Comments on: Malware can turn off UAC in Windows 7; “By design” says Microsoft

By: Software

Software — Fri, 05 Feb 2010 07:36:31 +0000

Sometimes it is not very comfortable, constantly interfere with pop-ups, how do I remove them to help desk

By: Micro

Micro — Fri, 05 Feb 2010 07:33:12 +0000

A when users change Windows setting ? read post and not quite understand

By: donc

donc — Mon, 11 Jan 2010 07:47:26 +0000

I am not sure what UAC is, but changing it does not appear to also stop running script on computers. I’ve been trying to permanently get rid of script errors messages on my web pages and cannot get any answers that work. The one I get a kick out of is to switch on the disable script debugging in the internet explorer. With the all the computes experts, not a one of them appears to have the knowledge to tell some how to simply stop a computer from running scripts. They cannot even tell you if running scripts is necessary. I guess I have no choice to but to keep clicking the “Yes-No’ on script errors for the rest of my life. If I am wrong, and someone actually knows how to stop my computer from every showing a script error again, please let me know or tell me why I have to continue putting up with this problem.
thanks

By: hector

hector — Wed, 30 Dec 2009 04:35:30 +0000

A recent study showed that over 90% of “critical” Windows vulnerabilities are effectively mitigated by using a low-rights account ( http://blogs.zdnet.com/security/?p=2517 )

Yes, the true security boundary is to log off of your Standard User account and log onto your Admin account, do your Admin stuffs, then log out again. Win7 is more secure with UAC enabled, partly because it puts IE into Protected Mode by default for the Internet Zone. UAC also gives you file-system & Registry virtualization and Protected Mode for IE, so disabling it deprives you of those goodies too.

UAC improves security at the risk of convenience, take your pick, more security or more convenience.

By: Александр

Александр — Mon, 28 Dec 2009 20:00:05 +0000

Добро пожаловать на Warez-Портал Warez-KING.net Здесь вы найдете софт, видео, фильмы, клипы, обои, музыку и многое другое. И все это бесплатно!

By: Anthony

Anthony — Mon, 14 Dec 2009 17:42:20 +0000

You guys fail to understand this. UAC is not a “TRUE” security feature. A simple firewall would stop an executable from getting through and doing this. An analogy of what this actually means would be say someones allready broken into your house, and they find your house key and have “permanent” access to your home. Once you realize your house was broken into you would immediately change the locks (“Block the user/mailitious app from getting onto your system”). The issue here is not the ability to modify the UAC, the issue is many users will just blindly download every piece of bloat/spyware they come across on the internet. Trying to blame the UAC because a user is to incompotent to protect themselves is a poor way to look at this. User wanted ease of use, and the UAC to not constantly yell at them every couple minutes from vista, well now you have the choice. You can either tone this down and be more concerned with firewall and other security, or turn it up and have it just like Vista. No matter what Microsoft does, people find a reason to complain. Take some personal responsibility for your own computer security and stop griping at Microsoft for making your customer experience more “enjoyable”. If you really hate this idea and have highly sensitive data, just turn the security system up yourself. This really is not something to be freaking out about, and people should just calm down and actually learn something about security and what it is before you start a blind media freak out, over something that will cause microsoft to release a patch that just makes the customer experience even less enjoyable from annoying pop ups then it allready is, people like you is how we got the obnoxiously clunky and talkative FAILBOAT known as Vista. Don’t blame microsoft for “id10t” and “pebkac” errors, its really not there fault.

By: News

News — Mon, 23 Nov 2009 10:59:58 +0000

Thanks for showing

By: Sonic

Sonic — Thu, 29 Oct 2009 15:27:45 +0000

Looks like this issue has been fixed in Windows 7 RTM. I’m running Windows 7 Home Premium since October 22, 2009.

By: Somebody

Somebody — Thu, 23 Jul 2009 19:57:20 +0000

seems like UIPI prevents the sendkeys, or other equivalents

By: Somebody

Somebody — Thu, 23 Jul 2009 19:08:14 +0000

The UAC Settings page does not accept the sendkeys input

By: matt’s blog » Blog Archive » Windows 7 UAC — Door is Wide Open

Tue, 07 Jul 2009 04:23:06 +0000

[...] some folks did just that. They created a simple VB script to stand in place of the user and “press” the right [...]

By: Филипп Смирнов

Филипп Смирнов — Mon, 08 Jun 2009 15:28:26 +0000

{Читаю {ваш|этот|} блог, и понимаю, что {ничего|нифига} не понимаю. Все так запутано. :)

By: At least 62 gaping security holes in Windows 7 Release Candidate « Reformed Musings

Fri, 22 May 2009 20:55:05 +0000

[...] According to Rafael at Within Windows, Microsoft claims that all this is by design. Rafael makes the same recommendation as Leo: [...]

By: Karun AB » Windows 7: A second look

Karun AB » Windows 7: A second look — Sat, 16 May 2009 11:08:07 +0000

[...] were raised by certain tech users made popular by Long Zheng and Rafael Rivera in posts such as Malware can turn off UAC in Windows 7; “By design” says Microsoft. Clearly, Microsoft needs to move back to Secure Desktop for changes to UAC. We don’t mind UAC [...]

By: Черноморец

Черноморец — Tue, 28 Apr 2009 21:26:56 +0000

Извините, как можно добавить свой материал на сайт?

By: Darryl

Darryl — Wed, 22 Apr 2009 18:16:41 +0000

I recall Mark Minasi commenting that if compatibility is 9-o-clock and security is 3-o-clock, MS set it to about 10-o-clock with Vista’s UAC and integrity levels and so on. Me? I’d have slammed that sucker all the way over to 2-o-clock as a minimum!

It isn’t that it’s annoying or any kind of a problem after you do initial setup and it’s much better than using XP with Limited User Access, though I implemented that enterprise-wide a few years back. Even then (with XP) I never reinstalled anything from scratch but used a fully-configured image backup if I had to flatten the machine and rebuild it.

The real issue is “drive-by” web sites…a few times, not often in the last 2.5 years I’ve been running Vista, but a few times I’ve been Googling things and researching and…Whoa!…what’s this? A UAC prompt? Deny!!! Normally I ‘right-click’ on multiple topics in my Google searches and select ‘Open in New Tab’ before I start reading on topic.

Best illustration I’ve heard for UAC I’ve heard: when you’re done with your car, you have to take the key-fob and press the lock button…the car doesn’t ‘just know’ that you’re done with it when you get out and walk away. Similarly, you have to press the unlock button because the car also doesn’t ‘just know’ that you are the right person to allow to drive it/get inside it.

I welcome UAC and wish they’d made secure ’stiffer’ – even as an option. When I upgrade to Windows 7 I will most definitely set UAC to behave as in Vista. If I can’t do that…I won’t change.

By: Personal Blog — John Keyes – Linkeyes 1st February 2009

Personal Blog — John Keyes – Linkeyes 1st February 2009 — Tue, 21 Apr 2009 11:12:05 +0000

[...] up as a mirror when the display is off. Loads of people hate Vista’s UAC, but in Windows 7 UAC can be turned off by malware and it’s ‘by-design’! An amazing story by Jeffrey Zeldman on his family roots. One of the worst escape attempts ever? [...]

By: Malware puede modificar la UAC « Windows 7 Blog

Malware puede modificar la UAC « Windows 7 Blog — Fri, 20 Mar 2009 22:58:26 +0000

[...] http://www.withinwindows.com/2009/01/30/malware-can-turn-off-uac-in-windows-7-by-design-says-microso... Escrito en Bug, Microsoft, UAC, Windowss 7 [...]

By: Microsoft comenta mudanças presentes no Windows 7 RC « Live DeskMod’s

Microsoft comenta mudanças presentes no Windows 7 RC « Live DeskMod’s — Tue, 17 Mar 2009 18:55:53 +0000

[...] Só que nem tudo são rosas, e tem muito beta tester oficial irritado com o tratamento que a Microsoft está dando ao programa. A principal queixa é em relação à pouca informação que Redmond libera acerca do que está sendo feito no novo Windows. Ao invés de ser uma via de duas mãos, o programa beta está parecendo uma de mão única, na qual apenas os beta testers relatam bugs e problemas, mas não recebem respostas claras sobre o que a Microsoft pretende fazer ou fez em relação a eles. O caso-símbolo dessa celeuma é, sem dúvida, o imbróglio em que se envolveram Long Zheng e Rafael Rivera, por conta de uma falha no UAC. [...]

By: Cliven

Cliven — Sat, 28 Feb 2009 19:02:22 +0000

The UAC is great for the fact that it prevents idiots from doing bad things to their machines, but it delays far too many normal operations, and a scale-back for those of use who know how to manage our systems is welcome, in my book. I don’t need to be hand-held through my job, especially when it costs me time and causes me aggravation. That modifying the UAC does not *itself* prompt you is a very, very bad idea, however: this security chasm should be reviewed and revised.

Forcing users to remember the Admin acct user pw but making the default acct be of limited access might go a long way towards fixing the root cause of the need for the UAC, but users would doubtless lock themselves out en masse. Sigh.

@ MagicAndre1981

I’m not sure what you are using for comparison, but I have observed that Vista boxes tend to stutter and hang until I shut off nearly every one of the OS’s shiny new features, even when the units have 4G of RAM. I have been told that Vista 32 is faster than Vista 64, which makes sense, but the pretty much uniformly lower speed on Vista boxes I have observed, compared to XP boxes with far older/lower capacity hardware , is striking.

@ Israel Lopez

That the UAC prompts repeatedly without offering an “do not prompt again” checkbox is, as Dutch said, an annoyance. No amount of rationalization is going to change the fact that an Admin user should not have to “plant the flag” repeatedly for the same app. Period. Try working in a production environment where you are constantly making system changes and having to deal with the UAC repeatedly: it sucks. Mac OS has this repetitive prompt (with a password requirement and *occasional* case-sensitivity on the *user name*, to boot!) and it is one of the many reasons that I will not buy a Mac, despite having been an Apple Certified Desktop Technician.

By: Microsoft comenta mudanças presentes no Windows 7 RC — WinAjuda — Diga adeus à sua tecla F1

Fri, 27 Feb 2009 17:48:54 +0000

By: Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code) | Window7s

Fri, 20 Feb 2009 20:07:17 +0000

[...] be just as easy in C++ EXE) to do that – emulate a few keyboard inputs – without prompting UAC. You can download and try it out for yourself here, but bear in mind it actually does disable [...]

By: Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code) « Window7s

Fri, 20 Feb 2009 19:20:51 +0000

By: Daniel.Jozsef

Daniel.Jozsef — Sat, 14 Feb 2009 22:41:09 +0000

Now-now, what’s this talk about “less secure”?!
If we’re talking about security as a trait inherent to the OS, the UAC has nothing to do with it. Security in this case depends on how easy it is to defeat policies set by the administrator, like steal or damage data from a restricted account or without access to an account whatsoever. Administrator is absolute. That’s the way it was through all the years of multi-user computing.
If Microsoft wants to help the world of computing by reducing the “human factor”, I think a two-login model for new installations would be far more appropriate: az administrator user for installing software and changing system-wide settings, and a RESTRICTED user for everything else – work, surfing the web, games, etc.
That’s the way I’m using my Windows XP account, without any antivirus software, and yet I haven’t had ANY malware or virus problems, EVER.

By: Israel Lopez

Israel Lopez — Wed, 11 Feb 2009 19:02:28 +0000

Dutch, the problem is if you authorize something once, the next time maybe it could be adware or malware trying to get something done, so since there is the possibility you authorized something once, but in an hour from now someone else might be on your computer or malware might be trying to install, you have to confirm once again.

I think the easy fix is for Microsoft to request Admin rights ALWAYS, even if you have UAC turned off, in order to change the UAC security level and settings. As long as the highest security mode does not ask you to confirm things twice like Vista did sometimes, it is all fine. Windows Vista’s UAC didn’t annoy me much, what annoyed me was having to click first on one pop up and then another one to confirm… Seven doesn’t have this duplicate popup issue. All they need is to lock UAC settings from being modified always.