A: AW GoOn
allows you to launch a number of selected
applications with Full Administrator
Privileges without UAC prompts and need to
enter any Administrator credentials.
AW GoOn is not the same as the RunAs console
utility, it is totally different.Q: Is this a breakthrough?
A: It is a real breakthrough and for the
following reasons:
It is much safer than entering Administrator
credentials every time you need.
It is much easier, just point and click to
launch the application with Full Administrator
Privileges without UAC prompts (if you are on
Windows 7, Server 2008 or Vista).
The user does not need to have any
Administrators Group account on the computer, he
may be just a Standard User without further
accounts.
Unlike other solutions, it does not make
applications run under the Local System, they
run indeed under a Full Privileged Administrator
account.
Q: Why it is
safer than any other solution?
A: AW GoOn is safer because the applications you
have selected to run with Full Administrator
Privileges can not be tampered with! You have a
full guarantee that you are launching the
applications you selected and not others with
the same names in the same paths and even with
the same interfaces (for example, if a virus
attaches to them)!
Since there is no need to provide Administrator
Credentials in any circumstance to launch the
selected applications\files, this means as well
that either in the office or at home there are
no reasons to provide users with Administrator
Accounts.
Q: How is it
possible to launch High-Privileged applications
without Administrator Account credentials?
A: When an account is setup, Administrator
Account credentials have to be provided. Those
credentials are encrypted in multiple ways
turning unfeasible its recovery by any practical
means. Moreover, different computers have
different encrypting keys, which render
impossible to produce a generic decrypting
method. On top of that, the parts of the AW GoOn
software handling critical operations are
strongly encrypted as well, can't be decrypted
by any current hacker tools. The protection
given by AW GoOn is at the highest possible
level that can be achieved these days.
Q: Why it is
easier with AW GoOn?
A: The principle that makes it easier is that
you only need to log in to the AW GoOn software
with some password to be able to launch the
applications/files from the list. Once logged in
you can launch any number of them until you log
off or turn off your computer. In a real
scenario, you may be a full time Standard User
on that computer, without knowledge of
credentials of any member of the Administrators
Group.
Q: Is it
possible to use AW GoOn to run or install
software by categories? For example, ActiveX
controls, Setup.exe or Setup.msi files?
A: We can not keep a safe environment while at
the same time open a door for external
contamination of the environment. Installing
ActiveX controls and new applications in the
computer is indeed a task for an Administrator
not for a Standard User. We have seen
self-proclaimed software lockdown solutions
going that route, but in our opinion it is even
more dangerous than letting users run as
Administrators.
Q: AW GoOn
appears simple, can I rely on it?
A: Not simple, it is made to be easy to use, but it is
very sophisticated and powerful. A great effort
has been made, and extensive tests performed, to
prevent every possible form of privilege
escalation, i.e, a Standard User or malware gain
higher privileges. For example, it is very
unlikely to find that a buffer overflow will
handle control to any malware.
Q: Can the
Administrator password be found if AW GoOn is
decompiled?
A: That is not possible, critical parts of AW
GoOn solution can not be decompiled by any known
means. Even if decompilation could succeed, it
is impossible to decrypt the Administrator
password because it is partially encrypted with
the Login password. Finally, the place where the
Administrator's password is stored can not be
read by a Standard User Account.
Q: Can the
Administrator password be found by using a
debugger to single-step the program and search
memory?
A: That question does not apply here, simply
because Standard User Accounts have no privilege
for that. A high-skilled hacker running with
high-privileges can in theory do that with any
kind of software, but that is not the case here
and is just theory.
Q: Which
precautions must an Administrator take when
selecting applications to be launched by AW
GoOn?
A: Applications able to fork new child processes
must not be selected when the environment is not
fully trustable. For example, selecting cmd.exe,
the command line interpreter, is opening a door
for any other application be launched from it.
Of course, if you are in a trustable environment
you can do it. Same reasoning applies if we
change Policy to allow launching through file
association (selectable from Config.exe).
Q: What
happens if the AW GoOn Gadget is modified?
A: The javascript files of the Gadget can not be
modified by a Standard User Account. Even if
they were modified, that would not entail a
risk, they provide only an interface and every
selection is re-validated.
Q: Can the AW GoOn Login password be guessed by
brute force trials?
A: After a not large number (we will not
disclose how large) of consecutive failures it
will always report failure until next computer
reboot. This turns unfeasible a brute force
attack if the Login password is not too weak.
