Windows 7 UAC Feature Still Vulnerable
-
I think you'll find the default seting for UAC on 7 is the same as in Vista.
That is not susceptible to this type of exploit.
It is only if you turn it down ( no darkened desktop) that it becomes less secure - obviously.
MS are simply giving people the choice.
-
-
You see, I thought that the defualt setting was that one level lower than the Vista UAC setting.
-
They have reduced the number of prompts required in some multi prompt scenarios involving Windows applications.
The behaviour for non-Windows elevations is the same as it was for Windows Vista.
-
I think you'll find the default seting for UAC on 7 is the same as in Vista.
That is not susceptible to this type of exploit.
It is only if you turn it down ( no darkened desktop) that it becomes less secure - obviously.
MS are simply giving people the choice.
The default Vista setting is High, Windows 7 uses one down that permits the majority of Microsoft's software to run without prompting. You can also turn off ScreenDarkening without affecting any other UAC policy via the Local Security Policy settings
They have reduced the number of prompts required in some multi prompt scenarios involving Windows applications.
The behaviour for non-Windows elevations is the same as it was for Windows Vista.
Unfortunately no, Microsoft are able to reduce the amount of prompts by checking executables for a specific Microsoft signature and auto-elevating any signed executable that matches that singature.
UAC is completely different from Vista's UAC, A non-Windows application can gain Administrative permissions without a single prompt with Windows 7's default configuration, hence why these changes have become a big issue, on Vista it cant be done.
Microsoft have always said UAC is not a security feature, It used to be on Vista but its not on Windows 7. It will not prevent an application from gaining administrative permissions even if you deny consent to the elevation.
-
-
Thanks dmex,
I was quoting from Mark Russinovich
we reduced the number of prompts in several multi-prompt scenarios (for example, installing an ActiveX control in IE )
He did also say this :
we further refactored the system such that someone with standard user rights can execute more tasks.
The reason that elevation of (most) Windows executables in the two middle settings doesn't result in a prompt is that the system "auto elevates" Windows executables... it must be digitally signed by the Windows publisher, which is the certificate used to sign all code included with Windows (it's not sufficient to be signed by Microsoft, so Microsoft software that's not shipped in Windows isn't included); and it must be located in one of a handful of "secure" directories. A secure directory is one that standard users can't modify
and this:
The behaviour for non-Windows elevations is the same as it was for Windows Vista...From the perspective of malware, Windows 7's default mode is no more or less secure than the Always Notify mode ("Vista mode")
So it is the middle one that might be problematic, I suppose.
He might be trying to downplay the risk.
-
I disabled UAC anyways. Plus barely anyone would want access to my **** computer in the first place lol.
-
I disabled UAC anyways. Plus barely anyone would want access to my **** computer in the first place lol.
eeh..heerm
see my specs ....
im hoping some hacker will feel bad for me and use my credit card to buy me a new computer.
-
-
eeh..heerm
see my specs ....
im hoping some hacker will feel bad for me and use my credit card to buy me a new computer.
Haha I have an eMachines T2682 and a T2893 right next to me, from like 2006.
-
Haha I have an eMachines T2682 and a T2893 right next to me, from like 2006.
MFC date on my MoBo is 2004, down right dinosauric for technology standards
-
I have a desktop with a 2002 MFC date :)