top | item 42949463

(no title)

Hawxy | 1 year ago

- Windows 11 has provided a hardware security baseline for Microsoft, with features that require hardware support (HVCI, TPM etc) to be enabled by default going forward, stating that Windows 10 strategy of off-by-default was a failure.

- Admin accounts are a continued security problem within the Windows ecosystem, so a future version of Windows will be adding a new "Adminless" account model with linux-like just-in-time escalation. This new model intends to provide a secure middle-ground between the frustrations of a standard user account and the security risks of an Admin account. "Adminless" accounts will run as a "less privileged" user by default and prompt users with Windows Hello when an application requires escalation for a given operation, rather than permanently running the account as a standard or admin user.

- Win32 Applications will be bundled under the new Win32 App Isolation model, which provides the security benefits of UWP sandboxing & clean uninstalls without the API limitations of UWP. Developers will be able to specify what privileges an application requires, much like other application platforms. A demo was shown of Notepad++ running under this sandbox model with minimal modification.

-TPMs within the ecosystem are not in a healthy state, with telemetry telling Microsoft that many are running vulnerable firmware due to manufactures not pushing out updates, and some being inoperable due to hardware failures or other issues. Microsoft is working on its Pluton security chip to replace/augment the existing TPM ecosystem and have the ability to push out firmware updates via Windows Update.

- Software/Hardware mitigations are reaching the end of the road in terms of viability. Microsoft is now focused on eliminating classes of security bugs with extensive R&D going into the use of Memory-safe languages (Rust) in areas of the system that exploits often appear in.

discuss

gsnedders|1 year ago

> a new "Adminless" account model with linux-like just-in-time escalation

This was the promise of User Account Control, was it not? Or does that just prompt for confirmation for various actions, without actually enforcing a security boundary?

WorldMaker|1 year ago

The way I read it, the difference between existing UAC and "Adminless" is that the user is always in the Administrators group and UAC just unlocks an Administrator token/ACL temporarily to bestow the actual powers of the Administrators group. In "Adminless" the user is only a less privileged/low privilege user, a new system-managed Admin User is created, and the new security boundary prompts instead of unlocking a temporary token/ACL are more "runas" the system-managed Admin User. It's similar to Linux sudo sending commands to the root account, where Linux doesn't have a token/ACL model that allows temporarily upgrading the existing user "in place". It's also similar to how Windows Admin security was managed pre-UAC in places that separated standard accounts and Admin accounts, and similar to how many corporations still manage security, with the difference being that the new "Adminless" admin account is system owned (like the various internal service accounts), supposedly does not allow interactive login, has no password only a hardware security key (hence why the new security boundary requires Windows Hello unlocks every time, versus UAC can be as subtle as Yes/No, depending on configuration/group policy).

"Adminless" is a funny name given that there's still an admin account involved, it's just an admin account that is much more than before not a user account but more like a service account.

p_ing|1 year ago

UAC provides just-in-time elevation. The user belongs to the 'admin' group (aka wheel) and only receives an admin token when performing a task that requires elevation. Once the task is complete, the token is destroyed.

DCH3416|1 year ago

> Win32 Applications will be bundled under the new Win32 App Isolation model, which provides the security benefits of UWP sandboxing & clean uninstalls without the API limitations of UWP.

Wow that thing they probably should've been doing in the first place. I'll be curious if it'll end up as a supervisor (AI) model or if each program will have its own scope of a file system. The latter of course will be very tricky with how intertwined legacy software can be for file and registry access.

pixl97|1 year ago

Yea, making sure legacy apps keep working is the hard part especially when they have million+ unit customers that have issues around it.

butlike|1 year ago

win32 isolation sounds cool.