Microsoft neuters UAC in Windows 7
section: windows, for your questions: KezNews forum, 30.1.2009
Tip: Click here to update all your PC's outdated driversIn an attempt to make Windows 7 generate fewer UAC (User Account Control) prompts Microsoft has neutered the mechanism to the point where it’s next to useless.
Here’s Long Zheng’s take on the issue:
The Achilles’ heel of this system is that changing UAC is also considered a “change to Windows settings”, coupled with the new default UAC security level, would not prompt you if changed. Even to disable UAC entirely.
Now you might not think that this is all that important since this setting cannot be changed unless the user chooses to do so. Wrong.
With the help of my developer side-kick Rafael Rivera, we came up with a fully functional proof-of-concept in VBScript (would be just as easy in C++ EXE) to do that - emulate a few keyboard inputs - without prompting UAC. You can download and try it out for yourself here, but bear in mind it actually does disable UAC.
Fortunately, there’s a simple workaround:
Until when Microsoft decides to fix this, if they do at all, beta users of Windows 7 can also apply a simple fix. Changing the UAC policy to “Always Notify” will force Windows 7 to notify you even if UAC settings change. Annoying, but safe.
source:
blogs.zdnet.com
>> Click Here to Run a Free Scan for PC Errors <<
Send link 2 friend | Permalink
MORE RELATED ARTICLES:
Replace Windows Vista UAC with Smart UAC Replacement || Microsoft: Update on Windows 7 UAC issues || Microsoft backpedals on UAC flaw || Windows 7 UAC has a second flaw || Malware breaks Win 7 UAC defenses
Comments(3)
soo people complain that windows is unsafe, introduce uac, and not its too intrusive.
fine, bring in windows 7 which is less intrusive, and still safer, and your still
complaining...
everyone needs to get off their high horse. you wanna code
something better, by all means go ahead. if not, sit down and shut up!!!
uac is a good thing to have but i have to say i dont like it so i use my own homemade one
however it is safe and good if your gonna complain if i were microsoft i would tell you to
stick it where the sun dont shine.
update: this is not a flaw. more info:
http://www.neowin.net/news/main/09/01/31/microsoft-insists-uac-vulnerability-is-not-a-flaw
a microsoft spokesperson has provided neowin with a response to the issue:
* this is not a vulnerability. the intent of the default configuration of uac is
that users don't get prompted when making changes to windows settings. this includes
changing the uac prompting level.
* microsoft has received a great deal of usability
feedback on uac prompting behavior in uac, and has made changes in accordance with user
feedback.
* uac is a feature designed to enable users to run software at user
(non-admin) rights, something we refer to as standard user. running software as standard
user improves security reduces tco.
* the only way this could be changed without the
user's knowledge is by malicious code already running on the box.
* in order for
malicious code to have gotten on to the box, something else has already been breached (or
the user has explicitly consented)
it can be prevented by setting the slider to
always notify and restarting your computer.
No new comments are allowed for this article.
For your questions use our KezNews Forum
Windows 7 RTM 7600.16385.090713-1255 HERE !
complain much?
By dumb people on 31.01.2009 - 16:01