Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Microsoft backpedals on UAC flaw

07 Feb 2009   #1

XP Pro, Windows 7 Ultimate 64 & 32 Build 7022
Microsoft backpedals on UAC flaw

After initially describing the ability for code to change UAC (user account Control) levels on Windows 7 beta without generating a UAC prompt as “by design” Microsoft has now agreed to make changes to the Release Candidate code to tighten up security with regards to this issue.
With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation.
What’s interesting is that this change of heart comes only hours after Jon DeVaan, senior vice president of the Windows Core Operating System Division, tries to assure readers of Microsoft’s Engineering 7 blog that the UAC problem is not a problem at all. The tone of this earlier post was very much one of we’re right, you’re wrong:
We are very happy with the positive feedback we have received about UAC from beta testers and individual users overall. This helps us validate our “regular people” focus in terms of the trade-offs we continue to consider in this design choice. We will continue to monitor the feedback and our telemetry data to continue to improve our design choices on UAC.
A flurry of comments followed which seemed to have caused the change of heart.
To be honest, I’m not sure why it took so long for Microsoft to realize that being able to alter UAC levels without any kind of system feedback was a serious issue. It’s not the fact that a bug of this sort existed in Windows 7 beta that bothered me (after all, it’s a beta), it was Microsoft’s odd nothing to see, move along reaction to it. I’m not sure whether this was down to Windows 7 being nearly done or a resistance to outside criticism of a change of policy that was OK-ed internally at Redmond, but in my mind it took far too much screaming from the crowds to get the problem acknowledged.
Needless to say, this is a victory (and vindication) for blogger Long Zheng who first highlighted this issue.

Microsoft backpedals on UAC flaw | Hardware 2.0 |

All I have to say to M$ is WTF?

My System SpecsSystem Spec
07 Feb 2009   #2

Vista Ult 64 bit Seven Ult RTM x64

Thanks djhallucn8,

Sounds like a reasonable way to handle things. Maybe turning UAC down a notch won't be so bad.

My System SpecsSystem Spec
07 Feb 2009   #3

XP Pro, Windows 7 Ultimate 64 & 32 Build 7022

M$ really puts forth the effort in adding security so bad crap doesn't happen to your PC, but the UAC seems to have these flaws where using too much security has issues but not enough security will cause even bigger issues. Sure I like to be safe, but I also very aware of what sites to go to & where to DL stuff without making my machine crap out on me. Do you know what I mean Vern?
My System SpecsSystem Spec

07 Feb 2009   #4

XP Pro, Windows 7 Ultimate 64 & 32 Build 7022

BTW, I know your name is not Vern.
My System SpecsSystem Spec

 Microsoft backpedals on UAC flaw

Thread Tools

Similar help and support threads
Thread Forum
Microsoft insists UAC vulnerability is not a flaw
more: Microsoft insists UAC vulnerability is not a flaw

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:59.
Twitter Facebook Google+