Yay for clever technical hacks that help users circumvent ossified IT bureaucracy. But I'm a little astonished that this is possible. They're running a second process that detects new instances of IE starting up and injects Chrome Frame into them. Doesn't that make a mockery of "admin rights"? Couldn't this technique be used to do just about anything?
No. A bunch of windows processes typically run under users other than the current user, and at higher integrity levels, specifically to prevent this.
IE is also intentionally run as the current user at a low privilege level, which makes it possible to do things like this to the IE process, but makes it impossible for the IE process to do things like this to other programs.
> Couldn't this technique be used to do just about anything?
Yes. As long as the processes are all run with the same rights/users. I created an app in .Net for my old job which would detect if the F8 key is pressed while a specific database app is active/in-focus. If so, it creates a new search window (that belongs to my app, not the db app) and changes the parent handle to that of the db app window. So now I've created my own 'search' feature within the db app. For the users of the db app, they don't even know F8 feature is homebrew. It works great and people use it all the time.
Under standard Windows "idiot" mode users can download and install executables in user space and those apps can read, subvert, or destroy anything in user space. I don't really see how the way admin rights typically work in any way addresses this. Valuable stuff is generally in user space, not admin space. (I can get a copy of your OS anywhere, but your banking details and personal documents are in user space.)
One way to address this is to change the computing model away from file/folder-based to use-based (which is what Apple has done with iOS and is moving towards in Lion). I'm sure there are others, but I don't see anyone attempting to implement them at scale.
Can you get Chrome itself without admin rights? That would probably be as beneficial or more for circumventing draconian (and short-sighted) IT policies.
Yes, it is possible to install Google Chrome without having local administrator rights. It installs itself into the user's "Application Data" folder. A user cannot set it as the default browser without having local admin, however.
If an administrator installs the "multiple user" version of Chrome on the computer (which is installed in the "Program Files" folder as per a normal app), the next time a user runs their "single user" version of Chrome it will display a message that the multiple user version has been installed and their single user application is uninstalled.
It's more common than not for large organizations to prevent regular users from installing software, via group policy. Getting a copy of it isn't the problem.
As a side note, after having looked at the code for a few minutes, it appears they're doing some clever things with the Chrome Frame helper program: (tidy) DLL injection into Internet Explorer, together with dynamic BHO loading using the windowing API and the IWebBrowser2 interface (see http://src.chromium.org/viewvc/chrome/trunk/src/chrome_frame... ).
The "right" way to do this is to register your BHO dll through regsvr32 (I believe this creates a registry entry as well.) If you have Administrative rights, the installer does this for you, and Internet Explorer will do everything on its own from there on.
It surprises me that their workaround actually works. One would think that aspects such as DLL injection and API interfacing would be blocked for non-administrative users. The code could actually prove inspirational for malware writers. I still wonder how they load the helper program at startup. Probably using a service, but setting a new service would require Administrative privileges, I believe...
Restricting DLL injection and 'API interfacing' (if that's even a thing) to administrative users would provide no security benefit. People would just have to run as admin. DLL injection is used all over in windows to provide useful features like alternate input methods, icon overlays in explorer, etc. You aren't allowed to inject DLLs into processes owned by other users or processes of higher integrity level, so it's not really a significant security threat under the current windows model. IIRC Chrome and IE both run their processes at low integrity so those processes won't even be able to inject DLLs into other processes unless those other processes are also low integrity.
Ah, thanks for the clarification. "API interfacing" was formulated a bit quickly (then again, don't you interface with an interface?) -- perhaps I should have said "using API's".
I don't think they would install a service to start the helper program. Service and desktop interaction has been changed since Vista. IIRC this was to prevent the shatter attack that allowed Window messages to be passed between services and applications. I haven't looked but I think it could add the helper to the startup items for a user, or create a scheduled task.
You don't have to use regsvr32. Registration-free COM (http://msdn.microsoft.com/en-us/library/ms973913.aspx) has been around for a while. I wonder why this was not used, or if there is a limitation with certain types of COM objects.
It does sound like a non-answer to me, because it’s a yes-or-no question and you could read either one into the answer. (Try prefixing it with “Yes! In fact, …” or “No, but …”.)
EDIT: Of the two replies before mine, one seems to have read the answer as “no, but…” while the other read it as “yes! In fact…”, and neither considered the answer particularly evasive.
One of them looked at the Chromium source code, which has evidence for “yes” being correct. Of all the reasons to need to read the source, you’d think we could avoid it when we already have a FAQ covering that exact question.
Does this sound like a non-answer to anyone else, or is it just me?
Meh. Depends where you're coming from. I can see that being helpful for someone that doesn't realize it's just powering IE with Chrome behind the scenes, and wants access to the code for the rendering engine... but someone smart enough to want the source code probably wants the actual stuff that's working with IE under the hood..