Last time I talked about legacy applications, I hinted at a hole in the UAC model that could be exploited by a social engineering attack. The issue lies in the “installers” category. Because it’s a legacy app and doesn’t have a manifest, Windows doesn’t have any way of knowing whether an installer actually needs elevation to perform the install.
For the sake of backward compatibility to make sure that legacy apps just work, Microsoft decided that Windows should just elevate legacy installers by default. In most cases, this is the correct thing to do; legacy apps were developed primarily in a culture where every user was an admin, and most installers take advantage of that. So, Vista runs all legacy installers as administrator. The problem with this is that, if you’re a power user, you know that not everything needs to run as administrator. The power user is savvy to the intricacies of ACLs and permissions, and knows that while his antivirus might need administrative privileges to install, the latest downloaded java game probably does not. And while you might be willing to trust the makers of that java game enough to run their silly software, you don’t trust them to administer your machine.
The meat of the problem is that if Windows determines that a program is a legacy installer, then by default you’re limited to only two choices: Run elevated, or don’t run at all. This can be a real pain if you have a legacy program that isn’t really an installer, but the heuristic treats it as one (Some archive programs are like this).
Fortunately the third option, run as a standard user, is available if you know what you’re doing. On a per-app basis, you can set the __COMPAT_LAYER environment variable to suppress the installer heuristics. Just open a (non-elevated) cmd window, and type “set __COMPAT_LAYER=RunAsInvoker“, and any legacy app you launch from that cmd window will run as standard user. As standard user, you can install your game applet with much less worry that it will install a rootkit or overwrite your registry. This is the recommended way to run legacy installers with low privileges.
If the recommended way doesn’t work for you, you can instead shut off the heuristic entirely at a loss of some backcompat functionality. There is a switch in the group policy for Windows that disables auto-elevation for legacy installers completely. The backcompat problem is that legacy installers which really do need elevation will now crash on install, often with few clues as to why they didn’t work. You have to remember to right-click the executable and select “Run as Administrator”. If you don’t, then you can waste a lot of time frustrated because “Vista doesn’t work with this software!”
Disclaimer: As with all advanced system tweaks, make sure you Really Know What You’re Doing before trying this. I am not responsible for any damage you may do to your computer. To flip the switch, run gpedit.msc, and open the tree to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options. Scroll down in the right pane to find “User Account Control: Detect application installations and prompt for elevation”, and set it to ‘Disabled’
So why didn’t Microsoft just ship like this? Put yourself in the chair of my fictional Aunt Gertrude, as suddenly programs that worked fine on XP fail to install on Vista . How do you explain to Gertrude what it means when her program fails with strange and unhelpful errors messages? Even if you added a dialog saying to re-try as an admin, it wouldn’t help much. We all know that users don’t read dialogs. Vista broke Aunt Gertrude’s program, and to the average user, that’s all that matters.