the client would want it on his desktop for quick access.
Finally the decision rests on you. If you're being obnoxious you can create 4 icons on the desktop (I've seen apps that do that).
I don't think asking for permission is a bad idea. After all the installation needs to be done only once and it's just one checkbox to tick.
I've no particular love for desktop (or quick launch) shortcut icons either, but I think that you should still give your users the option in the installer to install neither, one or both of these shortcuts.
Depending on how computer literate your users are (if it's possible to determine this) you can default the two options to either enabled or disabled accordingly.
I think one of the main causes of winrot are the sheer number of services that run at startup (and don't shut down) that phone home every x seconds to see if there is a new version of some piece of software.
Me personally, I disable every single one of them because they seem utterly useless to me. Most of the software packages that use these things, have an option to check for updates whenever you launch the program itself too. This looks way more efficient to me.
I was asking myself what the reason is for companies like Adobe and Apple to create such services that bog clients' computers down and at the same time increase the burden on their own update servers for what looks to me as very little return value for neither of them.
My client requests such a service, but I don't see any reason for it. I want to make sure I'm not missing a piece of the puzzle so I can come back with an educated opinion on why this is should or shouldn't be a desired functionality.
It's usually a desire by management to get brand recognition. It goes something like this:
Oh no. If our program just does its job, the user will never see that it's there, and they'll never find out who we are, and what a great company we are.
We need an icon in the tray; we need a shortcut on the desktop, and in the quick launch toolbar, and at the top level of the Start menu. If we could add a control panel applet, and an item on the right-click menu in Windows Explorer, and an icon in Internet Explorer, that'd be fantastic.
Of course, since our program's so important, the user's going to be using it a lot. Let's add a "speed boost" program that runs at startup, that makes sure that all of our binaries and dependencies are pre-loaded in the cache.
Oh, and we'll need an automated update program, to make sure that all of these components are as wham-bam-great as we can make them.
And can you put a splash screen on that as well?
Can you tell I'm bitter?
Roger's spot on.
Plus, once an application has developed to the point where it already has all the features you could expect it to cover for its intended purpose, the vendor is stuck. They need to keep banging out exciting new versions, so scope bloat creeps in. Instead of doing one thing well and getting out of the way, we must do everything related to it. We must always be in the user's face; they must never be allowed to use software that isn't ours; they must always be interacting with our brand. And of course we must take care to always start an updater task in the background, because we added a completely unnecessary internet-facing browser plugin/toolbar/ActiveX thing that will surely turn out to have security holes.
Acquisitive software is a huge problem that is steadily degrading the user experience on Windows. And it's an arms race: Microsoft hide old application surface interfaces (deprecating the classic start menu, removing quick launch, hiding system tray icons, auto-removing inactive Desktop icons) as they become so full of acquisitive-software junk that they're basically unusable, whilst introducing new ones that "will be better". But how long until applications start "helpfully" adding themselves to the Start menu's MRU list (because you're definitely going to want to use our great software a lot!) and pinning themselves to the Windows 7 dock?
Linux is doing better here because the distros own access to the user and aren't going to put up with any of this crap. Not something Microsoft can get away with though unfortunately.
Bonus Did You Know Fun Fact: Once upon a time, Nero was a nice, elegant CD-burning tool.