Microsoft Won't Fix Windows 7's UAC. (Full Version)

All Forums >> [News Around The Web] >> Microsoft News


astra -> Microsoft Won't Fix Windows 7's UAC. (6/11/2009 9:03:59 AM)

Not too long ago, we ran a story informing you of how the auto-elevation feature in Windows 7 is broken in a way that allows malicious programs to silently gain administrative privileges. We wondered if Microsoft was ever going to fix this one before Windows 7 goes final, and even though we're not there yet, a recent article by Mark Russinovich seems to imply pretty strongly that no, Microsoft is not going to fix this.

After lots and lots of user complaints about how people were annoyed by UAC prompts in Windows Vista, Microsoft gave in to the whiners, and created something called auto-elevation, which allows certain parts of the system to auto-elevate themselves without bringing up any UAC prompts. This way, Microsoft was able to bring down the amount of prompts.

A clever programmer - not a security researcher - quickly found out that this was a pretty braindead decision by Microsoft, as it is now possible to quickly, easily, and silently bypass UAC completely by anything injecting code into the memory of another process, a process with auto-elevation capabilities, using standard, documented APIs. Some noted that this only works for administrators and not for standard user accounts, but since Microsoft still defaults to administrator accounts, that point becomes a bit moot.

The way to fix this issue is pretty simple: set the UAC slider back to its topmost, Vista-like level, which disables auto-elevation, and removing the threat completely, and as such, I always advise people to do so. The question has always been: Will Microsoft fix this?

A recent article on UAC in Windows 7 by Mark Russinovich seems to indicate that no, Microsoft is not going to fix this. First, he explains that even without auto-elevation, there are several ways malware can take advantage of unsigned executables asking for higher privileges. However, Russinovich adds, it's hard for malware to get on the system in the first place. "Windows has many defense-in-depth features, including Data Execution Prevention (DEP), Address Space Load Randomization (ASLR), Protected Mode IE, the IE 8 SmartScreen Filter, and Windows Defender that help prevent malware from getting on the system and running."

Still, if malware were to get on a system anyway, it could get past UAC, auto-elevation or not. He also reiterates that even without administrative privileges, malware can still do just about anything malware wants to do these days, such as joining a botnet or messing with user files, data, and input.
More reading:

Page: [1]

Valid CSS!

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI