After initially describing the ability for code to change UAC (user account Control) levels on Windows 7 beta without generating a UAC prompt as “by design” Microsoft has now agreed to make changes to the Release Candidate code to tighten up security with regards to this issue.
To be honest, I’m not sure why it took so long for Microsoft to realize that being able to alter UAC levels without any kind of system feedback was a serious issue. It’s not the fact that a bug of this sort existed in Windows 7 beta that bothered me (after all, it’s a beta), it was Microsoft’s odd nothing to see, move along reaction to it. I’m not sure whether this was down to Windows 7 being nearly done or a resistance to outside criticism of a change of policy that was OK-ed internally at Redmond, but in my mind it took far too much screaming from the crowds to get the problem acknowledged.
Needless to say, this is a victory (and vindication) for blogger Long Zheng who first highlighted this issue.
Microsoft backpedals on UAC flaw | Hardware 2.0 | ZDNet.com
All I have to say to M$ is WTF? :sarc:
With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation.
What’s interesting is that this change of heart comes only hours after Jon DeVaan, senior vice president of the Windows Core Operating System Division, tries to assure readers of Microsoft’s Engineering 7 blog that the UAC problem is not a problem at all. The tone of this earlier post was very much one of we’re right, you’re wrong:
We are very happy with the positive feedback we have received about UAC from beta testers and individual users overall. This helps us validate our “regular people” focus in terms of the trade-offs we continue to consider in this design choice. We will continue to monitor the feedback and our telemetry data to continue to improve our design choices on UAC.
A flurry of comments followed which seemed to have caused the change of heart.
To be honest, I’m not sure why it took so long for Microsoft to realize that being able to alter UAC levels without any kind of system feedback was a serious issue. It’s not the fact that a bug of this sort existed in Windows 7 beta that bothered me (after all, it’s a beta), it was Microsoft’s odd nothing to see, move along reaction to it. I’m not sure whether this was down to Windows 7 being nearly done or a resistance to outside criticism of a change of policy that was OK-ed internally at Redmond, but in my mind it took far too much screaming from the crowds to get the problem acknowledged.
Needless to say, this is a victory (and vindication) for blogger Long Zheng who first highlighted this issue.
Microsoft backpedals on UAC flaw | Hardware 2.0 | ZDNet.com
All I have to say to M$ is WTF? :sarc:
Last edited:
My Computer
- Computer Manufacturer/Model Number
- Custom
- OS
- XP Pro, Windows 7 Ultimate 64 & 32 Build 7022
- CPU
- 6600 2.40 Ghz Intel Core 2 Duo
- Motherboard
- Nvidia nForce 650i Ultra
- Memory
- 4096 GB DDR2
- Graphics Card(s)
- 512 MB Nvidia GeForce 8400 GS PCI E
- Hard Drives
- 2 x 250 GB Western Digital SATA
1 x 500 GB Western Digital SATA
1 x 250 GB Western Digital SATA USB
1 x 80 GB Western Digital IDE
- PSU
- 600 Watt
- Case
- Custom
- Cooling
- Zalman
- Keyboard
- Logitech Wireless Keyboard
- Mouse
- Logitech MX 700 Wireless Optical Mouse
- Internet Speed
- Fios
- Other Info
- Also a Dell Inspiron E1505 1.6 Core Duo with 2GB DDR2, 320GB HDD running dual boot Windows 7 32 build 7057 & XP Pro 32 SP3.
