New
#1
basically I am guessing if they made the change he wants then when toggling the setting you would get a UAC prompt, a small price to pay to fix the exploit I guess.
Read moreThe Microsoft blogger who first called attention to a security vulnerability in Windows 7's User Account Control (UAC) feature claims it still exists and that Microsoft won't fix it, even as the company nears final code completion on the OS.
Long Zheng, who writes the popular "I Started Something" blog, has posted a video online showing how UAC, a security feature first introduced in Windows Vista that sets user privileges on a PC in Windows 7, can be exploited.
Zheng also pointed to an instructional document by Microsoft Technical Fellow Mark Russinovich that attempts to explain UAC, saying it clearly states that Microsoft has no intention of fixing a change it made in the UAC in Windows 7 that leaves the new OS less secure because it allows someone to remotely turn the feature off without the user knowing.
Zheng first pointed out this change and its vulnerability back in February. At the time he said that the new UAC "standard user" default setting, which does not notify a user when changes are made to Windows settings, is where the security risk lies. A change to UAC is seen as a change to a Windows setting, so a user will not be notified if UAC is disabled, which Zheng said he was able to do remotely with some keyboard shortcuts and code.
[digg]https://www.sevenforums.com/news/13614-windows-7-uac-feature-still-vulnerable.html[/digg]
basically I am guessing if they made the change he wants then when toggling the setting you would get a UAC prompt, a small price to pay to fix the exploit I guess.
I wouldn't like that approach, but if it's not working as it should, then why keeping it on? Pitty, now when I got pretty much used to it.
Please keep in mind, this is a Bootkit exploit: Someone has to physically sit down at your computer and use corrupted media to boot the system. It cannot be downloaded, eMailed as an attachment, clickstreamed, hidden in a file for later execution, or any of the other ways people try to hack into your computer.
Also - Keep in mind this is the same way into a computer that technicians use to wipe a forgotten password.
Quite frankly, I'm having a hard time understanding why people appear to have so much sand in their vaginas over this. If Someone Has Physical Access To Your Computer, Then What's Preventing Them From Simply Stealing The Hard Drive? Or Stealing The Whole Thing Outright?
Looks like some of us will need to go back to using an Antivirus program full-time once again
Im guessing the decision not to fix UAC is a direct result of people like myself who have very good experience using computers who do not use an Antivirus, I can identify trojens and virus's before they are executed and have been able to run without an Antivirus for two years now without a single infection while downloading at least 80gb of data a month (least I do ) Ive tested my system each time a new AV product version has been released and have not found one infection in two years and I can thank UAC for giving Power Users the ability to dump their AV permanently like myself and others have.
Why change a perfectly good security model just for (noobs!) one that completely defeats the purpose of putting it into the system in the first place? Its not like users cant find and change UAC settings If its not fixed then It should just be removed because no one will continue using it, especially if it doesn't offer the security it once did and what people have come to expect.
Microsoft seriously needs to prevent any automated tampering of UAC controls by applications otherwise its not worth anyone ever using and as it stands right now, UAC is dead weight and offers users nothing for the annoyance it causes. I will disable it on all machines I build and sell in the future and advise customers it offers them zero protection
UAC is useless? HA! i knew that when i first used vista. i thought to myself, "you gotta be f%*kin' kiddin' me." now it serves as nothing more that a placebo, i think if you have a firewall, a decent AV, and anti-spyware, you'll be fine. UAC is just another annoying "feature" MS throws in there, to herd sheepish consumers (no offense folks).
XP didnt have it, and I've only gotten a few viruses, but that was due to my own stupidity. Most of which were catastrophic...like i said... my bad
I think that UAC was created to prevent unauthorized changes to your computer. If someone can turn it off without being authorized to do so, than that's just plain ironic, as well as useless.
For years, Windows has been the choice of computer compainies around the world. Since the 90's, UAC didn't exist, and people didn't have many problems. I think UAC is overrated, but it can be handy when you go to one of those websites that you just can't trust.
UAC is a royal pain, it simply gets in the way. At least the screen does not flicker away as it did in vista ....