Local privilege escalation is largely irrelevant on Windows because basically no one uses it in a multi-user system, and application sandboxing is effectively nonexistent.
replyI get that multiple human users on a same machine is rare nowadays, and that per-app users were never a thing.
replyBut windows still has a root and a lower privilege user. You typically need to click on "run as admin" to elevate privileges to, for example, alter system binaries.
Sure, but that's mostly academic: compromise of the user account is game over for any real user. Not actually being Administrator isn't much consolation when the regular user account can extract your cookie jar, record all of your keystrokes and mouse movements, record all desktop video (except for DRM-protected content, heh) etc.
replyI know that Chrome on Windows tries to lower its privileges to mitigate exploits, and although it's not very popular, the MS Store app platform does try to do full isolation of apps. So actually, per-app separation of users kinda does happen, or is attempted on Windows.
replydeleted
replyYou talk as if Windows is the only OS that has red teams attacking the system when clearly that isn’t even remotely true.
replyNo, they're saying security work happens in the Windows world but not as much in the open, due to the closed source nature.
replyI talk about that because it is public, and the OP mentioned Windows.
replyIt he talked about Android, I would have mentioned Project Zero.
Don't twist the meaning of posts.