 |  |
| |
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows 7. The Windows 7 forum also covers news and updates and has an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.
Windows 7 - Windows 7 UAC Feature Still Vulnerable
| |
| 06-23-2009 | #21 |
| | the obvious problems with UAC I see are as follows. 1 - you cannot whitelist apps. 2 - when saying yes to a prompt there is no option to allow the repeat request again for X minutes. meaning repeat requests if repeating same actions. 3 - when setting an app to run in admin mode you still get prompted, this is pointless. 4 - prompting in itself is pointless, if a person sees the prompt and they unsure of what to do (a noob) the chances are they will click yes regardless. What uac should be doing instead is outright denying priveledges and the user should have to jump few more hoops to authorise the app whilst implementing what I said in #1 #2 #3 so for apps and things you do regurly these long hoops are removed, sort of like sudo in unix. 5 - and of course toggling uac configuration should in itself require some sort of authorisation. It should also be a unique authorisation so the end user can tell the difference between something needing admin privs and something actually trying to change uac configuration. |
My System Specs |
| 06-23-2009 | #22 |
| | 
Quote: Originally Posted by chrysalis  the obvious problems with UAC I see are as follows. 1 - you cannot whitelist apps. 2 - when saying yes to a prompt there is no option to allow the repeat request again for X minutes. meaning repeat requests if repeating same actions. 3 - when setting an app to run in admin mode you still get prompted, this is pointless. 4 - prompting in itself is pointless, if a person sees the prompt and they unsure of what to do (a noob) the chances are they will click yes regardless. What uac should be doing instead is outright denying priveledges and the user should have to jump few more hoops to authorise the app whilst implementing what I said in #1 #2 #3 so for apps and things you do regurly these long hoops are removed, sort of like sudo in unix. 5 - and of course toggling uac configuration should in itself require some sort of authorisation. It should also be a unique authorisation so the end user can tell the difference between something needing admin privs and something actually trying to change uac configuration. |
| My System Specs |
| 06-23-2009 | #23 |
| | Are you guys dense? If you have the UAC prompt set at ANYTHING other than the lowest level, then it will prompt you for a change (if that change is to a LOWER level than what it is currently at). I agree that UAC should not have a "whitelist" for Microsoft apps, but don't bitch because they didn't fix it. They fixed the issue where it wouldn't prompt you if you were on say level 2 and wanted to go to level 0 (IE: turned off). FYI -- the default setting, while not ideal, will still keep most problems at bay. Try it for yourselves -- set it on "Notify me only when programs try to make changes to my computer (do not dim my desktop)", and then try to set it to the one below it "Never notify". You WILL get a prompt... -- Brian |
| My System Specs |
| . |
| |
| 06-23-2009 | #24 |
| | This vulnerability is not really a vulnerability at all. The person who's going to turn UAC off will need direct access to your PC first as Scotteq has said. As long as you don't allow weird people to use your computer, you won't have to worry about losing your pc to mental people who are selfish and make viruses just to get attention. |
| My System Specs |
| 06-23-2009 | #25 |
| | I just installed GoldWave- and Winamp and I’ve noticed in the properties that both have been given full access by default. What I don’t understand is why these programs need full access when privileges like that should only be granted by the administrator. Why not give it control to modify- read and write, short of full by default- and not elevated privileges to wreak havoc? How do I go about reducing the level of permissions without messing things up for each program? Jeff |
| My System Specs |
| 06-24-2009 | #26 |
| | I see my original post wasn't received (well?)... Let me try to explain a different way: This "Flaw" stems around an artificial scenario created whereby some person who already successfully hacked into your computer using a BootKit does not receive a UAC prompt when the person who already successfully hacked into your computer using a BootKit makes a change to the system. I'm sorry if I offend, but in my humble opinion the entire thing is asinine. |
| My System Specs |
| 06-24-2009 | #27 |
| | Scotteq Couldn't agree more! Ken |
| My System Specs |
 |
| Thread Tools | |
| Similar Threads for: Windows 7 UAC Feature Still Vulnerable | ||||
| Thread | Forum | |||
| Sun Java by far the most vulnerable plug-in | Security News | |||
| Windows 7 Less Vulnerable Without Admin Rights. | News | |||
| Does Wi-Fi make your laptop more vulnerable to thieves? | Security News | |||
| Windows 7 vulnerable to 8 out of 10 viruses. | Security News | |||
| Windows 7 beta UAC completely vulnerable to malware | System Security | |||
All times are GMT -5. The time now is 07:07 PM.
