UAC and Linux

So UAC is supposed to work in a similar way to Linux's security model right? As in, when actions require root access, it will prompt for a password to elevate the program's privileges.

So in theory, if malware were to add itself to the startup programs list on Windows, it would have to prompt a UAC alert, right? Then why is it that malware is able to bypass UAC's security measures on Windows and not on Linux?

On a related note, although Linux malware is far fewer in number, if one were to regularly use the Linux root account, will it be likely for the user to be infected?

Point taken, but shouldn't "[running] under a low-privileged account and [elevating] when needed" still mean that access to the core of the system is still restricted under Windows?
Nevertheless, although perhaps user-specific start up does not require root access, why is malware still able to copy itself into directories such as Windows and Program Files, and make registry changes without triggering UAC?

UAC is basically a bad copy-paste of Linux's sudo command (from the little I know from Linux), which basically turns administrator accounts into non-admins and asking when a program requires elevation. For real non-admins users, it just ask for the user/password of an admin to continue.

There is a fundamental difference is that the default user account in Windows is an administrator one, which thanks to UAC gets silently demoted to a non-admin one and you're asked to elevate (as far as I know, Linux default account is non-admin and you must use the built-in root to manage system-wide things). Under that limited permission account you (and viruses) are free to manage your files, user-specific configuration and have read only to all system files and programs, but to modify those you need elevation, yes.

There is another thing. In Windows 7 a critical bug was introduced in UAC that affect the default configuration. When UAC is set to the default level (the 3rd position in the slider of the UAC's settings) or lower, any program running in an admin account (automagically demoted to non-admin by UAC) CAN bypass the prompt and get full admin permissions without user knowledge or consent. If you set UAC to the highest level or use an account not belonging to the administrators group, trying to exploit the bug will show an elevation prompt (and hopefully the user will realize that something is wrong and deny it). This bug was NOT present in Windows Vista. MS has acknowledged it and has no plans on fixing that, so plenty of viruses today exploit it.

Another chance to get infected is that a piece of malware does trigger an UAC prompt, and the user simply accepts it!, granting a virus full system control (this isn't a flaw of Windows of course). Often, you can know when to expect an UAC popup, common sense is the only way of knowing when to trust an app and when to not. If a prompt appears out of nowhere for example, I would NOT give my password. Many viruses rely on user's lack of knowledge to make him give full access too.

As far as I know, the default UAC level 3 automatically grants administrator permission to certain Windows programs such as Notepad and Paint, and malware can just inject code into Notepad to do... well, bad things.

Is it possible for malware to perhaps exploit security holes in the way UAC works (even on the highest UAC level) to silently bypass the UAC prompts? And if this were the case, wouldn't a similar attack be possible on Linux systems?

M4dn3ss said:

As far as I know, the default UAC level 3 automatically grants administrator permission to certain Windows programs such as Notepad and Paint, and malware can just inject code into Notepad to do... well, bad things.

Exactly, that's the bug I was talking about. A few programs have granted this "auto-elevate" privilege that is supposed to make UAC less annoying, but actually it only makes it totally useless in the default level, because anyone (or anything) can bypass it at will by code injection.

M4dn3ss said:

Is it possible for malware to perhaps exploit security holes in the way UAC works (even on the highest UAC level) to silently bypass the UAC prompts? And if this were the case, wouldn't a similar attack be possible on Linux systems?

A lot of malware actually exploits that flaw and silectly bypasses UAC in that way.
But under the highest level, the auto-elevation isn't allowed and a prompt is generated, so even though a program may attempt to exploit the bug, the user would be alerted.

On Linux, this doesn't even exists and it works in a very different way. The auto-elevation bug on Windows is something very specific to their implementation that doesn't ports to anything else on other OSs. Each one may have it's own bugs though.

Are there any flaws in UAC's maximum security setting? I'm pretty sure there have been many viruses that have been able to bypass the UAC prompt

Not that I'm aware of. The UAC-bypassing viruses relies on the default configuration only, there are a lot of viruses today that exploit the bugs introduced by Win7 to UAC, and users being mostly unaware or not caring at all helped to their spread. But once you set UAC to highest you should be safe from that at least.
It may have some other bugs of course (as every software has) but not related with the "by design" ones.
The main problem is that, once a prompt appears, is up to the user to decide if elevate or not, and a mistake there may lead to an infection. But this isn't a flaw in UAC (even Linux may have problems that way if the user gives away the root password all the time).

Really? I swear a couple of years ago I was infected from an infected advertisement on a web page which installed a Fake AV without prompting UAC. UAC was on max level too.