23 Dec 2009

UAC Virtualization (Part 2)

As expressed in my earlier part about User Account Control in Windows Vista; when a standard user is logged into a Windows based computer, there are certain activities and actions that need to be protected. This is essential to protect the overall stability and security of the operating system. Windows Vista provides an excellent solution to help protect these key system areas. Vista uses User Account Control and Virtualization to accomplish the security and protection.

The Program Files directory (typically located at C:\Program Files and referred to as %ProgramFiles%) is where most applications store the executable files. The settings for the application are stored under the HKEY_LOCAL_MACHINE\Software key in the Registry in most cases. Both of these locations are protected by the operating system by only allowing the system and administrators write access, where users have read and execute access only.

The application data locations are created on user basis and are protected such that only that user has access to the data that is written by default.

However, many applications are not designed to work this way. Instead, they are designed to store user specific data under %ProgramFiles% and HKEY_LOCAL_MACHINE\Software. Unfortunately standard users do not have access to write to these locations, which has caused many companies to add standard users to the local Administrators group in order to run these applications.

Since the applications are not easily changed and users must still run these applications, Vista takes a different approach to fix the problem. Within Vista, UAC lends a helping hand by virtualizing the file system and Registry namespace. UAC will virtualize legacy applications, allowing standard users to remain a “standard user”, but still run the application. The definition of legacy in this case includes processes that are 32-bit, not running with administrative privileges, and does not include a Windows Vista manifest file. If a process or operation does not meet these criteria it is not virtualized.

UAC Virtualization
In Vista, you can see the UAC virtualization option in Task manager where you can see the various processes running in process tab. Right click on any one of the process which you wish to virtualize and you can click the UAC Virtulaization option.

When an action is virtualized, the resulting content is stored within the users’ profile as mentioned above. Depending on which content has been virtualized, there will be some indicators within the different interfaces to help you see the virtualization.

The first indicator will be within the Windows Explorer GUI. Depending on which folder and files have been virtualized, you will see additional menu options within Windows Explorer. Figure below illustrates what Windows Explorer shows when you have Virtualized files under the C:\Windows folder. (Compatibility Files)

The “Compatibility Files” menu addition to Windows Explorer only appears when there are files that have been virtualized. The new menu option appears only for those folders which have virtualized files or folders.

When the Compatibility Files menu option is selected, it will direct the Windows Explorer window to the virtualized files and the containing folder. Figure below illustrates what the contents of this virtualization of files and folders looks like.

UAC Virtualization (Part 2)

As expressed in my earlier part about User Account Control in Windows Vista; when a standard user is logged into a Windows based computer, there are certain activities and actions that need to be protected. This is essential to protect the overall stability and security of the operating system. Windows Vista provides an excellent solution to help protect these key system areas. Vista uses User Account Control and Virtualization to accomplish the security and protection.

The Program Files directory (typically located at C:\Program Files and referred to as %ProgramFiles%) is where most applications store the executable files. The settings for the application are stored under the HKEY_LOCAL_MACHINE\Software key in the Registry in most cases. Both of these locations are protected by the operating system by only allowing the system and administrators write access, where users have read and execute access only.

The application data locations are created on user basis and are protected such that only that user has access to the data that is written by default.

However, many applications are not designed to work this way. Instead, they are designed to store user specific data under %ProgramFiles% and HKEY_LOCAL_MACHINE\Software. Unfortunately standard users do not have access to write to these locations, which has caused many companies to add standard users to the local Administrators group in order to run these applications.

Since the applications are not easily changed and users must still run these applications, Vista takes a different approach to fix the problem. Within Vista, UAC lends a helping hand by virtualizing the file system and Registry namespace. UAC will virtualize legacy applications, allowing standard users to remain a “standard user”, but still run the application. The definition of legacy in this case includes processes that are 32-bit, not running with administrative privileges, and does not include a Windows Vista manifest file. If a process or operation does not meet these criteria it is not virtualized.

UAC Virtualization
In Vista, you can see the UAC virtualization option in Task manager where you can see the various processes running in process tab. Right click on any one of the process which you wish to virtualize and you can click the UAC Virtulaization option.

When an action is virtualized, the resulting content is stored within the users’ profile as mentioned above. Depending on which content has been virtualized, there will be some indicators within the different interfaces to help you see the virtualization.

The first indicator will be within the Windows Explorer GUI. Depending on which folder and files have been virtualized, you will see additional menu options within Windows Explorer. Figure below illustrates what Windows Explorer shows when you have Virtualized files under the C:\Windows folder. (Compatibility Files)

The “Compatibility Files” menu addition to Windows Explorer only appears when there are files that have been virtualized. The new menu option appears only for those folders which have virtualized files or folders.

When the Compatibility Files menu option is selected, it will direct the Windows Explorer window to the virtualized files and the containing folder. Figure below illustrates what the contents of this virtualization of files and folders looks like.

Understanding User Account Control in Windows Vista (Part 1)

When Microsoft Windows® XP is initially installed, the Windows XP Setup Wizard creates all user accounts as local administrators. This account type enables users to install, update, and run software since an administrator account has system-wide access. When a user is added to the local administrators group, that user is automatically granted every Windows privilege. These privileges are collected and maintained in a user’s access token. Every Windows resource has an Access Control List (ACL), which is a list that records which users and services have permission to access the resource and what level of permission they have. Windows' authorization model uses the data contained within a user's access token to determine what access the user is permitted/denied in a resource's ACL.
Administrative users automatically have:
* Read/Write/Execute permissions to all resources
* All Windows privileges

In Windows Vista, there are two types of user accounts: standard user accounts and administrator accounts. Standard users have limited administrative privileges and user rights—they cannot install or uninstall applications that install into %systemroot%, change system settings, or perform other administrative tasks. However, standard users can perform these tasks if they are able to provide valid administrative credentials when prompted. With UAC enabled, members of the local Administrators group run with the same access token as standard users. Only when a member of the local Administrators group gives approval can a process use the administrator’s full access token. This process is the basis of the principle of Admin Approval Mode.

UAC Architeccture:
Each application that requires the administrator’s access token must prompt the administrator for consent. The one exception is the relationship that exists between parent and child processes. Child processes will inherit the user’s access token from their parents. Both the parent and child processes, however, must have the same integrity level.

Windows Vista protects processes by marking them with integrity levels. Integrity levels are measurements of trust. A “high” integrity application is one that performs tasks that modify system data, such as a disk partitioning application, while a “low” integrity application is one that performs tasks that could potentially compromise the operating system, such as a Web browser. Windows Vista prevents applications with lower integrity levels from modifying data in applications with higher integrity levels.

When a standard user attempts to run an application that requires an administrator access token, UAC requires that the user provide valid administrator credentials. The "UAC User Experience" section in this document details this process.

Virtualization
Windows Vista includes file and registry virtualization technology for applications that are not UAC compliant and that have historically required an administrator's access token to run correctly. Virtualization ensures that even applications that are not UAC compliant will be compatible with Windows Vista. When a non-UAC-compliant administrative application attempts to write to a protected directory, such as Program Files, UAC gives the application its own virtualized view of the resource it is attempting to change, using a copy-on-write strategy. The virtualized copy is maintained under the user's profile. As a result, a separate copy of the virtualized file is created for each user that runs the non-compliant application.

The virtualization technology ensures that non-compliant applications will not silently fail to run or fail in a non-deterministic way. UAC also provides file and registry virtualization and logging by default for pre-Windows Vista applications that write to protected areas.

Courtesy:
Microsoft official site

Understanding User Account Control in Windows Vista (Part 1)

When Microsoft Windows® XP is initially installed, the Windows XP Setup Wizard creates all user accounts as local administrators. This account type enables users to install, update, and run software since an administrator account has system-wide access. When a user is added to the local administrators group, that user is automatically granted every Windows privilege. These privileges are collected and maintained in a user’s access token. Every Windows resource has an Access Control List (ACL), which is a list that records which users and services have permission to access the resource and what level of permission they have. Windows' authorization model uses the data contained within a user's access token to determine what access the user is permitted/denied in a resource's ACL.
Administrative users automatically have:
* Read/Write/Execute permissions to all resources
* All Windows privileges

In Windows Vista, there are two types of user accounts: standard user accounts and administrator accounts. Standard users have limited administrative privileges and user rights—they cannot install or uninstall applications that install into %systemroot%, change system settings, or perform other administrative tasks. However, standard users can perform these tasks if they are able to provide valid administrative credentials when prompted. With UAC enabled, members of the local Administrators group run with the same access token as standard users. Only when a member of the local Administrators group gives approval can a process use the administrator’s full access token. This process is the basis of the principle of Admin Approval Mode.

UAC Architeccture:
Each application that requires the administrator’s access token must prompt the administrator for consent. The one exception is the relationship that exists between parent and child processes. Child processes will inherit the user’s access token from their parents. Both the parent and child processes, however, must have the same integrity level.

Windows Vista protects processes by marking them with integrity levels. Integrity levels are measurements of trust. A “high” integrity application is one that performs tasks that modify system data, such as a disk partitioning application, while a “low” integrity application is one that performs tasks that could potentially compromise the operating system, such as a Web browser. Windows Vista prevents applications with lower integrity levels from modifying data in applications with higher integrity levels.

When a standard user attempts to run an application that requires an administrator access token, UAC requires that the user provide valid administrator credentials. The "UAC User Experience" section in this document details this process.

Virtualization
Windows Vista includes file and registry virtualization technology for applications that are not UAC compliant and that have historically required an administrator's access token to run correctly. Virtualization ensures that even applications that are not UAC compliant will be compatible with Windows Vista. When a non-UAC-compliant administrative application attempts to write to a protected directory, such as Program Files, UAC gives the application its own virtualized view of the resource it is attempting to change, using a copy-on-write strategy. The virtualized copy is maintained under the user's profile. As a result, a separate copy of the virtualized file is created for each user that runs the non-compliant application.

The virtualization technology ensures that non-compliant applications will not silently fail to run or fail in a non-deterministic way. UAC also provides file and registry virtualization and logging by default for pre-Windows Vista applications that write to protected areas.

Courtesy:
Microsoft official site

19 Dec 2009

Handling error page efficiently in Firefox

I could not have imagined my anger and frustration when a URL to load due to congestion in network, peak performance, load on server or maybe due to low bandwidth of the internet connection. Until i found a solution for my anger management.. a simple add on in Firefox that lets you handle the error page efficiently and easily. Let me arrive to the tool later on, while i briefly explain the technology behind.

Coral Content Distribution Network
Coral is a free peer-to-peer content distribution network, comprised of a world-wide network of web proxies and nameservers. It allows a user to run a web site by offering the service through some of its participating web servers where the content has been already replicated instead of pointing at the original server which may be overloaded at that time, thereby increasing the performance and meeting its volumious demand.

To use the service, one needs to first publish the site through CoralCDN. It is as simple as appending a short string to the hostname of objects' URLs. A peer-to-peer DNS layer transparently redirects browsers to participating caching proxies, which in turn cooperate to minimize load on the source web server. Sites that run Coral automatically replicate content as a side effect of users accessing it, improving its availability. Heres a snapshot of how a coralized site looks like.. notice the URL?



Using modern peer-to-peer indexing techniques, CoralCDN will efficiently find a cached object if it exists anywhere in the network, requiring that it use the origin server only to initially fetch the object once.

One of Coral's key goals is to avoid ever creating hot spots in its infrastructure.(Hot spot here means a region of a computer program where a high proportion of executed instructions occur or where most time is spent during the program's execution.) It achieves this through a novel indexing abstraction called distributed sloppy hash table (DSHT), used in peer-to-peer networking protocol like Torrentz. (Hash table is a data structure that uses a hash function to efficiently map certain identifiers or keys to its associated values.) It creates self-organizing clusters of nodes that fetch information from each other to avoid communicating with more distant or heavily-loaded servers.

Wayback
Almost everything is archived on the internet, in form of snapshots, caches, thumbnails etc.
Wayback is a technology used to see those archived version of the site, which people believe to be of use for future generations. It not only archives live URLs but also dead sites. One of such sites that offer wayback service is Archive-It.

Archive-It allows institutions to build and preserve their own web archive of born digital content, through a user friendly web application, without requiring any technical expertise or hosting facilities. Subscribers can harvest, catalog, and archive their collections, and then search and browse the collections when complete. Collections are hosted at the Internet Archive data center, and accessible to the public with full text search.

This is a snapshot of how Google site looked on 17th January 1997.


Going to the main stream; you can find the add-on here

Technology never cease to excite me the way i am now, handling error functions are more interesting than making a bug free code. I am enjoying the privilege that i am being offered.
I can see opportunity in the errors now and not a sad face, don't you agree?
I have left programming a long time ago, yet Hope Mozilla guys are listening to me?

13 Dec 2009

Memory resource fix for Firefox

I am not sure if I have already written and mentioned this in my earlier Firefox hacks post. But i am writing this in the enlightenment of those people who might have been facing high utilization of memory resources while using Mozilla Firefox. Firefox being an open source project, unlike other browsers can be optimized according to users requirements. In this post, i am going to show you how the high utilization of memory resource in Mozilla can be fixed. The tools used to demonstrate this are available freely on internet and not licensed versions.

One thing you may like about Mozilla is that these settings can be saved and restored or reused on other machines if you like... say your workplace. You may save the boookmarks, links, tweak settings etc in it and send it via mail or transfer it into another machine and restore or use those settings to have the same look and feel as you are at your home.

Heres a snapshot of my memory utilization of Firefox on my machine.

Step 1: To start with, the back end source code of Mozilla can be accessed by typing "about:config" on one of the tabs. Click "OK" or "I'll be careful, I promise" depending on the version of Mozilla you use.
Step 2: Download "Mozilla Optimizer 1.6.3" from Computer Base
or you can go ahead with the optimzations yourself to save the download time from the source codes. If you want to explore using the source codes, here they are

Preference name Value/ Boolean
nglayout.initialpaint.delay 100
content.notify.ontimer true
content.notify.interval 100000
content.notify.backoffcount 5
network.http.pipelining true
network.http.proxy.pipelining true
network.http.pipelining.maxrequests 8
network.http.max-connections 32
network.http.max-connections-per-server 8
network.http.max-persistent-connections-per-proxy 4
network.http.max-persistent-connections-per-server 2

To find the mentioned preference name, use the filter on top of the table and change the boolean or value as mentioned above. To save all these, you can can download the mentioned tool above and just install it once.

Now lets take a look at the performance of Firefox, attached is the snapshot below.


Step 3: (Optional) In case you are still not happy with the result, you can use one more tool to minimize that. But you should remember that this tool needs to be invoked each time you require to minimize the utilization and isn't one time activity unlike the above, which was code injected. Ensure that this tool is always when you open Firefoz, unless you wish to run it.
Search for "Firefox Ultimate Optimizer" in Google and you will find it. After running it, here is the memory utilization snapshot.


See, how easy it is. Happy hacking around.


Disclaimer: Use these tools and hacks at your own risks. I wont beheld responsible for any issues or concerns raised using these freely available tools.

7 Dec 2009

Adobe Acrobat 9: First look

When i saw the tutorial video of Adobe Acrobat 9, it was like.. woooooowwww!!
I mean, i never had imagined that a PDF would have Videos, interactive Flash files or any other external files to be embedded in it! I mean, what the heck man! Its like an OS without any compatibility issues to any known software or hardware.

I am still to get the software and lay my hands on it. Maybe i can tune in MS Office 2010 and save it as PDF. I did not know, all these could be so much fun! Now i can make interactive resumes .. with videos and snapshots of what i want to show the employer.

Let me get back to you soon with my copy. Watch this space for review on the same.
For more information check here.

A breif review on Microsoft Office 2010, Beta version

For those who wants to work on beer, MS Office 2010 maybe the right choice. Its still in Beta phase and yet to be released but available for use on Microsoft site. You will be provided a license key for the product to be used for some time until its official launch soon.
I would say, i was very impressed with the much much lighter version of MS Office. Whereas it would have taken me minutes to load a 1 lac row Excel, it took me few seconds for Office 2010 to load the same. There are a few additional features wrt formulaes and intefaces more smoother.

Heres a brief based on my review:
Interface: 7/10
Ease of use: 8/10
Performance: 9/10
Additional features: 4/10
Recoverability: 8/10

I guess very less features remain to be explored in Excel. I havent tried other office suites extensively, but i assure you that you will be happy with the interface. Happy exploring

Life needs a change!

I have been in my blues, not 'coz someone said shit about my performance but because of the shit package i have been beginning to develop to worry about. Initially, maybe because there was less liabilities, it went fine for me. But with each passing day, i do realize that i do not make half the money my credit card bills me! Am i supposed to ward the credit cards off and stay aloof in my apartment watching some fabulous places like Dubai or States; or earn enough to bear the costs?
I do believe that while the former seems rational with the existing condition i am in, it wont run long way as a solution. So now i am looking for a change in my career, for growth - yes, definitely maybe for more credit cards to fill in the pockets !

Inability to sustain in life could not be more frustrating! I needed some change. So finally, this sunday i decided, if not my life.. at least my lifestyle.

Finally i revamped the looks of my farm at Farmville in Facebook.
Well i guess, i got some satisfaction for some time.

A breif review on Microsoft Office 2010, Beta version

For those who wants to work on beer, MS Office 2010 maybe the right choice. Its still in Beta phase and yet to be released but available for use on Microsoft site. You will be provided a license key for the product to be used for some time until its official launch soon.
I would say, i was very impressed with the much much lighter version of MS Office. Whereas it would have taken me minutes to load a 1 lac row Excel, it took me few seconds for Office 2010 to load the same. There are a few additional features wrt formulaes and intefaces more smoother.

Heres a brief based on my review:
Interface: 7/10
Ease of use: 8/10
Performance: 9/10
Additional features: 4/10
Recoverability: 8/10

I guess very less features remain to be explored in Excel. I havent tried other office suites extensively, but i assure you that you will be happy with the interface. Happy exploring

Disqus

comments powered by Disqus