Malware can turn off UAC in Windows 7; “By design” says Microsoft
New to Windows 7 is the ability to fine tune User Account Control (UAC), the infamously chatty feature introduced in Windows Vista to improve security.
As the Windows operating system cannot differentiate between a user clicking a button and a program clicking a button, UAC was initially implemented to always prompt the user via a dialog shown in the Secure Desktop, similar to the login screen.
Windows 7, however, now ships with UAC configured to hide prompts when users change Windows settings. While this mode still ensures normal applications can’t overwrite your entire registry hive, Microsoft made a boo-boo in allowing users to change any Windows setting without any prompts. Yes, you can even change UAC settings, allow applications free reign in elevated mode (after the required restart).
I’m not alone in scratching my head here – According to an envelope of Post-It notes received by Long Zheng, there have been multiple submissions of this very issue on Microsoft’s beta portal, Connect. Guess what happened. They were all closed -- “by design”.
To quickly demonstrate how easy it is to automate the disabling of UAC, I wrote some sloppy VBScript code (rename to .vbs), the kind you see in malware on P2P networks, using a combination of the SendKeys, Sleep and Run methods to automate the remote control of the UAC control panel applet and reboot of the system. A more enterprising piece of malware could, of course, move the UAC dialog off-screen, and/or install malware into the startup folder.
An obvious fix for this “issue” would be to force the adjustment of UAC parameters to be confirmed by a human. Until Microsoft addresses this “issue”, you can set UAC to its highest mode to kill any concerns you may have… but you’re not using this in a production environment anyway – right?
[...] in VBScript (would be just as easy in C++ EXE) to do that – emulate a few keyboard inputs. You can download and try it out for yourself here, but bear in mind it actually does disable [...]
i now hear a wo-wo coming soon from Microsoft.
Security Fail.
The new “non-annoying” UAC settings in Windows 7 are definitely less annoying, but then I was never annoyed by UAC in Vista.
I’d rather it were the same as it is in Vista, than be less secure.
I was never annoyed by either Vista or W7 UAC, but it’s nice to know to be extra careful.
[...] нажатия нескольких клавиш. Вы можете загрузить его и самостоятельно оценить, помня при этом о том, что [...]
[...] how easy it is to automate the disabling of UAC, Rafael wrote a VBScript. An obvious fix for this “issue” would be to force the adjustment of UAC [...]
[...] desactivar completamente la barrera que supone el UAC. El problema que han detectado tanto en Within Windows como en Istarted Something y Windows Connected es que una aplicación podría modificar el [...]
Hi Rafael,
my first action is allways to set UAC to Vista level. Thanks for showing all n00bs that the new UAC from Win7 is bad!
André
I agree that this needs to be fixed, because average Joe user these days is too stupid to differentiate between legit apps and malware it seems.
And yes, the fix is easy, remove the security certificate from the users control panel applet. Voila.
@Chris123NT, i dont think the average joe is too stoopid to differentiate between the too, i think that people are getting better at hiding malware anyway they can to trick people into installing things, only to find out that they “double clicked” more then what they bargained for, not that people shouldnt still be cautious, but sometimes it can be hard to tell the difference…
i agree that sumthin should be done though and if there is a simple fix for it, like what has been found, then it should be implemented in time for RTM..theres no reason it cant be done!
peas
cityboy
I think regardless of how many buttons and dialog screens a user has to go through they will still whatever they want. Until people learn the difference between legit apps and all the “free” junk there will be problems. UAC only annoys those of us who better understand what we are doing when we install something, it only suggests that the software might be harmful.
Over the course of a normal day I use XP Pro and Vista machines at school, but once I get home I use mostly a Mac OS X but there are also XP and Linux computers and I can honestly say I prefer XP over Vista and definitely Mac OS X over all of them.
Thanks for this post Rafael, I had a bad feeling about the new UAC slider in Win 7 as soon as I saw it. Security on the most popular OS in the world is a conundrum for Microsoft. The security (or lack there of) in XP is the main source of malware today, most regular users run XP as administrators and couldn’t tell you if their machine up to date with security patches. The Vista team decided that, that needed to change, and sacrificed convenience for security. It looks like the Win 7 team has decided to give in to pressure and give people an easy way to go backwards to alleviate the complaints about the annoyance UAC caused some Vista users.
“It looks like the Win 7 team has decided to give in to pressure and give people an easy way to go backwards to alleviate the complaints about the annoyance UAC caused ’some’ Vista users.”
If it would be ’some’ users i doubt strongly they’d change such a fundamental issue. They should just use the Vista style UAC for corporate environments and do away with it all together for home users.
Even my father (79) knows better now then to click on anything that passes by.
Rafael – Could you comment on this?
I saw this comment posted by “Master Guru” over at a website referencing this issue:
Windows 7’s UAC is now insecure ‘by design’ – TechBlog
http://blogs.chron.com/techblog/archives/2009/01/windows_7s_uac_is_now_insecure_by_design.html#c1226188
Quoting:
UAC suppresion is only allowed on admin accounts, unless of course the user enters the admin password from a user account.
A) The script will not run on my PC in a user account.
B) If it did, it would ask for an admin password.
Dwight,
Please create a user account and try to change UAC without entering an admin password.
I’m curious why anyone else would have any other results….
The article does say user, right?
As a user I also cannot change any items with a shield on them in any dialogue box, such as Windows Firewall or any program requiring admin priveleges.
—end-quote —
The blog author (Dwight) then comments that “by default, the Win7 beta install sets up as an admin account. In fact, during setup, you have no option to set up as a user account. So I suspect 99 percent of all beta users are running as admin, in which you don’t get prompted to change UAC settings.”
Any thoughts on these perspectives of the issue?
Thanks!
SendKeys aren’t dependable at all. If I had a program trying to access uac via sendkeys, all I could do is click on a random text box somewhere and throw it off.
I hate Vista for the UAC made the whole OS slow and cumbersome to use. I do not want a wall of popups after popups that are telling me if I’m sure that I want to install an app, watch a page in internet or change a setting. As a user all I want is speed and Vista no matter what run much slower than XP in a 50 times faster machine can you explain that. How about some code optimization please! I would have paid the same amount for the Vista OS than for a version of DirectX 10 that runs in XP. Too bad for Windows that soon it will be available not from them and it will be a free download. Unfortunately all I have seen so far is that Windows 7 is nothing more than Vista without the UAC. An improvement but a still slow OS. If Security is relevant when it comes to an OS then the whole Windows approached to it has been flawed from the design phase. If they would have been able to design the OS with a way to create restore points from which you can recover on the fly no matter what, then you would not have to worry about getting the OS so secure that is impossible to use, but instead you have a very powerful tool that allows you to recover from catastrophic loss of info. No matter how much security you put into something someone will defeat it. The real worst part here is that creating a ghost image every week in XP is cumbersome enough.
[...] Zheng and Rivera’s script is available for download here, but users should be aware that it will disable UAC. [...]
Don’t worry. I’m sure the beta team will listen to your concerns now that they’ve been made public :P
(I hope they do. Otherwise, they should all be fired)
[...] be just as easy in C++ EXE) to do that – emulate a few keyboard inputs – without prompting UAC. You can download and try it out for yourself here, but bear in mind it actually does disable [...]
[...] e o usuário não perceberá a modificação. Rafael Rivera fez exatamente isso e publicou uma prova de conceito feita na forma de um simples VBScript. Os criadores de malwares podem colocar isso em um programa [...]
@Claus Valca: That MG user is correct, but given that most consumers won’t bother with the creation of a “real” user, this is still an issue.
@Evan: Obviously this was just a proof-of-concept. I wasn’t going to write malware just to make a point.
[...] Download: Proof-of-concept VBScript (Rename to .vbs) News Source: istartedsomething and Within Windows [...]
@Renato
stop posting such nonsense. this is a discussion about an implementation bug in UAC in Windows 7 and not a place to troll.
Vista is not a slow OS and if you are annoyed by UAC you don’t understand how right management in NT systems works. Do the same things under a limited account in Windows XP and look at the access denied messageboxes you’ll see and compare it with Vista ;) What is better? an option to get elevated rights with the UAC or the stupid messageboxes ;) So learn how NT works
[...] Fuente | Withinwindows [...]
[...] Link | Malware can turn off UAC in Windows 7; “By design” says Microsoft [...]
stop whining, if u install legal apps once , then u nevr see this ‘problem’ again.
I have read all of these posts. I have a couple of statements and questions.
I use AVG for Antivirus and Spybot Search and destroy for Spyware and malware protection.
Bare in mind I don’t go looking for trouble, however I have not had a problem with malware on my computer.
Education is the key here. If you are not installing a program on your computer nothing should be popping up trying to change your registry. If it does you deny the change and go on. Seems pretty simple to me.
One thing Microsoft should learn is they ‘can’t fix stupid’.
I am curious to know if Macintosh OS has these same of similar vulnerabilites in their OS?
Look out they will be next to get hit.
I am an IT Manager for a small family owned company and the key like I said earlier is education.
I have instructed my users and friends what to look for and installed the programs I have listed above (not at work) to home users and I have not had any repeat cleanups of computers to do.
Microsoft will never win this battle and will always be chasing its tail.
The answer is simple create and unsecure OS for people to use that know how to use the tools available to protect themselves and create a secure OS for the uneducated consumer to use. Let people make the choice and live with their decision and stop trying to solve every problem. They should learn from the government.
Sorry for the rant.
Education will help with most of the issues, but how can that be accomplished to such a wide audience? People would brush that off just like the EULA is.
Good anti-malware applications should be able to prevent most things but I think its a really good thing that Microsoft is doing, protecting the users in the best way that they can.
Microsoft will get it someday and thanks to Rafael they might get there quicker. Good post.
[...] went on to investigate and created a script with Rafael (the same guy that released all the Unlock Windows 7 Build 6xxx hacks). Turns out he managed to [...]
[...] (withinwindows, via theregister, tgdaily) [...]
[...] onto the Windows 7 computer without the user knowing it had been done. You can download it from Rafael Rivera Jr.’s blog. And yes, it really does completely disable the UAC in Windows 7. If you run the script, [...]
This seems really crazy. Basically Apple has forced MS to make their product less secure with their false, although witty, ads.
I have never been bothered by UAC in Vista. I think the only people who are bothered by it are the ones who have seen Apple ads and bought into that. They of course leave out that Mac OS has the same type of feature, except instead of just clicking continue you need to enter your password. In my experience it happens much more frequently on Mac OS than it does in Vista,
[...] את כל הפרטים המלוכלכים תוכלו לקרוא בצורה מתומצתת כאן או ללכת על ההסבר המפורט והמרתק יותר בפוסט של Zheng [...]
[...] went on to investigate and created a proof-of-concept script with Rafael (the same guy that released all the Unlock Windows 7 Build 6xxx hacks). Turns out he managed to [...]
So, does Windows7 still encourage users to run as an Administrator? Until Microsoft gets serious about security and designs an OS that properly segregates between user appropriate functions and Admin-only functions and forces their software designers to respect this segregation, any use of Windows as an OS is a security work around.
Just my two cents.
Thanks for the Article Rafael!
[...] “By design”. Ehk neil pole plaaniski seda probleemi lahendada. Loe lähemalt Rafaeli blogist. Kommentaarid (RSS) | Kommenteeri | Püsilink Kommenteeri [...]
[...] Windows fan sites are also downplaying the severe security issues just found in Vista 7: [...]
The UAC whitelist is anti-competitive, as well as being badly designed/secured.
Users cannot add 3rd party components that they use & trust to the UAC whitelist. Only Microsoft’s own components can be on it. So, for example, third party file managers have to display at least one UAC prompt to get admin access while Microsoft’s Explorer does not. That isn’t an even playing field.
Similarly, users cannot remove Microsoft’s components from the UAC whitelist. So if you do not use Explorer but do want the whitelist (which is on by default), you are forced to leave the security hole open for Explorer even though it doesn’t benefit from you. Explorer’s UI isn’t isolated like an admin process is — its windows have “medium integrity” — so there doesn’t seem to be anything to stop it being remote-controlled via mouse & keyboard events. (As the VBScript in the root post proves!) Which is an okay trade-off if you use it but a stupid security hole if you don’t. (And it seems stupid for the UAC control panel itself to be on the whitelist.)
Sadly for me (a file manager nut), people don’t seem to care much about anti-competitive behaviour that affects anything other than web browsers, so nobody AFAIK has picked up this story, although I did mail a bunch of sites about it.
More details here, including a confirmation from Microsoft:
http://www.pretentiousname.com/misc/win7_uac_whitelist.html
[...] in Februar 1, 2009 von Klaus Alrutz Der Entwickler Rafael Rivera hat ein einfaches Skript veröffentlicht, das eine Sicherheitslücke in der aktuellen Beta-Version von Windows 7 demonstriert. Microsoft hat [...]
[...] Rivera hat ein vor kurzem ein Skript veröffentlicht, welches eine Windows 7 Sicherheitslücke demonstriert. Das Skript sendet Windows [...]
[...] und Hier bei withinwindows… [...]
an Admin can start an Admin-Script that does administrative issues. Who cares?
If the user has no Admin-proviledges the script will do nothing. So where’s the beef?
@All: I filtered out Trackbacks to make commenting easier.
@Jochen: I think you missed that part where the process is executed without elevation, which means it’s running in a limited user context.
@Leo: Very interesting, I shall look into this. While I don’t believe Microsoft had anti-compete in mind when developing this, it is slightly concerning this perceived white list cannot be modified.
[...] [Link] Share and Enjoy: [...]
@Rafael:
Why do we even care. UAC is worthless and Microsoft should throw it out entirely.
After all, I have always ran Windows Vista and Windows 7 with UAC off and and I don’t see any virus on my computer
[...] Rafael Rivera, Within Windows: Malware can turn off UAC in Windows 7; “By design” says Microsoft [...]
[...] lo que puede dar como resultado graves problemas de seguridad. En los últimos días, blogs como Within Windows han informado y demostrado como se puede variar la configuración del UAC mediante código [...]
[...] be just as easy in C++ EXE) to do that – emulate a few keyboard inputs – without prompting UAC. You can download and try it out for yourself here, but bear in mind it actually does disable [...]
[...] Tales From The Dark Web: Ira speaks with Rafael Rivera of the WithinWindow.com blog, about a potentially huge hole in Windows7 user account controls (UAC). But, Rafael says that [...]
@Mark: UAC is virtually useless to people who are tech-literate. The UAC was meant for users who don’t necessarily grasp the concept of malware being downloaded and installed from popular programs (free P2P clients for exmaple).
Some people need UAC to make sure that they are safe and some people do not need it at all.
@Mark: UAC is not worthless. (It isn’t a magic bullet either.)
Even for tech-literate people, UAC helps to protect us against processes doing things which require admin access without us knowing that they are doing it. (Unless they do it at install time, which I mention below.)
Buffer-overflow exploits are perhaps the best example of why this protection is useful and important. If you are using a process that you trust (else you would not have installed it, right?) and you are doing something that seems innocent, like loading a data file or web page, a bug in that trusted program can allow malicious data to make it run arbitrary code. In the event that that happens it’s much better for that code not have admin access.
Even better if it’s running with “low” integrity (another part of UAC, though only really used by Internet Explorer so far) where it can’t even modify your personal documents (but can still read them, FWIW).
For me the biggest flaw in UAC is that installers still get full admin rights and thus you still have to trust any software you install with full admin access to your machine. I’d love to see that improved one day. (For example, I am annoyed that installers can add root CA certficates without my knowledge, potentially compromising my web and application security.) But it still doesn’t mean that UAC is useless as it’s still good to protect against trusted apps that go rogue via exploits.
(There’s also the very, very useful side of UAC that hardly anyone talks about: Allowing non-admin users to conveniently elevate to admin when required, via a password prompt. UAC has made running as a limited account a lot more usable.)
[...] Rafael Rivera, Within Windows: Malware can turn off UAC in Windows 7; “By design” says Microsoft [...]
[...] Die fett gedrucken Stellen habe ich bearbeitet, um es an die deutsche Windows 7 Beta anzupassen. Original [...]
I think that windows 7 should have mach more less system requirements. Such as 64 Mb of VGA and 512 Mb of RAM. Becuase even the Windows Vista had more system requirements but it was not able to do much thing in performance except in the visual appearance. So if Windows 7 requires a RAM of 1Gb, it should be able handle more programs with high performance without affecting the speed.
[...] et démo février 2nd, 2009 in Trucs et [...]
Windows has a “feature” that’s more like a bug?
And it’s in there by design?
Is this news?
I’m just waiting for that company to try suing over that alleged 235 patents that they claim the penguin-flavoured OS violates. Including the one for UAC that seems to define a mechanism that’s *remarkably* like sudo. Only sudo works.
Hashan: 7 runs with 512mb RAM and 12mb Video Memory.
[...] Malware can exploit This UAC hole while users are confident that the feature works. To prove this blogger Long Zheng with Rafael Riveyroy developed a VBScript code that emulate clicking a button in which disabling the [...]
Reading this thread, it’s clear that NONE of you (except for one) undestand this issue AT ALL.
But Jochen NAILED it: “an Admin can start an Admin-Script that does administrative issues. Who cares? If the user has no Admin-proviledges the script will do nothing. So where’s the beef?”
It takes Admin rights to run a VBScript (or install malware). Unless those rights are explicitly granted, nothing bad happens. And, if those rights are granted — ie. to install malware, in the first place — then the machine was ALREADY compromised AND UAC ISN’T THE ISSUE! You’re complaining about an already-compromised machine doing FURTHER damage by turning UAC off.
Microsoft did the right thing here. Too bad that so few of you understand the issues involved but, nonetheless, feel compelled to complain. Sheeez…
[...] Fuente: http://www.withinwindows.com/2009/01/30/malware-can-turn-off-uac-in-windows-7-by-design-says-microso... [...]
[...] has also brought up a "proof of concept”, with the help “side-kick” Rafael Rivera, to show you how the flaw works. While you do need to [...]
@Tom
You’ve also failed to understand the issue.
1. ALL USERS ARE ADMINISTRATORS. By default, a user is an administrator, thanks to the installer. And users can be assumed to not change the default, because that involves knowledge and work, and users are uninformed and lazy.
(This has been true since Windows 2000, but for a different reason: Electronic Arts and other game publishers use coding techniques and security systems that assume the user has the same level of access as on Windows 98, i.e. Administrator.)
User Account Control was designed to make 1. less security-problematic by distinguishing program action from user intent. Administrator users are prompted before programs do anything potentially sensitive, like install malware, to make sure the user understands what’s going on and approves. Essentially it adds an invisible fence with sirens and klaxons on it.
2. ADMINISTRATIVE USERS CAN HAVE UAC TURNED OFF WITHOUT BEING ASKED, OR EVEN TOLD. The invisible fence, which was designed specifically to prevent things like this from happening, now no longer protects its own power switch. This is a privilege escalation issue, as malware can do things undetected that would normally trigger UAC prompts. This makes UAC utterly worthless. In fact, it makes it worse than worthless because it gives users a false sense of security.
Once malware has compromised the machine, it should be trapped in UAC’s sandbox, just as it would normally be trapped in a limited user’s sandbox. Obviously, that’s not going to happen. Users shouldn’t run with administrative rights. Obviously, that’s not going to happen. I’m sorry you run your machine the way it’s supposed to be run — or do you? why don’t you run Raf’s script and see what happens? — but the vast majority of users don’t, and won’t.
[...] [Malware can turn off UAC in Windows 7; “By design” says Microsoft - Within Windows] http://www.withinwindows.com/2009/01/30/malware-can-turn-off-uac-in-windows-7-by-design-says-microso... [...]
[...] Rafael’s Within Windows bb_bid = “4558″; bb_lang = “pt-BR”; bb_name = “dynamictag”; bb_keywords = “Hackers, UAC, [...]
Maybe a solution using captcha with UAC! LOL
[...] tout ça se prouve sur une simple petite quinzaine de ligne, simplement mises en évidence par le blog de Rafael. Aller, histoire de bien déployer le code VB, le voici en citation. Je n’ai bien sûr rien [...]
[...] With the Windows 7 version of UAC, Microsoft is outdoing itself. Rafael Rivera, Jr. reports that malware can turn off UAC in Windows 7. Microsoft not only acknowledges the offending behavior, but states that it is intended behavior. [...]
[...] los últimos días, blogs como Within Windows han informado y demostrado como se puede variar la configuración del UAC mediante código [...]
[...] Malware can turn off UAC in Windows 7; “By design” says Microsoft [...]
This happened because of a handful of idiots that cried out loud about the UAC popups initially. Microsoft should not have tampered UAC – users should learn that you have to authenticate when you do something dangerous (none complains when they have to show ID when withdrawing fund from a bank account) and programmers should learn that to calculate 5+3 you don’t need access to the kernel.
[...] los últimos días, blogs como Within Windows han informado y demostrado como se puede variar la configuración del UAC mediante código [...]
[...] for why I’m asking you to do this shouldn’t be a surprise. You may have seen the UAC posts by Rafael Rivera and Long Zheng (I’m giving more of the credit to Rafael since he actually brewed the proof of [...]
[...] der Sicherheitsfachmann Rafael Rivera erneut über das noch immer vorhandene Problem (externer Link) und machte darauf aufmerksam, dass die Korrekturen offenbar gar nicht oder nur unzureichend [...]
[...] honchos Steve Sinofsky and Jon DeVaan said a security issue pointed out by bloggers Long Zheng and Rafael Rivera will be [...]
Dude you have found nothing here… What a joke. LOL…. loser
[...] Malware can turn off UAC in Windows 7; “By design” says Microsoft – Within Windows [...]
[...] Microsoft soluciona el problema de seguridad del UAC en Windows 7 Posted on February 6th, 2009 admin No comments Con el tiempo, Microsoft empieza a dar señas cada vez más claras de que “ya no son los mismos de antes”. Dentro de esas señas esta el escuchar el feedback de los usuarios y actuar diligentemente frente a vulnerabilidades de seguridad. Decimos esto porque, después de Redmond afirmara que aquella grave vulnerabilidad del UAC de Windows 7 no iba a ser reparada porque era algo hecho así a propósito, han dado un paso atrás para anunciar que el problema ha sido solucionado en la Release Candidate de Win7 (respondiendo a la petición/denuncia de Long Zheng y Rafael Rivera). [...]
[...] party software is able to disable UAC without giving UAC the chance to prompt the user for consent. Rafael Rivera wrote a proof-of-concept VBscript program that demonstrates how malware could disable UAC. [...]
[...] do Wndows”, no entanto, inclui o próprio UAC. Com isso, o programador Rafael Rivera conseguiu criar um pequeno programa capaz de desativar totalmente a função de segurança sem que o usuário seja [...]
[...] of Microsoft’s forthcoming OS, Windows 7, has a User Account Control (UAC) system that can be thwarted with a simple script, claims developer Rafael Rivera. But Microsoft insists this isn’t actually a problem because [...]
[...] jüngster Zeit ist die Benutzerkontosteuerung von Windows 7 (Beta) auch wieder in die Kritik geraten. Diesmal aber nicht auf Grund des Nervfaktors, sondern weil diese in der [...]
Often the cure is worse than the disease.
I have turned UAC off mainly because it continued to ask permission for same action I was repeating over and over, as an Admin, during configuration and installation of software within the same login session. In addition, some processes running through DCOM using a “secure” non-interactive user were not working if I had UAC on. I do admit that a different software design -based on what XP’s security permitted, over which I have obviously no control- and some extra configuration on Vista would have helped the latter, it was the constant UAC prompts that finally made me decide to turn it off.
If UAC does protect my computer (according to MS it does) why should it continue to bother me (Administrator, not a user with Admin priviliges) on the same issue over and over again. If it was a ‘Allow’ the first time why wouldn’t it be a ‘Cancel’ next time. Maybe a checkbox with “Don’t ask me again” would have solved the problem with very little effort. The actual solution in W7 looks more an overshoot to me.
[...] Con el tiempo, Microsoft empieza a dar señas cada vez más claras de que “ya no son los mismos de antes”. Dentro de esas señas esta el escuchar el feedback de los usuarios y actuar diligentemente frente a vulnerabilidades de seguridad. Decimos esto porque, después de Redmond afirmara que aquella grave vulnerabilidad del UAC de Windows 7 no iba a ser reparada porque era algo hecho así a propósito, han dado un paso atrás para anunciar que el problema ha sido solucionado en la Release Candidate de Win7 (respondiendo a la petición/denuncia de Long Zheng y Rafael Rivera). [...]
[...] eben jenem System durch Sicherheitslücken eher negativ aufgefallen. Demonstriert von Rafael Rivera und Long Zheng in einem Proof-Of-Concept. Microsoft will sich der Sache annehmen und verspricht, [...]
Dutch, the problem is if you authorize something once, the next time maybe it could be adware or malware trying to get something done, so since there is the possibility you authorized something once, but in an hour from now someone else might be on your computer or malware might be trying to install, you have to confirm once again.
I think the easy fix is for Microsoft to request Admin rights ALWAYS, even if you have UAC turned off, in order to change the UAC security level and settings. As long as the highest security mode does not ask you to confirm things twice like Vista did sometimes, it is all fine. Windows Vista’s UAC didn’t annoy me much, what annoyed me was having to click first on one pop up and then another one to confirm… Seven doesn’t have this duplicate popup issue. All they need is to lock UAC settings from being modified always.
Now-now, what’s this talk about “less secure”?!
If we’re talking about security as a trait inherent to the OS, the UAC has nothing to do with it. Security in this case depends on how easy it is to defeat policies set by the administrator, like steal or damage data from a restricted account or without access to an account whatsoever. Administrator is absolute. That’s the way it was through all the years of multi-user computing.
If Microsoft wants to help the world of computing by reducing the “human factor”, I think a two-login model for new installations would be far more appropriate: az administrator user for installing software and changing system-wide settings, and a RESTRICTED user for everything else – work, surfing the web, games, etc.
That’s the way I’m using my Windows XP account, without any antivirus software, and yet I haven’t had ANY malware or virus problems, EVER.
[...] be just as easy in C++ EXE) to do that – emulate a few keyboard inputs – without prompting UAC. You can download and try it out for yourself here, but bear in mind it actually does disable [...]
[...] be just as easy in C++ EXE) to do that – emulate a few keyboard inputs – without prompting UAC. You can download and try it out for yourself here, but bear in mind it actually does disable [...]
[...] Só que nem tudo são rosas, e tem muito beta tester oficial irritado com o tratamento que a Microsoft está dando ao programa. A principal queixa é em relação à pouca informação que Redmond libera acerca do que está sendo feito no novo Windows. Ao invés de ser uma via de duas mãos, o programa beta está parecendo uma de mão única, na qual apenas os beta testers relatam bugs e problemas, mas não recebem respostas claras sobre o que a Microsoft pretende fazer ou fez em relação a eles. O caso-símbolo dessa celeuma é, sem dúvida, o imbróglio em que se envolveram Long Zheng e Rafael Rivera, por conta de uma falha no UAC. [...]
The UAC is great for the fact that it prevents idiots from doing bad things to their machines, but it delays far too many normal operations, and a scale-back for those of use who know how to manage our systems is welcome, in my book. I don’t need to be hand-held through my job, especially when it costs me time and causes me aggravation. That modifying the UAC does not *itself* prompt you is a very, very bad idea, however: this security chasm should be reviewed and revised.
Forcing users to remember the Admin acct user pw but making the default acct be of limited access might go a long way towards fixing the root cause of the need for the UAC, but users would doubtless lock themselves out en masse. Sigh.
@ MagicAndre1981
I’m not sure what you are using for comparison, but I have observed that Vista boxes tend to stutter and hang until I shut off nearly every one of the OS’s shiny new features, even when the units have 4G of RAM. I have been told that Vista 32 is faster than Vista 64, which makes sense, but the pretty much uniformly lower speed on Vista boxes I have observed, compared to XP boxes with far older/lower capacity hardware , is striking.
@ Israel Lopez
That the UAC prompts repeatedly without offering an “do not prompt again” checkbox is, as Dutch said, an annoyance. No amount of rationalization is going to change the fact that an Admin user should not have to “plant the flag” repeatedly for the same app. Period. Try working in a production environment where you are constantly making system changes and having to deal with the UAC repeatedly: it sucks. Mac OS has this repetitive prompt (with a password requirement and *occasional* case-sensitivity on the *user name*, to boot!) and it is one of the many reasons that I will not buy a Mac, despite having been an Apple Certified Desktop Technician.
[...] Só que nem tudo são rosas, e tem muito beta tester oficial irritado com o tratamento que a Microsoft está dando ao programa. A principal queixa é em relação à pouca informação que Redmond libera acerca do que está sendo feito no novo Windows. Ao invés de ser uma via de duas mãos, o programa beta está parecendo uma de mão única, na qual apenas os beta testers relatam bugs e problemas, mas não recebem respostas claras sobre o que a Microsoft pretende fazer ou fez em relação a eles. O caso-símbolo dessa celeuma é, sem dúvida, o imbróglio em que se envolveram Long Zheng e Rafael Rivera, por conta de uma falha no UAC. [...]
[...] http://www.withinwindows.com/2009/01/30/malware-can-turn-off-uac-in-windows-7-by-design-says-microso... Escrito en Bug, Microsoft, UAC, Windowss 7 [...]
[...] up as a mirror when the display is off. Loads of people hate Vista’s UAC, but in Windows 7 UAC can be turned off by malware and it’s ‘by-design’! An amazing story by Jeffrey Zeldman on his family roots. One of the worst escape attempts ever? [...]
I recall Mark Minasi commenting that if compatibility is 9-o-clock and security is 3-o-clock, MS set it to about 10-o-clock with Vista’s UAC and integrity levels and so on. Me? I’d have slammed that sucker all the way over to 2-o-clock as a minimum!
It isn’t that it’s annoying or any kind of a problem after you do initial setup and it’s much better than using XP with Limited User Access, though I implemented that enterprise-wide a few years back. Even then (with XP) I never reinstalled anything from scratch but used a fully-configured image backup if I had to flatten the machine and rebuild it.
The real issue is “drive-by” web sites…a few times, not often in the last 2.5 years I’ve been running Vista, but a few times I’ve been Googling things and researching and…Whoa!…what’s this? A UAC prompt? Deny!!! Normally I ‘right-click’ on multiple topics in my Google searches and select ‘Open in New Tab’ before I start reading on topic.
Best illustration I’ve heard for UAC I’ve heard: when you’re done with your car, you have to take the key-fob and press the lock button…the car doesn’t ‘just know’ that you’re done with it when you get out and walk away. Similarly, you have to press the unlock button because the car also doesn’t ‘just know’ that you are the right person to allow to drive it/get inside it.
I welcome UAC and wish they’d made secure ’stiffer’ – even as an option. When I upgrade to Windows 7 I will most definitely set UAC to behave as in Vista. If I can’t do that…I won’t change.
Извините, как можно добавить свой материал на сайт?
[...] were raised by certain tech users made popular by Long Zheng and Rafael Rivera in posts such as Malware can turn off UAC in Windows 7; “By design” says Microsoft. Clearly, Microsoft needs to move back to Secure Desktop for changes to UAC. We don’t mind UAC [...]
[...] According to Rafael at Within Windows, Microsoft claims that all this is by design. Rafael makes the same recommendation as Leo: [...]
{Читаю {ваш|этот|} блог, и понимаю, что {ничего|нифига} не понимаю. Все так запутано. :)
[...] some folks did just that. They created a simple VB script to stand in place of the user and “press” the right [...]
The UAC Settings page does not accept the sendkeys input
seems like UIPI prevents the sendkeys, or other equivalents
Looks like this issue has been fixed in Windows 7 RTM. I’m running Windows 7 Home Premium since October 22, 2009.
Thanks for showing
You guys fail to understand this. UAC is not a “TRUE” security feature. A simple firewall would stop an executable from getting through and doing this. An analogy of what this actually means would be say someones allready broken into your house, and they find your house key and have “permanent” access to your home. Once you realize your house was broken into you would immediately change the locks (“Block the user/mailitious app from getting onto your system”). The issue here is not the ability to modify the UAC, the issue is many users will just blindly download every piece of bloat/spyware they come across on the internet. Trying to blame the UAC because a user is to incompotent to protect themselves is a poor way to look at this. User wanted ease of use, and the UAC to not constantly yell at them every couple minutes from vista, well now you have the choice. You can either tone this down and be more concerned with firewall and other security, or turn it up and have it just like Vista. No matter what Microsoft does, people find a reason to complain. Take some personal responsibility for your own computer security and stop griping at Microsoft for making your customer experience more “enjoyable”. If you really hate this idea and have highly sensitive data, just turn the security system up yourself. This really is not something to be freaking out about, and people should just calm down and actually learn something about security and what it is before you start a blind media freak out, over something that will cause microsoft to release a patch that just makes the customer experience even less enjoyable from annoying pop ups then it allready is, people like you is how we got the obnoxiously clunky and talkative FAILBOAT known as Vista. Don’t blame microsoft for “id10t” and “pebkac” errors, its really not there fault.
Добро пожаловать на Warez-Портал Warez-KING.net Здесь вы найдете софт, видео, фильмы, клипы, обои, музыку и многое другое. И все это бесплатно!
A recent study showed that over 90% of “critical” Windows vulnerabilities are effectively mitigated by using a low-rights account ( http://blogs.zdnet.com/security/?p=2517 )
Yes, the true security boundary is to log off of your Standard User account and log onto your Admin account, do your Admin stuffs, then log out again. Win7 is more secure with UAC enabled, partly because it puts IE into Protected Mode by default for the Internet Zone. UAC also gives you file-system & Registry virtualization and Protected Mode for IE, so disabling it deprives you of those goodies too.
UAC improves security at the risk of convenience, take your pick, more security or more convenience.
I am not sure what UAC is, but changing it does not appear to also stop running script on computers. I’ve been trying to permanently get rid of script errors messages on my web pages and cannot get any answers that work. The one I get a kick out of is to switch on the disable script debugging in the internet explorer. With the all the computes experts, not a one of them appears to have the knowledge to tell some how to simply stop a computer from running scripts. They cannot even tell you if running scripts is necessary. I guess I have no choice to but to keep clicking the “Yes-No’ on script errors for the rest of my life. If I am wrong, and someone actually knows how to stop my computer from every showing a script error again, please let me know or tell me why I have to continue putting up with this problem.
thanks
A when users change Windows setting ? read post and not quite understand
Sometimes it is not very comfortable, constantly interfere with pop-ups, how do I remove them to help desk