Jump to content

Windows 7 beta UAC completely vulnerable to malware

striker

By striker
in All Things Windows

 Share

Recommended Posts

Corrine

Corrine

Posted
Posted

This is not applicable with the standard or limited user group where an administrative password is required to make system changes. In addition, in my testing, if UAC is disabled, there is a security warning in the systray and the computer has to be restarted for it to take effect. Solution: run as a limited user and elevate UAC to the secure level.Protection: Use WinPatrol. See http://billpstudios.blogspot.com/2009/02/w...ges-to-uac.html

Link to comment
Share on other sites
striker

striker

Posted
  • Author
Posted

It's the lipstick on a pig effect, in other words a bug, period.Whether Microsoft wants to admit it or not.They're crippling security in favor of user wishes, yeah :thumbsdown: We'll see how long it takes before this so called 'feature' gets exploited, you can just wait for it.

Link to comment
Share on other sites
goretsky

goretsky

Posted
Posted

Hello,I wonder if setting the UAC level is something which the user should be prompted to set when the operating system runs for the first time, just like whether or not to download updates.Regards,Aryeh Goretsky

Link to comment
Share on other sites
striker

striker

Posted
  • Author
Posted
Users will still turn it off.
Then it's their own fault, not Microsoft's anymore. So these users will all have to take the consequences for their own actions in this case.It's the same as if I were to take a saw and remove the roof of my car, just because I like the wind in my hair. A big truck drives before me and a little stone springs up from beneath its tires and smashes my head, a big hole in it and a can of blood. Now I'm going to sue the manufacturer of my car because it didn't save me from that little stone. Just ridiculous, it was my own fault. And in the case of the above, when the user still turns UAC off, it's his fault so he's the one to blame when something happens.
Link to comment
Share on other sites
Gary

Gary

Posted
Posted
Then it's their own fault, not Microsoft's anymore. So these users will all have to take the consequences for their own actions in this case.It's the same as if I were to take a saw and remove the roof of my car, just because I like the wind in my hair. A big truck drives before me and a little stone springs up from beneath its tires and smashes my head, a big hole in it and a can of blood. Now I'm going to sue the manufacturer of my car because it didn't save me from that little stone. Just ridiculous, it was my own fault. And in the case of the above, when the user still turns UAC off, it's his fault so he's the one to blame when something happens.
That is correct and MS should let the User decide what to do. I like the way the UAC is in Win 7 now. I do not want it to be changed.
Link to comment
Share on other sites
sunrat

sunrat

Posted
Posted (edited)

We have to also consider the safety of the interwebz. A user who turns off UAC is probably more likely to allow his computer to become a botnet zombie. Then the same user would probably click yes to a prompt of "Install BotZombie App 1.03 to enable your PC to do stuff. Allow or Deny?" :hysterical: :D :whistling:

Edited by sunrat
Link to comment
Share on other sites
striker

striker

Posted
  • Author
Posted
from a usability standpoint, linux is not that different:you either have to open a terminal session and enter commands as su,or you are prompted for the root user's password.so, windows uac and linux both demand credentials or approval and neither really is ahead by "keystrokes saved"
Basically that's correct. There are other factors will come into play but they're out of the scope of your answer.
Link to comment
Share on other sites
striker

striker

Posted
  • Author
Posted
We have to also consider the safety of the interwebz. A user who turns off UAC is probably more likely to allow his computer to become a botnet zombie. Then the same user would probably click yes to a prompt of "Install BotZombie App 1.03 to enable your PC to do stuff. Allow or Deny?" B) B) :)
I don't mind using my brains and thinking before any install, and therefore answering UAC's prompts. What I really can't stand are people installing something and during the install (let's take a complete new application here OK, not one someone has already installed a dozen times) without reading anything on the screen just hunting for the 'OK' and 'I accept' buttons.People may be young and (cough cough) 'IT trained' on their schools nowadays, but that's simply asking for problems. And the folks over here are then begged for help and getting rid of all kinds of crap which shouldn't have been installed in the first place. And afterwards they come stating that &&^%$@% OS did it, where in these cases it was just PEBKAC.I do have one client left which uses a dozen of Windows computers and some linux machines. The client has a lot of young kids. When I see how a couple of those kids, (and fortunately there are other kids too which indeed read, think and let their brains work) just hammering at the keyboard without reading anything, without thinking about the consequences of their entered keystrokes, I get sick, real sick. You can try to explain over and over again, it doesn't matter. Before you turn your back, they're back at their old habit. The good thing about the other mentioned kids which do indeed read, think and let their brains work, is that they never have problems with the OS they use. Being it Windows or anything else.
Link to comment
Share on other sites
zlim

zlim

Posted
Posted
You can try to explain over and over again, it doesn't matter.
I know some adults like that. I offer free tech support to senior citizens and most of them follow what I write on a notecard as far as updating and staying protected. One guy I helped (no more help from me), refused to listen. He was on dialup and finally had to resort to a line block because his computer was dialing out and he had huge phones bills. How hard is it to pull the phone plug from either the computer or the wall when you turn off the computer?
Link to comment
Share on other sites
sunrat

sunrat

Posted
Posted
I don't mind using my brains and thinking before any install, and therefore answering UAC's prompts. What I really can't stand are people installing something and during the install (let's take a complete new application here OK, not one someone has already installed a dozen times) without reading anything on the screen just hunting for the 'OK' and 'I accept' buttons.People may be young and (cough cough) 'IT trained' on their schools nowadays, but that's simply asking for problems. And the folks over here are then begged for help and getting rid of all kinds of crap which shouldn't have been installed in the first place. And afterwards they come stating that &&^%$@% OS did it, where in these cases it was just PEBKAC.I do have one client left which uses a dozen of Windows computers and some linux machines. The client has a lot of young kids. When I see how a couple of those kids, (and fortunately there are other kids too which indeed read, think and let their brains work) just hammering at the keyboard without reading anything, without thinking about the consequences of their entered keystrokes, I get sick, real sick. You can try to explain over and over again, it doesn't matter. Before you turn your back, they're back at their old habit. The good thing about the other mentioned kids which do indeed read, think and let their brains work, is that they never have problems with the OS they use. Being it Windows or anything else.
If you can't drive a car without crashing or endangering other road users, you don't get to drive.Maybe we need a licence for computers similar to a driving licence for cars.
Link to comment
Share on other sites
striker

striker

Posted
  • Author
Posted

As a matter of fact something like that exists here where we live: it's called a 'computer rijbewijs' , freely translated to 'computers usage license'. But the problem with all these licenses, diploms and certificates is this, for which we have a saying over here: they all are only valid on the day they were issued... B) After that it comes down to using the gained knowledge and gathering experience, without shouting loud 'I know it all, because I have a certificate' . Yeah, whatever. I learned biking when I was five years old...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...