Altap Salamander: UAC support

[Jan Rysavy]

Split from http://forum.altap.cz/viewtopic.php?p=19032#p19032

Put all the file operations in COM objects and use the moniker technique to deal with UAC.

Why COM objects? Another EXE running on high integrity level and performing operations should be enough.

[Andre.Ziegler]

why running 2 exe? I think the way the explorer does it is fine.

[zarevak]

I'm currently developing an Installer application, which needs to handle UAC as well. I'm using the two EXE solution, because it doesn't need any COM registrations and just works out of the box

I don't see any reason, why using two processes is any worse solution then using COM objects hosted in high integrity system process. I find the two processes solution better

I know of only two drawbacks when using two processes for UAC:
- you have to develop some communication protocol between the two processes
- you have to protect the communication protocol from command injection from malicious applications

By the way: If you want Salamander to be portable, it's much easier to run second high integrity worker EXE then to register a COM server, use it and then unregister it afterwards. Explorer is always installed, so COM object registrations are no issue for it

[Jan Rysavy]

The code injection isn't problem anymore, Microsoft dropped the ball with Windows 7 "security" model.
Windows 7's UAC is a broken mess; mend it or end it

The Windows 7 UAC is here only to annoy users, not to stop malware. Also it makes non-Microsoft software uncompetitive.

[Andre.Ziegler]

I know of only two drawbacks when using two processes for UAC:
- you have to develop some communication protocol between the two processes
- you have to protect the communication protocol from command injection from malicious applications

good points. That's why I don't like this way. But if you want a portable version this is easier.

The Windows 7 UAC is here only to annoy users, not to stop malware. Also it makes non-Microsoft software uncompetitive.

are you joking? I've expected this stupid answer from a 12 year old child, but not from a developer who earns his money with coding

UAC is a helper, which allows you to run with standard user rights most of the time and when you need admin rights, you can request them. With UAC you have 2 accounts (2 tokens) in 1 and you avoid the stupid switching between 2 accounts. Have you ever used a standard user account in Windows NT? After your horrible answer I doubt this. It was a hassle to deal with those 2 accounts. UAC is the best feature and a feature I ever wanted after using Windows NT for 15 years now.

[Jan Rysavy]

Andre, please do your homework before posting. Read linked article because you don't have a clue what you are talking about. Windows 7 UAC is fundamentally broken comparing to Vista UAC implementation.

[zarevak]

are you joking? I've expected this stupid answer from a 12 year old child, but not from a developer who earns his money with coding

If you are comming from corporate world, where everyone is standard user by default, UAC is great. Sadly this cannot be told about home computers, where everybody is accustomed to run with Admin provileges and all software used on home computers is made with this assumption.

On Home computers UAC fails misserably, because it's very badly implemented in native Windows components (Windows Explorer). There have been only a few good implementations of UAC - Directory Opus for example implements UAC in a nice way, where you can cache the UAC confirmation for a limited time, when you expect to do "Admin stuff"...

BTW: This is not a discussion about UAC implementation, but about priority - UAC or 64bit - and we should get back to the topic

EDIT: Example of bad implementation of UAC in Explorer:
Vista: you have to confirm FOUR UAC dialogs to create a folder in the root of system disk
Win 7: Microsoft decided not to implement UAC the proper way, but to take a shortcut by building a backdoor for Microsoft applications! This completely destroys the purpose of UAC, because any application can inject code into any Microsoft application and run high integrity code without asking!!!!

[Andre.Ziegler]

I know that. But I always put the slider on top to stop the MS Whitelist security flaw. With this UAC is fine!

And caching UAC elevation is bad!!!!!!

Every action must be approved otherwise we have the MS security flaw like we see in default config of Windows 7 UAC.

[Jan Rysavy]

Yes, UAC caching is exactly what we want to implement. Total Commander does it, Directory Opus does it. Windows (7) Explorer does it even without UAC prompts

[Jan Rysavy]

I know that. But I always put the slider on top to stop the MS Whitelist security flaw. With this UAC is fine!

It should not be a problem to detect level of UAC Settings slider and behave accordingly (don't offer UAC caching for example).

[Ether]

I must agree with Andre.Ziegler that UAC without the whitelist works quite well. I'm not pretending that UAC is impenetrable, but it's close. Moreover, separation of user and admin rights (least privilege principle) is beneficial also for preventing accidents caused by the user or by bugs.

And I don't see any token caching in my Explorer (Win7x64, UAC on Always Notify).

[Andre.Ziegler]

the caching in Explorer happens when you copy several files and this requires admin rights. Chaching UAC prompt for a context action which is separated in several actions is allowed and ok.

But DO (in an older version) included a chaching for several minutes (configurable) and this is bad. I hope that such a thing will never come the Salamander.

[Jan Rysavy]

Good points, thank you!

[kbirger]

Both of these features seem to be pointless.

You won't get any benefits out of running salamander in x64... x64 just gives you more memory addresses, which we don't need. x64 only helps in applications which do lots of calculation or lots of memory usage.

UAC, well you guys already voted that out.

How about proper unicode support already?

[vld]

You won't get any benefits out of running salamander in x64... x64 just gives you more memory addresses, which we don't need. x64 only helps in applications which do lots of calculation or lots of memory usage.

I don't think you have used Salamander in x64 and you need to run Salamander in x64 to know what it is missing. It is a crippled piece of software that needs to be bandaged.