Is Windows 7′s UAC still insecure?

Is Windows 7′s UAC still insecure?

Posted by Al in Windows 7 News on 05 16th, 2009 | 5 responses |


Microsoft made some changes to UAC after the Windows community discovered a huge security flaw that allowed the UAC setting to be changed without the user knowing at all. These changes are applied in Windows 7 RC. But the guys over at OSNews still believe that UAC is insecure.

In order to decrease the number of UAC prompts in Windows 7, Microsoft gave some Windows apps and processes auto-elevated privileges that don’t trigger any UAC prompts. However, the downside of this is that these apps can be exploited to wreak havoc on the computer. A proof-of-concept exploit has been developed by injecting its code into the memory of a process with such apps that have special privileges. This is what Holwerda from OSNews has to say about UAC:

At this point in time, the default UAC level in Windows 7, and all levels below that, are insecure. You might as well turn UAC off completely, as it makes no difference to have it either off or at the default level. This entire flaw becomes null the moment you set UAC to its highest setting (as that disables auto-elevation).

You can read the entire article over at OSNews

VN:F [1.5.5_825]
Please rate this post:
Rating: 0.0/5 (0 votes cast)

Is Windows 7s UAC still insecure?

Related posts:

  1. Microsoft responds to UAC criticism in Windows 7 and fixes design flaws
  2. Microsoft says UAC prompts in Windows 7 will be nearly a third fewer than in Vista
  3. Huge Security Flaw in Windows 7 UAC

Tags: , ,

To discuss this topic, head on over to our forums!



5 Responses to “Is Windows 7′s UAC still insecure?”

  1. Steven says:
    May 16, 2009 at 2:30 pm

    Well, isn’t this what you all wanted?

    Reply
    • Al says:
      May 16, 2009 at 10:50 pm

      why would we want this?

      Reply
    • Stephen says:
      May 17, 2009 at 10:57 am

      That was (pretty much) my thought on the subject. People complain about how invasive (and controlling) UAC is in Vista, so the new OS allows greater flexibility in how it works. By creating greater flexibility, however, that means that it will be less secure. Sorry but if you put a door in a wall, it is less secure than just the wall, even if you lock the door. At this point, people have what they want but some will eventually complain that MS is selling them an OS with a security flaw. This is one where MS can never really win the PR game….

      Stephen

      Reply
  2. eric says:
    May 16, 2009 at 2:51 pm

    well, the video shows build 7000, there has been an incredible amount of changes since then. am I wrong?

    Reply
  3. Claus says:
    May 17, 2009 at 1:04 pm

    I’d be happy with a mixture between the safest and the 2nd lowest solution. Most secure, but no desktop dimming, as it takes a lot of time longer to appear and disappear.

    Reply

Leave a Reply

To discuss this topic, head on over to our forums!