| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft dismisses Windows 7 UAC security flaw, continues to insist it is “by design” | |
|
||
| Time: 09:12 EST/14:12 GMT | News Source: istartedsomething | Posted By: Kenneth van Surksum | ||
|
Long Zheng: I’m not too sure if Microsoft is on the same page as I am, but a Microsoft spokesperson has emailed me in response to the Windows 7 UAC security flaw I wrote about and demonstrated yesterday. In summary, Microsoft claims this is “not a vulnerability”, is intended behavior and again indicates will not be changed. No, your eyes are not playing tricks on you. They’re (again) indicating it will not be fixed in the final version of Windows 7. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 333 Last | Next |
The time now is
5:17:31 AM
ET.
Any comment problems? E-mail us |
| #1 By 23275 (24.196.4.141) at 2/1/2009 10:48:25 AM |
|
it is not a security flaw.
Idiot sensationalist hit grabbers. Mal-ware would already have to be on the machine and approved past UAC by the logged user. Move on.... |
| #2 By 8556 (12.210.39.82) at 2/1/2009 2:48:38 PM |
| The updated UAC, which most people will see as a step forward, is supposed to be included in Vista SP2 as well as Windows 7. Thank you Microsoft for listening to our rants about UAC and responding in a professional manner. Now, let's gets back to work! |
| #3 By 12071 (203.210.68.145) at 2/1/2009 6:13:53 PM |
|
#1 It most certainly is a flaw in the design. The bad piece of code that you're assuming would have to be on the user's pc to begin with (and hence had to have gone through a previous UAC check) can actually come from a number of sources - for example a security flaw in the user's browser. It could be as simple as the user browsing to a website containing code that exploits a security flaw in the browser to then execute the "remove UAC prompts code".
Now you have a user who genuinely believes that UAC is still turned on and falsely assuming that as long as they don't get a UAC prompt then whatever they are doing, whatever they are clicking on is safe, as that's what Microsoft is conditioning it's users to believe. That's the risk of the current design and default settings. I believe a better fix to this is slightly different to what the author presents. The trust subsystem can remain as is with the exception that the UAC component (and in fact any component that can modify the UAC default setting) needs to be untrusted! The user should always be prompted when changes are being made to the default UAC level. Think of it as a standard Microsoft "Are you sure?" dialog. |
| #4 By 23275 (24.196.4.141) at 2/1/2009 7:31:19 PM |
|
Oh good grief...
Nonsense. Set your user up and other users up as standard users as advised by Microsoft and every other credible systems admin on planet earth. Set one user up as an admin only and assign the account a strong password. Give it a dang rest already. Just do what you know you're supposed to do and move on. If you must, set yourself up as an admin temporarily, set your machine up as you like it, then lower your user type to standard and have a coke and call it a day. End this rubbish. |
| #5 By 12071 (203.210.68.145) at 2/1/2009 11:55:02 PM |
| #4 Well I guess that's that then... King Lloyd who knows everything spoke! |
| #6 By 23275 (24.196.4.141) at 2/2/2009 12:52:25 AM |
|
#5, Well, Chris... it is rubbish and you know it. It's not just nonsense, it is utter nonsense.
There is plenty else we can debate and discuss, but some things just "are" - run as I said in #4, above and you can skip the cruft being generated around this one. There is so much else we can be concerned with. After the BS we all endured opposite Vista, I think a bit of a tone is required this time around - when it comes to pure bunk. I mean for starters, the derth of applications written to take advantage of it. |
| #7 By 15406 (216.191.227.68) at 2/2/2009 9:01:35 AM |
| I was under the impression that standard users could run code that could disable UAC. This, in turn, allows other nasty code to then bork the system, and even turn UAC back on when the borking is done. Is this not the case? I see Ketchum doing his Microsoft Two-Step as usual, but I can't trust anything he says due to his constant MS cheerleading and covering up their bad smells. |
| #8 By 16797 (65.95.27.124) at 2/2/2009 9:39:09 AM |
|
No. It doesn't work for standard users (or if UAC is set to highest level for administrator user).
Even when UAC is disabled it doesn't mean standard user can go to, for example, Windows folder and change files, etc. |
| #9 By 15406 (216.191.227.68) at 2/2/2009 10:11:20 AM |
| #8: Thanks. I thought that the first user (the default user for most Vista installations) was part of the Administrators group. UAC is triggered to allow them to use escalated permissions when required, but they're still admins nonetheless. While it's true that 'standard' users cannot do this, nobody runs as a standard user for the most part because it's not the default and it makes UAC even more annoying. |
| #10 By 16797 (65.95.27.124) at 2/2/2009 2:03:20 PM |
| First user, I think, is part of admin group and that is why all the talk.. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 333 Last | Next |
The time now is
5:17:31 AM
ET.
Any comment problems? E-mail us |
