Several months ago the highly-respected AV-Test.org ran a test to rank various antivirus applications. In that test they had 30 rootkits that were tested on both Windows XP and Vista. On Windows XP none of the seven antivirus suites could detect all of the rootkits, and only four of the 14 anti-rootkit tools proved to be 100% successful. Those aren’t very good odds.
On Vista the story was a little bit different. Only six of the 30 rootkits could actually run on the operating system, and that was after the testers turned off the User Account Control (UAC). The UAC stopped the rootkits cold in their tracks, provided that the user actually acknowledges the prompt and reacts accordingly.
I know that many of you are not big fans of UAC in Vista, but it does look like it does the job that Microsoft intended. Without Vista’s UAC the rootkits would be able to silently embed themselves onto your computer, and the protection UAC provides is especially important when the antivirus suites fail to do their job. That’s one of the reasons that I, to the amazement of many, have always left UAC enabled on my Vista machines.
P.S. Vista SP1 has made the User Account Control slightly less annoying, and here is a video demonstrating the differences.
Enjoyed the post? Subscribe to our feed to get a daily dose of CyberNet!
Tags: Software, Windows, Antivirus, Internet Security, Windows Vista, Windows Vista SP1
Related Posts:
- Vista UAC Secure Desktop Explained
- Flash-Based Tower-Bloxx = Fun!
- Microsoft Word 2007 Changes The "=rand()" Feature
- Eset To Release NOD32 2.7 Later Today
- Free ThreatFire Adds Extra Protection to Your PC
Hmmmmm, have kept UAC off for a while, after reading this its gone back on tho.
I’ve always left it on. The only thing I don’t like about it is the small lag and time it adds to show up the UAC confirmation window.
Whenever you have malware user behavior is the most important first line of defense. If a dubm user will just let any program run and disables UAC he’s in for a system infested with trojan, viruses and rootkits. On the other hand, a knowledgeable user can use XP or Vista without UAC on and be totally responsible and user the system in a clean and safe way.
The problem with UAC is not that it necessarily doesn’t work… but that it “cries wolf” too many times. This makes the user complacent, and reduces their chances of making a good judgment.
Secondly, the real question is – what is the actual warning given within the UAC? I mean, if it just says that a program is trying to install, then who wouldn’t say “yes”? Most root kits (like most malware) are installed WITH other software, so if you get a UAC warning for installing “something”, and you are actually installing some software, what’s to say you won’t click “OK” on the UAC prompt? My guess is (based on existing UAC prompts) that they are as uninformative as they have been in the past… ie, there is nothing there to tell you what’s REALLY triggering it.
I think that’s a good idea. I never really had a problem with an excessive about of UAC prompts in Vista. I really only had one a day and then was when I was updating my Firefox 3 nightly builds.
Yeah, there is a delay but that’s because Windows is switching into a “Secure Desktop” mode (that’s when the screen dims). This is the same mode that you get when you press Control+Alt+Delete, and the reason it’s special is that it prevents another application from interacting with elements shown on the screen. That way a program can’t unknowingly press the “Continue” button on a UAC prompt.
They do need to make the prompts more informative, and what I would actually like to see them do is suggest a “warning” level in the prompt. For example, something trying to modify a critical system file should be a huge red flag.