UAC en Windows 7

30 01 2009

Una de las nuevas caracteristicas de Windows 7 es la capacidad de finalmente poder configurar la User Account Control (UAC), esa infame y molesta ventanilla introducida en Windows Vista para mejorar la seguridad.

Como Windows no puede diferenciar entre un usuario haciendo click sobre un botón y un programa haciendo click sobre un botón, la UAC fue implementada inicialmente para siempre advertir al usuario via una ventana de dialogo mostrada en un Escritorio Seguro (Secure Destop), similar a la pantalla de inicio de sesión, sobre cualquier cambio en la configuraión del sistema.

Windows 7, sin embargo, ahora incluye la posibilidad de configurar UAC para ocultar estos – molestos a veces – avisos cuando los usuarios cambien configuraciones de Windows. Mientras que este modo aun asegura que las aplicaciones normales no puedan sobreescribir completamente alguna llave del registro, Microsoft ha permitido que los usuarios cambien cualquier configuración de Windows sin ningún aviso advirtiendo de aquello. Sí, incluso se puede cambiar la configuración de UAC – desactivar – de tal modo que Windows no advierta nunca al usuario de estos cambios que se están llevando a cabo en el sistema =O – en realidad en Windows Vista también se puede desactivar, pero nadie lo hace extrañanamente xD -, permitiendo así a las aplicaciones “reinar libremente” en el “modo elevado”.

Pero ¿qué tan dificil es pasar por alto o en otras palabras desactivar la UAC para afectar de alguna forma el normal funcionamiento de Windows?. Windows distingue entre un programa modificando la configuración del sistema y el mismo Windows modificando la configuración mediante un certicado de seguridad. Las aplicaciones que pueden cambiar la configuración del sistema están firmadas con un certificado especial de seguridad. Así, las distintas opciones dentro del panel de control de Windows están, de hecho, firmadas con este certificado y por lo tanto no advierten al usuario si este cambia alguna configuración del sistema.

El talón de Aquiles de todo esto, es que cambiando la configuración del UAC también estamos “cambiando la configuración de Windows”, y de acuerdo al nuevo nivel de seguridad de UAC, Windows no advertirá de tal cambio. Incluso el desactivar por completa la UAC no producirá ninguna advertencia al usuario de tal acción. Así un simple script o programa desarrollado en algún lenguaje puede acceder a desactivar por completo y sin que el usuario sepa la UAC mediante el uso de algunos metódos como SendKeys,Run

El código puede ser visto en withinwindows

Hasta ahora la explicación dada por Microsoft ha sido que esta es una caracteristica hecha “por diseño” y que no será cambiada por ahora. Una solución obvia para esto sería forzar el ajuste de la configuración de la UAC fuera confirmado por el usuario mediante el ingreso de la contraseña de administrador tal como ocurre en Linux o simplemente mantener la configuración del UAC en su valor por defecto o no desactivarla completamente para evitar problemas.

En Windows Vista para desactivar/activar la UAC podemos crear 2 archivos .bat.

Para desactivar la UAC:

Usamos un editor de texto simple como notepad o notepad2, creamos un nuevo archivo de texto y escribimos:

%windir%\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

  • Guardamos el archivo como:
      Tipo : Todos los archivos
      Nombre: DesactivarUAC.bat
      Click derecho sobre el archivo y seleccionamos “ejecutar Como Administrador”
      Reiniciamos Windows
  • Para activar la UAC:

    Creamos un nuevo archivo de texto y escribimos:

    %windir%\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f

  • Guardamos el archivo como:
      Tipo : Todos los archivos
      Nombre: ActivarUAC.bat
      Click derecho sobre el archivo y seleccionamos “ejecutar Como Administrador”
      Reiniciamos Windows
  • Anuncios

    Why I don’t Like Linux

    28 01 2009

    Many distros, such as Ubuntu do have good “out of the box” support but driver support still lags behind nevertheless. I don’t want to spend time searching for drivers and then typing in tons of commands to get things up and running properly. Sure you can go buy specific hardware that is known to be Linux compatible but isn’t that like having to live with a MAC??!??!!???!!

    Every distro has a package manager. However I cannot keep count of the number of times I have seen how friends installed a package that does not work. Then when They go and search in the forums, They get answers telling them “download this” and “type these commands”. Wait a minute! Shouldn’t it just work without all the run around???? Does anyone realize how annoying and confusing that is for users? To them it looks like an easy way to install new software but then they get a nasty surprise. Folks the average user hates that.

    Command Terminal:
    Look it’s 2009. The public doesn’t want to type in commands. GUI’s have been around for how long? It’s obvious by the success of Windows that users want an easier experience. However in Linux you just can’t get many things done without typing in commands. It’s time consuming. Users want to use their software and do things, not spend time typing commands. Users need something easier and intuative. If you don’t want to give up the need for a terminal fine but don’t complain when the public still prefers Windows and it’s easy GUI that does nearly everything by point and click. If Windows is so bad why is it so popular? If what makes it so popular is something you do not want to offer then all the complaining and comparing is pointless. At that point you might as well just accept that you’re never going to be more popular than Windows, be quite, and play with your Linux quietly.

    There are many forums. Some of them are good. Some of them are full of arrogant jerks that just hate Windows and turn off nearly every new Linux user they run into. Regardless, as a new Linux user you spend more time in a forum begging for help than you do actually enjoying Linux. PLUS! If you have a serious problem that keeps you from getting on the internet… do you get to the forums? Take a guess…using another system. Isn’t it embarrassing to need to use a Windows system to go onto a forum to get Linux help? Doesn’t that make a statement about Linux?

    There are some great packages that shine. However the vast majority is of the same quality as shareware for Windows. I understand that it’s free and I shouldn’t complain but look it either fills a need or it doesn’t. I’m not going to use something crappy just because it’s free.

    Linux fails miserably for 3D gaming. I’ve said it a thousand times and I’ll say it again. If Linux could get a standardized 3D system like DirectX and attract gamers, it’s popularity would skyrocket. There are a few 3D games out there but most of them are hacked ports to Linux that are full of bugs, not to mention that the games are old news. Even if a user is not a big gamer, they still will play a game every once in awhile, and they want something that blows their mind. Linux doesn’t offer that.

    Microsoft has Linux beat hands down in this area. There are so many Linux distros and each of them are doing their own thing. Linux software is a hodgepodge of different packages that may or may not work with your distro. Windows users hate the fact that there are a handful of Windows versions that require different drivers. Do you honestly think that they’re going to like something with even more variations? There is a point when too much freedom becomes chaos.

    File System and Naming:
    In DOS and Windows, file extensions indicate a purpose. In Linux anything goes. People need some kind of clearly defined order to lead them in the right direction. Furthermore it saves time to immediately recognize a file for what it is or how it’s used.

    Also some of the names given to software and commands are well…..nuts. It’s looks like someone dropped scrabble blocks on the floor and randonly selected letters to name things. Overall we come back to the chaos issue.

    I’m pretty fed up with the excuses. I’m often told stuff like “Linux isn’t meant for that” or “Linux isn’t trying to be Windows”. Own up to the truth. Linux has serious problems. While it may not be trying to be 100% like Windows, to the eye, it has the same general appearance and there is an OBVIOUS reason for that – users want it. So stop covering up the problems and making excuses when things fail. Linux wants to be better than Windows. It wants to be the more popular OS. It wants to offer all the features that Windows offers.

    Until linux developers and supporters stop hating Windows enough to get inside the heads of Windows users, Linux will NEVER beat Windows. Consumers use what they like. OBVIOUSLY they like Windows more, no matter what excuses are offered. Why in the world would users turn down a free OS for a commercial one unless there are big things they don’t like? Stop trying to tell consumers why they should hate Windows. Instead concentrate on making Linux something that consumers really want. Not what you think they should want.

    The fact is that most computer users are novices. You must cater that crowd to be successful at overtaking Windows. There is no honor in being able to use a more complex operating system. Nobody is impressed. Nobody cares. An operating system should make things easier NOT harder. If Linux devs would face the truth and cater to the needs of the public they might be more successful.

    Here’s the killer for Linux and if devs and hardcore fans could wipe the hatred away front their eyes long enough to see it, they would. At the current rate of development, Windows is better equipped to steal ideas from Linux and put it into an easy to use package. Linux, on the other hand cannot develop quickly enough. Unless devs band together, standardize, and get serious about winning over the public, Linux may never catch up.

    I know some Linux fan is going to say something about how wrong I am but that type of response is at the heart of the problem. You can’t tell a consumer how they should feel or how they should perceive a product. You must adapt to the consumer. If the consumer doesn’t like what you have, then YOU are wrong and you will never convince them otherwise.