3. Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware that runs Windows Vista well will run Windows 7 well. Windows 7 Few Changes: Focus on quality and reliability improvements Deep Changes: New models for security, drivers, deployment, and networking

4. Enable Richer Application Experiences More natural user interaction Windows Touch, ink and gesture support plus handwriting recognition enable new input capabilities. New taskbar, destinations and shell integration enhance discoverability and usability New extensible Ribbon adds Office 2007-style controls, menus, and galleries to your application. Rich animation framework helps you integrate smooth dynamic motion. Access hardware innovations Direct 2D/3D allow you to deliver high- Fidelity graphics and media Multi-core support enhances application and device performance Device Stage enables rich, customizable software experiences for connected devices Enable Richer Application Experiences More natural user interaction Windows Touch, ink and gesture support plus handwriting recognition enable new input capabilities. New taskbar, destinations and shell integration enhance discoverability and usability New extensible Ribbon adds Office 2007-style controls, menus, and galleries to your application. Rich animation framework helps you integrate smooth dynamic motion. Access hardware innovations Direct 2D/3D allow you to deliver high- Fidelity graphics and media Multi-core support enhances application and device performance Device Stage enables rich, customizable software experiences for connected devices Build on a solid foundation Improved fundamentals Compatible: Works with your Windows Vista-based applications and devices Secure: Greater flexibility with UAC while keeping security a priority Responsive: Improved system performance and resource management Greater developer productivity More powerful scripting automation with PowerShell 2.0 Enhanced MSI engine makes software deployment easier Improved accessibility and global support Remote and virtual multi-monitor support Simpler VHD mounting from within explorer Build on a solid foundation Improved fundamentals Compatible: Works with your Windows Vista-based applications and devices Secure: Greater flexibility with UAC while keeping security a priority Responsive: Improved system performance and resource management Greater developer productivity More powerful scripting automation with PowerShell 2.0 Enhanced MSI engine makes software deployment easier Improved accessibility and global support Remote and virtual multi-monitor support Simpler VHD mounting from within explorer Integrate the best of Windows and web services Extend web services to client applications Federated Search allows you to extend local search to web data sources within your client application. Internet Explorer 8, Silverlight and Windows Presentation Foundation (WPF) enable web to rich client applications – using common platform and tools Windows Web Services API enables high-performance web- services integration. Enable rich web experiences Standards compliant IE8 delivers of ‘out-of-the-box’ access to online services from within the page Built-in dev tools within IE8 allows you to write code, run anywhere Integrate the best of Windows and web services Extend web services to client applications Federated Search allows you to extend local search to web data sources within your client application. Internet Explorer 8, Silverlight and Windows Presentation Foundation (WPF) enable web to rich client applications – using common platform and tools Windows Web Services API enables high-performance web- services integration. Enable rich web experiences Standards compliant IE8 delivers of ‘out-of-the-box’ access to online services from within the page Built-in dev tools within IE8 allows you to write code, run anywhere A solid foundation for new possibilities

8. Not Allowed Install applications Change system components Change per machine settings Admin “privileges” Allowed Run most applications Change per user settings

11. Standard User Rights Administrative Rights Admin logon “Standard User” Token Admin Token Abby

12. Standard User Rights Administrative Rights User Process Read mailRead mail Write documentsWrite documents Run IT Approved ApplicationsRun IT Approved Applications Change Time ZoneChange Time Zone Install Fonts, PrintersInstall Fonts, Printers Run MSN MessengerRun MSN Messenger Etc.Etc. Standard User Mode Standard User Privilege Abby

13. Standard User Rights Administrative Rights User Process Change Time ZoneChange Time Zone Run IT Approved ApplicationsRun IT Approved Applications Install FontsInstall Fonts Install PrintersInstall Printers Run MSN MessengerRun MSN Messenger Etc.Etc. Admin Privileges Standard User Privilege Abby Admin Process Install Application Admin Process Configure IIS Admin Process Change Time Admin Privilege

14. OS Application Unsigned Application Signed Application

20. I am a developer, not a STANDARD user! Too many apps break as standard user. It’s not worth the trouble.

25. Luafv.sys Ntfs.sys LegacyApplication User Mode Kernel Mode \Windows\App.ini \Users\ \AppData\Local\ VirtualStore\Windows\App.ini VistaApplication \Windows\App.ini Access Denied

27. Ntoskrnl.exe LegacyApplication User Mode Kernel Mode HKLM\Software\App HKCU\Software\Classes\VirtualStore\ Machine\Software\App VistaApplication Registry Access Denied

31. winlogon Create LUID with full token Create LUID with protected token CreateProcess explorer.exe with protected token

32. Protected Administrator SystemSystemAdministratorAdministrator explorer.exe AppInfo Service consent.exe elevatedapp.exe RPC Reparented ShellExecute(elevatedapp.exe)CreateProcessAsUser(elevatedapp.exe)

37. asInvoker Launch with the same token as the parent process highestAvailable Launch with the highest token this user possesses requireAdministrator Highest token of the User provided User is a member of Administrators group

38. <assemblyIdentity version="1.0.0.0" processorArchitecture="X86“ name="MyAdminApp" type="win32"/>

40. User Process MIC MIC = Medium User Process MIC MIC = Medium Admin Admin App MIC = High Admin Admin App MIC = High

44. Session 0 Window Station Desktop Screen Saver Login Services 1 st User’s Window Shatter Attack

45. Session 0 Window Station Desktop Service Session 1 Window Station Desktop Screen Saver Login 1 st User’s Window Secure

49. Load the shim DLL Retrieve the APIs which should be hooked Review the import table of the application to determine where hooks should be placed Overwrite the addresses of the API calls with the address in the shim

50. Run initialization routines Run initialization routines Shim engine applies API hooks Shim engine applies API hooks Loader maps executable and statically linked DLLs into memory Loader maps executable and statically linked DLLs into memory

52. Symptoms “Unsupported operating system” Fix description Lies

53. Win2000SP3VersionLieWinXPVersionLieWinXPSP1VersionLieWinXPSP2VersionLieWin2K3RTMVersionLieWin2K3SP1VersionLieVistaRTMVersionLie

54. WinXPWinXPSP1WinXPSP2WinXPSP2VersionLieWinSrv03WinSrv03SP1VistaRTM

55. WindowsWindows ShimShim ApplicationApplication Child Application LayerLayer

59. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows 7 and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

63. General Security Information http://msdn2.microsoft.com/en-us/windowsvista/aa904985.aspx Getting Started with UAC: http://www.microsoft.com/technet/windowsvista/evaluate/feat/uaprot.mspx UAC Developer Guidelines: http://msdn.microsoft.com/library/?url=/library/en-us/UxGuide/UXGuide/Home.asp?frame=true UAC Blog: http://blogs.msdn.com/uac UAC Question on Update: http://forums.microsoft.com/msdn/showpost.aspx?postid=111453&siteid=1 Windows 7 Developer Story Series http://msdn2.microsoft.com/en-us/library/bb188741.aspx