"That's not a Problem for a man who has done LSD"
Windows folder, as well as program files and program files(86) appear to all be owned by trusted user in Win 8,
I think Windows was already owned by trusted user in win 7. Even admin cannot modify these folders, with or without uac.
Now Windows, I can mostly see, but some files in Windows need changes by admin, such as hosts file.
Many programs are designed as no-install. Just put the folder under program files and run it.
Now it does not HAVE to be under program files, but its a pretty arbitrary thing to have to give up the organization and just put programs anywhere. Its nice to be able to find all of them in one (2) places.
Many such programs are distributed, if not supported, by microsoft, all the sysinternals utilities for example.
So, to modify this, you have to be admin, then take ownership, then make your changes.
I have no idea how to put ownership back as trusted-user once you take ownership.
Without taking ownership of the system folders, there are many simple things admin needs to do that just cannot be done.
It would be nice if "trusted-user" allowed for program-file folders to be created by admin, then the folders owned/installed by trusted-user could retain the higher level of protection. In other words, one could still install programs as admin, but not modify other programs.
One little irony is that whatever magic lets installers install as trusted user cannot possibly prevent a malware
from using the same mechanism to install malware as trusted-user, leaving the average user no way to delete or uninstall it. Yea!
Logic was never their strong point.
It would be interesting if you could let us know what you need to do that requires you to take ownership of a folder that Trusted Installer owns, for instance. To your other point, installation programs are allowed to run as trusted installer (the ones that use the Microsoft Installer/MSI engine, anyway) because the admin allowed them to run with an elevated token and as such will be able to be installed via the program/service that has that right (msiserver). Either the admin accepted the UAC prompt, automated the prompt acceptance behavior (put the UAC slider down to the bottom), or ran with UAC disabled - doing the last two aren't good ideas either, for this and other reasons, because doing so has the side-effect of disabling the app sandboxes that protect apps from each other, the system, and malware. Also, using the system for everyday activities as an admin is, frankly, downright stupid for these same reasons, but people still do it and then blame Microsoft for security issues - either you're an admin (and you can bust the system if you're not careful, and yes, I include disabling UAC and running everyday tasks as admin to be "not being careful") and your actions can hose the system, or you're not.
As to the second, everyone administers their own pc. Asking them if running this program should be allowed, is a question no one knows the answer to. If your virus scanner misses something, which happens a lot, it will ask you if this is ok tpo install. Well, you already ran the install program, so probably you say yes. Trusted user or no trusted user, it gets installed.
Now, you discover the program behaves badly, and one of the ways it behaves badly is it refuses to uninstall.
And you know how to run as admin, but low and behold, you cannot delete any of the files, because they are
under trusted installer, and even admin cannot touch them.
So, sorry, but the logic to trusted installer is exactly backwards. It did NOTING to tell you wether programs are dangerous or not, but if the malware gets in, it takes someone pretty sophisticated to remove it, because of trusted installer.
The entire subject of security generally requires you to know the unknowable. Once threats become known, programs can deal with them. But having the user say "yes i really meant install" when user runs an install program adds zero zip nada to security. They already decided to install. Taking the average user's ability to delete something that has proved harmful after it has been installed, is a negative security step.
So to expound on previous post, one reason to remove trusted installer, is so that when some installed program proves harmful, i can in fact delete it.
My computers have been secure for some years, well decades, and were they invaded they are all securely backed up. Have had to squish a virus or two, but never lost a file.
I guess here is where we agree to disagree.
I think you then miss the point of the Trusted Installer account - it's designed to "protect" the PC from just such an attack by setting tight security on keys and files/folders that should only be modified by installers. If a program fails to uninstall, it probably didn't install in the first place properly. I'd still say there are ways to fix that without destroying the security integrity of the system.
Well, since the installer is whatever poor guy has the pc, the trusted-installer does not perform the task it is designed to do.
It does the opposite, by making malware un-uninstallable by ordinary mortals.
trusted-installer does nothing to protect malware from being installed, that admin privilege on system files did not already do.
Either one requires the user to say "yes" to install it (and for malware, that was the wrong answer).
I don't disagree with the motive, but the design is faulty.
Presumably it is there to create an admin above the admin that you guys keep saying not to run as,
but that does nothing to protect anything. At the end of the day, people admin their own pc's.
Malware, once installed, can elevate itself to trusted-installer user by the same mechanism that install programs do,
and from there, it can muck the universe inside the pc. I would not post this if it were hard to figure that out.
Anyone capable of writing a virus can already get past trusted-installer. This just makes them work an extra half day to do that.