42 replies to this topic

[Vetinary]

So why does MWO need administration rights?

I run my Windows as simple "User" so that no unwanted Software may install itself, or get more rights than I want to. This is the standard on Linux based systems and a pretty save way to run your Windows.

To install software like MWO I need to type in my administration password that's the way it should be. But why the hell do I need to type it in every time, I start the game? Any Software should only run with basic rights, so that there is no hole in the security. Why does MWO need administrative rights on my Computer, what is it doing?

Not only am I worried about, what MWO is doing with these rights on my computer, but also am I worried about the security risk, of letting any software run with administrative rights, due to the fact, that MWO is communicating over the internet and thereby a possible back door to my system. These rights should only be given, if there is a special task to do, like giving your System Control the rights to mess with your hard drive setup. These are not rights, I need MWO to have!

[Odanan]

It doesn't need admin rights here in my Win7...

But many multiplayer games do need admin rights. You are not running solitary, you know...

(if you don't trust the publisher, it is best to simply not to run the application)

[Vetinary]

Quote

It doesn't need admin rights here in my Win7...

That's curious. Are you sure you are running Win as simple-user and not admin?

Quote

But many multiplayer games do need admin rights.

They should not, why would they? A program that is communicating over the internet does not need admin rights. Else, every VOIP, Chat and Internet Browser program would need them to.
There is only one game I know that needs admin rights, and that is due to a community patch, that is altering driver data.

Quote

(if you don't trust the publisher, it is best to simply not to run the application)

Sorry, but this is just bull****:
1. Do you live in the USA? Do you trust your government? No? Please move out! (yes, that is ironic, please take it so)
2. It is not only about trust in IGP. Software with admin rights, may be used by third party software or data files, to corrupt your pc. (Run Adobe PDF Reader with admin rights, get a .pdf with corrupt code, and f***ed you are)
3. Unless software is open-source, you don't know, what it does. That is a fact. So only give the software what it needs to run. A game should not need admin rights, so don't give it. If the game wants admin rights, ask why. If you don't get an answer, there is probably a good reason for it, so dump the software.


Here is a list (take from wikipedia.org) about what should trigger the UAC:

• Running an Application as an Administrator
  
• Changes to system-wide settings or to files in %SystemRoot% or %ProgramFiles%
  
• Installing and uninstalling applications
  
• Installing device drivers
  
• Installing ActiveX controls
  
• Changing settings for Windows Firewall
  
• Changing UAC settings
  
• Configuring Windows Update
  
• Adding or removing user accounts
  
• Changing a user’s account type
  
• Configuring Parental Controls
  
• Running Task Scheduler
  
• Restoring backed-up system files
  
• Viewing or changing another user’s folders and files
  
• Running Disk Defragmenter

I don't see anything on there that MOW should need. Do you?

[Viper Centurion]

You're being told by players that been playing MWO since closed beta and that's almost 2 years ago
And you just denied every answer and said ******** to him, what a piece of **** new player you are

This thread is not worth everybody time to help you in your problem and now i'm getting out of here and SCRAM

P.S : This game had some know issues, like broken exe after each session, can't install it again after uninstalling (which result in the users have to reinstall the windows), and your own problem, so how about listen to old timers

Edited by Viper Centurion, 28 July 2013 - 07:49 AM.

[Vetinary]

Quote

You're being told by players that been playing MWO since closed beta and that's almost 2 years ago And you just denied every answer and said ******** to him, what a piece of **** new player you are

He did not give answers, he said: "deal with it".
I did not say ******** to him, It was a reaction to his "take it as it is or leave it" answer. I asked why the program needs admin rights, not, how to react on it.

Anything else of your post will not be commented by me, because it is clear you did not get what I said. I hope Odanan will get my point without being offended.

[Talrich]

It's a good question, and the inappropriate responses are a bit puzzling. If you don't care about MWO running as admin, then really leave the thread to the people who do care. Software is not supposed to be running as admin every time.

[Loc Nar]

I'll give you the benefit of the doubt and assume that flaming Odanan was not your intent, as I assume he was not flaming you with his response to your question...

Not sure if this is still a valid workaround, but below is a post by a MS admin/engineer/MechWarrior that may provide better insight than I can since I'm pretty sure MWO is running with normal user privileges on my own machine and didn't req any special access to install or run. (3570k/win7pro).

http://mwomercs.com/...06#entry1574406

[Odanan]

Vetinary, on 28 July 2013 - 08:02 AM, said:

He did not give answers, he said: "deal with it".
I did not say ******** to him, It was a reaction to his "take it as it is or leave it" answer. I asked why the program needs admin rights, not, how to react on it.

Anything else of your post will not be commented by me, because it is clear you did not get what I said. I hope Odanan will get my point without being offended.

Don't worry about me.

Anyway, you are right: I don't have the answer of your questions. Maybe if you apply them to the PGI's support they can help.

[Odanan]

Vetinary, on 28 July 2013 - 07:33 AM, said:

1. Do you live in the USA? Do you trust your government? No? Please move out! (yes, that is ironic, please take it so)

That's not the same thing. You can't freely choose your country (if I could I would be living in another place).

It's more something like: you don't trust the food in a restaurant, go eat in another place.

[Vetinary]

I did not want to insult Odanan, but I was actually flaming his third part of his answer. Saying "if you don't trust the publisher, it is best to simply not to run the application" is just well... how can you every trust anyone? You don't know the people, you don't know the company, you don't know squat about them. And as I said, its not only about trust. So (in my eyes) it was just a dull answer, and while I of course did not want to insult Odanan (why would I, he took the time trying to make me happy), I wanted to flame that statement alone.

Thank you for the workaround, I will take a closer look later. This does solve the "problem", but is not an elegant solution, since it does not provide answers to the question of "why" and will only be used by the people, who know the security risks of running software with admin rights. (And notice that this one does. If you use a standard Win installation, you are always running with admin rights, so you will never notice, that this game wants to have them.)

That is why I asked Odanan again, whether he is sure he is running as normal user, and not admin, and will ask you the same. You will not notice that MWO needs admin rights, if you are running as admin, as everyone does, after a fresh Win installation. I am not talking about the "run as admin" context menu, I am talking about the actual user account setting.

For anyone reading this topic, here is a quote from the user DrSheldonCooper (see the topic Loc Nar posted):

Quote

It seems that application manifest (in each MWO exe file, four of them in Bin32 folder) demands highest privileges to run (Administrator group). This is generally considered as undesired behaviour for any kind of non-system app.

And I really like to know why. I will try to bring this issue into the next "ask the devs" thou I doubt it will receive a high vote.

Edit, since Odanan was faster than me:
Its off topic so I don't want to drag this out, but at least set it right.
It is overdrawn yes, of course leaving a country and leaving a game are not the same thing. But as a country, a game is not homogeneous. Food is. You can always go to another restaurant, but there is no other Mech game (Hawken has a completely different play Style and MWLL is basicly dead, since the development stopped early this year).
Other than this, I mostly try to make the world a better place for everyone (call the health inspector if you want to use your food metaphor) than just move along.

Edited by Vetinary, 28 July 2013 - 02:01 PM.

[Odanan]

I'm sure PGI and IGP didn't spend millions making this game to screw with your computer or your personal data.

Relax, Vetinary and enjoy the game.

[William Rahn]

The executable triggers UAC because it runs the patcher first - it is a program that overwrites and runs executable files from the internet (which is very suspect in most situations) - so all is as it should be. If you run the program with -nopatch it will not run the patcher and will not trigger the UAC, but if there is a version mismatch it will not (at best) log on.

[Oderint dum Metuant]

Interesting point to note, and i respect your reasons for running as a simple user.

If someone want's access to your computer or it's data and i mean really really want's it, they will get it regardless, this is the price you pay connecting to the internet.

Running windows as a simple user, is no safer than a full admin, because the end result is always going to come down to user error, and that can be as simple as navigating to a website that has ad's that are injectors.

It's not safe to do anything in life, waking up, using the phone nothing.
Mass paranoia isn't going to make it stop.

Quote

The executable triggers UAC because it runs the patcher first - it is a program that overwrites and runs executable files from the internet (which is very suspect in most situations) - so all is as it should be. If you run the program with -nopatch it will not run the patcher and will not trigger the UAC, but if there is a version mismatch it will not (at best) log on.

Bingo

Edited by DV McKenna, 28 July 2013 - 02:22 PM.

[Vetinary]

Quote

The executable triggers UAC because it runs the patcher first - it is a program that overwrites and runs executable files from the internet (which is very suspect in most situations) - so all is as it should be. If you run the program with -nopatch it will not run the patcher and will not trigger the UAC, but if there is a version mismatch it will not (at best) log on.

That is interesting, but even with -nopatch, on my side, the game still wants to have admin rights.

Quote

If someone want's access to your computer or it's data and i mean really really want's it, they will get it regardless, this is the price you pay connecting to the internet.

Yes, but if someone wants to break into my house (the price I pay for having one^^) I don't have to leave the door unlocked.

Quote

Running windows as a simple user, is no safer than a full admin,

False. Just plain false. You should read up on that.

Quote

because the end result is always going to come down to user error,

Yes, like running unnecessary programs as admin

Quote

and that can be as simple as navigating to a website that has ad's that are injectors.

Althou i could argue, that running your system as "user" and not as "admin" would not allow any viruses to install themselves in your registry (they need admin rights, and may gain them through programs like MWO if they know about it), I will take the hint, that there are many security risks, but that does not mean we should not try to close them.

Quote

It's not safe to do anything in life, waking up, using the phone nothing.

And with this you want to tell us what? You don't lock your door at night? Of course many things are dangerous and you always have to weigh the risk versus the gain, but you don't have to take more risk, than necessary.

Quote

Mass paranoia isn't going to make it stop.

Asking why this program needs admin rights, is not mass paranoia. Its called a question.

[William Rahn]

Vetinary, on 28 July 2013 - 03:01 PM, said:

That is interesting, but even with -nopatch, on my side, the game still wants to have admin rights.

Yes, it is just me assuming that everyone magically knows what I meant to say...

The file you have to run with -nopatch is MWOclient.exe.

[Ryvucz]

And here's your honorary Founder' Tinfoil Hat my good sir.

[Odanan]

Ryvucz, on 28 July 2013 - 04:16 PM, said:

And here's your honorary Founder' Tinfoil Hat my good sir.

I swear I almost posted this image some hours ago. I can't hold any longer!

[Oderint dum Metuant]

Vetinary, on 28 July 2013 - 03:01 PM, said:

False. Just plain false. You should read up on that.

The problem is you have only done half the research on the matter. Malware does not need admin rights to board your PC.
You actually give up the protection of the simple user (designed for corporate environments) with any activation of admin rights, which you will have done at some stage for MS updates and such.

Quote

Elevated AAM processes are especially susceptible to compromise because they run in the same user account as the AAM user’s standard-rights processes and share the user’s profile. Many applications read settings and load extensions registered in a user’s profile, offering opportunities for malware to elevate. For example, the common control dialogs load Shell extensions configured in a user’s registry key (under HKEY_CURRENT_USER), so malware can add itself as an extension to load into any elevated process that uses those dialogs.

Even processes elevated from standard user accounts can conceivably be compromised because of shared state. All the processes running in a logon session share the internal namespace where Windows stores objects such as events, mutexes, semaphores, and shared memory. If malware knows that an elevated process will try to open and read a specific shared memory object when the process starts, it could create the object with contents that trigger a buffer overflow to inject code into the elevated process. That type of attack is relatively sophisticated, but its possibility prevents OTS elevations from being a security boundary.

Research into other games, that get complaints about needing admin rights seems to bring up a common theme, .Netframework.
Why this MS product requires admin rights when the game runs fine without admin rights is another question.

From Microsofts standpoint.

Quote

[color=#333333]This behavior may occur in Microsoft Windows XP or in Windows Vista when you log on to the computer by using a limited user account. Older games require administrative rights to operate correctly. Additionally, newer games require administrative rights to go online and retrieve updates.[/color]

Windows 7 = Vista Done right.

Edited by DV McKenna, 28 July 2013 - 11:13 PM.

[Vetinary]

Quote

The file you have to run with -nopatch is MWOclient.exe.

Thanks, since this is not the standard target the short-cut points to after installation this helps.
About Updates, I can only say, on Linux it is normal, that you have to give administrative rights for every update for every software you want to make. So this is really not as ridicules as some guys here point it out. Its just saver this way.

Quote

And here's your honorary Founder' Tinfoil Hat my good sir.

Thanks, I like tinfoil.

Quote

The problem is you have only done half the research on the matter. Malware does not need admin rights to board your PC.
You actually give up the protection of the simple user (designed for corporate environments) with any activation of admin rights, which you will have done at some stage for MS updates and such.

Not saying it is impossible for malware to get in another way, but read for example this post:
http://www.codinghor...inistrator.html
I quote from him: "This infection was only possible because I was logged in as an administrator. [...] As a test, I logged in as a normal user, and I was unable to duplicate the GameCopyWorld infection in any way-- even with a completely unpatched, circa 2001 version of Windows XP [...]"
You can get the advice also from MS directly: http://technet.micro...y/cc730864.aspx
Or you read this blog: https://blogs.msdn.c...Redirected=true
Quote from that: "When an exploit runs with admin privileges, its ability to compromise your system is much greater, its ability to do so without detection is much greater, and its ability to attack others on your network is greater than it would be with only User privs. If the exploit happens to be written so that it requires admin privileges (as many do), just running as User stops it dead."

Quote

Research into other games, that get complaints about needing admin rights seems to bring up a common theme, .Netframework.
Why this MS product requires admin rights when the game runs fine without admin rights is another question.

Thanks, that is useful information and answers the "why" part of my question.

Well know, I must say for such simple questions I asked, there was a lot of flaming, just why I asked these questions.
I don't get, why there was any other reply to this thread, other than Loc Nars workaround, William Rahns point about the "-nopatch" and DV McKennas point about MS Framework. Everything else (aside from Talrich)
, seems to me, was born out of ignorance.

Well I do hope, people at least got some good laughs from this. Either about my paranoia or about the naive way, some guys operate there pcs.

Edit for spelling fails.

Edited by Vetinary, 29 July 2013 - 01:48 AM.

[Oderint dum Metuant]

Vetinary, on 29 July 2013 - 01:34 AM, said:

Not saying it is impossible for malware to get in another way, but read for example this post:
http://www.codinghor...inistrator.html
I quote from him: "This infection was only possible because I was logged in as an administrator. [...] As a test, I logged in as a normal user, and I was unable to duplicate the GameCopyWorld infection in any way-- even with a completely unpatched, circa 2001 version of Windows XP [...]"
You can get the advice also from MS directly: http://technet.micro...y/cc730864.aspx
Or you read this blog: https://blogs.msdn.c...Redirected=true
Quote from that: "When an exploit runs with admin privileges, its ability to compromise your system is much greater, its ability to do so without detection is much greater, and its ability to attack others on your network is greater than it would be with only User privs. If the exploit happens to be written so that it requires admin privileges (as many do), just running as User stops it dead."

This is true, until the highlighted part, there is malware out there capable of installing on basic user profiles, and just waiting for a process to run that uses admin rights, and piggy backing on that.

There is nothing naive about running as admin, there are basic maintenance principles that only the dumb do not follow.