| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code) | |
|
||
| Time: 08:53 EST/13:53 GMT | News Source: istartedsomething | Posted By: Kenneth van Surksum | ||
|
Long Zheng: This is dedicated to every ignorant “tech journalist” who cried wolf about UAC in Windows Vista. A change to User Account Control (UAC) in Windows 7 (beta) to make it “less annoying” inadvertently clears the path for a simple but ingenius override that renders UAC disabled without user interaction. For the security conscious, a workaround is also provided at the end. First and foremost, I want to clear up two things. First, I was originally going to blackmail Microsoft for a large ransom for the details of this flaw, but in these uncertain economic times, their ransom fund has probably been cut back so I’m just going to share this for free. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 315 Last | Next |
The time now is
6:27:06 AM
ET.
Any comment problems? E-mail us |
| #1 By 23275 (24.196.4.141) at 2/1/2009 11:24:36 AM |
|
they really... really....really need to publish a retraction!
said "exploit code" could not install in the first place under Windows 7 default UAC settings WITHOUT having been expressly consented to by the logged user. Chance we'll see a retraction? I'm betting zero. This has the potential to be as bad as the IE is less secure than FF/Chrome BS that still circulates web-rags. This remineds me of dime novels when I was a kid - cept we knew they were FICTION. |
| #2 By 17996 (24.16.47.66) at 2/1/2009 6:30:30 PM |
|
#1 -- I have to disagree. You don't need to "install" the exploit code -- you just need to find some existing remote code execution flaw somewhere in Windows and take advantage of it. For example, opening a rigged movie file in Windows Media Player that takes advantage of some remote code execution flaw in WMP.
The example given is a VBScript file (.vbs). All you need to do is double click it (or get "wscript.exe filename.vbs" to execute). No prompts will ever be shown. |
| #3 By 23275 (24.196.4.141) at 2/1/2009 7:36:06 PM |
|
#2, Not so at all. Are you running as a standard user? You should be.
I mean really, are you installing software so often that putting in the admin password is that much of a pain? Seriously? |
| #4 By 17996 (24.16.47.66) at 2/2/2009 12:09:23 AM |
|
#3 -- if you've seen any of my posts on here you know I'm as much of an MS fan as they come. I've defended Vista's UAC on numerous occasions. But what they've done in 7 is disasterous.
Yes, I run as a standard user. I feel no pain in using UAC and entering my password when needed. And I won't be affected by this since I rarely log in directly as admin (protected admin). But the majority of Vista users out there still run as protected admin. Protected admin is now no longer protected (by default) in 7 since they've opened huge holes for silent elevation. It doesn't matter if it's limited to signed components of Windows -- there will be flaws found in those components that will lead to malicious code elevating where it would not have in Vista. Microsoft needs to ship 7 secure out of the box by having the UAC setting be equivalent to Vista's. |
| #5 By 23275 (24.196.4.141) at 2/2/2009 1:05:37 AM |
|
#4, Well gripes about UAC were complaint numero uno among the "technically literate" who so consistently declared that Vista was bad. I remind all that these same people asserted that XP was the end all. There is no pleasing what appears to me to be a small group of people with a disproportionate share of voice. It is impossible.
Ironically, the answer to all of it has been there all along... run as a standard user all the time. As you know, it is not hard. Also, as I wrote here a few weeks ago... Windows 7 is Vista, but less. That does not change the fact that Windows 7, when run as recommended, is as secure as Vista. |
| #6 By 15406 (216.191.227.68) at 2/2/2009 8:56:17 AM |
| #5: The technically literate complained that the UAC prompts were too frequent, and for simple system tasks. The noobs complained about being prompted at all. Put the straw down. |
| #7 By 1153703 (91.236.75.41) at 5/20/2013 1:20:37 PM |
|
Im up!! As i said this is my favoured ocupation. I am on all topics in "la red" if you go some interesting sites you transfer always bump into uncover me posting. I make the beast with two backs it , this is my in seventh heaven
http://veriret.edu.pl/?p=6135 http://tinem.org.pl/?p=5363 http://alitea.pl/dom,i,ogrod/ogrody,od,a,do,z,nawadnianie,ogrodow,s,5618/ http://www.kopac.com.pl/strony,blogi,fora/ogrody,od,a,do,z,poglebianie,studni,s,1104/ |
|
Write Comment
Return to News |
Displaying 1 through 25 of 315 Last | Next |
The time now is
6:27:06 AM
ET.
Any comment problems? E-mail us |
