March 8, 2006

Macro Scheduler and Vista

Filed under: General,Macro Recorder,Vista — Marcus Tettmar @ 10:01 am

One of Microsoft’s main focuses with Vista is to improve security. A major problem with current versions of Windows is that to be productive you pretty much always need to be logged in as an Administrator. There are lots of day to day tasks that a regular user can’t do, but should be able to.

Because of this the vast majority of Windows users currently log in as administrators. This means they can do what they want, but since they are running everything with admin privs the system is effectively wide open. When you’re logged in as an administrator software can do pretty much anything, without your knowledge. Software that requires admin privileges will just run and perform admin tasks without warning you first. This leaves the system wide open to malware and we all know how easy it is for viruses and trojans to install themselves, and then run stealthily, leaving you with no idea of what they are doing. Problems with browser toolbars and plugins are rife. This is because with admin privileges they can install and do what they want.

To address this, Vista, by default, runs all applications with restricted standard user privileges, even if you are logged on as an administrator. By default if an application needs (or wants) administrator access it will attempt to “elevate” itself to admin level and Windows will ask you for confirmation before allowing it to run. So now whenever an admin task occurs, you get to know about it and decide whether to allow it or not. This in itself should pretty much wipe out problems with viruses, malware, spyware and adware etc. If a standard user tries to run something that requires admin privs the prompt will ask for an admin username and password. The benefit here is that an administrator doesn’t have to log off and back on again just to perform some admin task for a regular user.

What does this all mean for Macro Scheduler? Macro Scheduler’s macro recorder works by implementing what is known as a journal record hook. This hook monitors system wide events in order to record mouse and keyboard events and watch for windows to appear and disappear. I have been told by the User Account Control team at Microsoft, who are implementing the new security features, that applications that implement journal hooks may need to run at admin levels and manifest themselves as uiAccess apps. It hasn’t been confirmed yet exactly what the requirements are, but right now, in the current beta version of Vista, the only way to get Macro Scheduler to record a macro is to disable “run all apps as standard user” in UAC, so that all applications run with admin level rights. Clearly this is not an acceptable solution as it negates the whole purpose of Vista’s new security concept. The hope is that a uiAccess app will be allowed to implement a journal record hook and be able to record against apps with the same security rights. E.g. a standard user should be able to record against other standard level applications. Obviously only an admin user should be able to record against processes running with admin rights. However, there has been a suggestion that Macro Scheduler will have to run at admin levels in order to record at all. I am hoping this won’t be the case as it means only admin users would be able to record macros, where at present, anyone can. Clearly the UAC team still have some things to sort out as I am still waiting on concrete advice as to the correct solution.

Why has Microsoft changed the rules regarding journal record hooks? Well, unfortunately, these system wide hooks which monitor keyboard and mouse events, can be, and have been, used by malware to log passwords and generally implement keyloggers. And as I said earlier, because the majority of Windows users log in with administrative rights, and because up until now all applications would therefore run at admin levels, such malware could log keyboard entry without you even knowing about it. So the new UAC rules mean this can’t happen in Vista. But while I applaud Microsoft’s new rules to combat such malware, I feel it is important that they find a way to ensure legitimate implementers of these functions are not tarred with the same brush. Software like Macro Scheduler, which depend on these functions for valid uses, should not be made awkward to use by those that need to use it. So we’ll have to wait and see what the UAC guys figure out.

So stay tuned while we work with Microsoft on this. One thing is for sure though – by the time Vista ships at the end of the year we will have a fully Vista-ready version of Macro Scheduler.