So, you think you are secure and don't need precautions

dmex said:

ultraplanet said:

Dogz said:

I read about a report in Maximum PC that out of 10 viruses 8 ran WITH UAC enabled so you do need antivirus.

Can you provide a link to the report?

He was talking about this article: SophosLabs Sets Out to Prove Windows 7 Has Some Vulnerabilities | Maximum PC

I haven't used an AV in three years and still have not been infected, Vista's and 7's additions to the group and local security policy's made it possible for you to null the attack surface of Windows down to your preferences.

Firefox will be my primary browser while they keep nightly-builds as it helps stop drive-by-download exploits, nightly builds help make it near impossible for anyone to find/exploit a flaw and figure out a way to infect your machine before a new build is released all while without you knowing about it.

If UAC had a configuration wizard (like everything else ) that allowed us to specify our own execution level for an application and instead hash checked the program and the dll's it loaded against the preferences we set if indeed we set one for that program, it would then have some real teeth against a huge range of infections or attacks. Vista and Windows 7 include CardSpace in Control Panel and its a secure digitial 'wallet' thats more than capable of acting like a while-list for UAC but has yet been utilized

The current implementation of only checking the executable for a requestedExecutionLevel flag set by the developer and willy-nilly allowing dlls to load into an elevated application and execute code is unacceptable, this is a known limitation since Vista RC1 and I have yet to hear a reason why it hasn't been fixed in two OS releases.

not a bad idea dmex...

dmex said:

Zidane24 said:

dmex said:

If UAC had a configuration wizard (like everything else ) that allowed us to specify our own execution level for an application and instead hash checked the program and the dll's it loaded against the preferences we set if indeed we set one for that program, it would then have some real teeth against a huge range of infections or attacks. Vista and Windows 7 include CardSpace in Control Panel and its a secure digitial 'wallet' thats more than capable of acting like a while-list for UAC but has yet been utilized

The current implementation of only checking the executable for a requestedExecutionLevel flag set by the developer and willy-nilly allowing dlls to load into an elevated application and execute code is unacceptable, this is a known limitation since Vista RC1 and I have yet to hear a reason why it hasn't been fixed in two OS releases.

not a bad idea dmex...

Thanks

I found this reference:
Nick on Silverlight and WPF : USER & GDI Compat, part 5 -- Miscellaneous
In order to inject a DLL into processes that link with USER32.DLL on Vista/Win7, you simply can add the DLL name to the value of the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs

UAC at its default level is easily bypassed on Windows 7 by medium integrity (user) apps hooking explorer's functions or finding a exe/dll outside secure locations like the ProgramFiles or the Windows directory and patching its code, Virus Protection is also worthless if that person or company was targeted specifically with something unknown or customized and its these instances where UAC and the local security policy are supposed to mitigate. Software Restriction policy's are a good start but its yet another system and could be integrated with CardSpace and it with UAC to provide decent UAC customization and control using built-in but completely different security configurations per-user reducing the attack surface of windows to near null.

I was talking to a friend who was wanting to bypass UAC (to prank his roommate...) and it occurred to me that UAC didn't protect against non-SYS DLLs...

It would seem to me that it would lock all DLLs down but that might provide some issues with running applications (on the elevated front) so they didn't implement it...

Who knows...

dmex said:

Zidane24 said:

I was talking to a friend who was wanting to bypass UAC (to prank his roommate...) and it occurred to me that UAC didn't protect against non-SYS DLLs...

It would seem to me that it would lock all DLLs down but that might provide some issues with running applications (on the elevated front) so they didn't implement it...

Who knows...

It wasn't done because it would cause massive overhead, UAC at its current implementation loads each exe into memory and scans it for its RequestedExecutionLevel tag set by the developer before continuing execution... If every exe and dll implemented a manifest then it would take awhile for Windows to load and scan each file which is expected to already be done by your anti-virus.

AppLocker and the Software Restriction policy's in ultimate do an awesome job in filling the gap left exposed by UAC but having three systems for the job UAC should and could do is nonsense.

I agree...another case of only protecting what you have to...