APC has brought up a very valid point about Vista’s prominent new security feature: User Account Control (UAC). They are using TweakVista as an example to show how easy it would be for malicious software to disable the UAC and manipulate the system.
TweakVista is an application that was designed several months ago for Vista 5270. It has several different customization options that may help you have a more pleasant experience, but at the same time it shows us how the UAC feature can be disabled in one simple click.
Microsoft’s response the the issue was:
If an application requires administrative privilege, such as Tweak Vista, a prompt is generated through User Access Control (UAC). If consent is given by the user, this then elevates the application to a higher (administrative) integrity level and allows privileged access to occur within the context of that application only. Note that for this to occur, the UAC prompt requires that a user must provide consent before the application will be allowed to run. UAC is only one component of the defence in depth security capabilities of Vista. It is the sum of all Vista’s security capabilities – UAC, IE7, Firewall, Defender, MIC, SID and CI – that protect users from inadvertently obtaining and then allowing malicious software to run. Microsoft recommends that users run with standard user privileges, and that they be very careful when running applications with administrative privileges.
Sure you are prompted for Administrative privileges, but what if you are installing an application? That means you will receive a prompt when you run the installation with administrative privileges…and then the program is free to do what it wants after you okay it. If it wants to disable the UAC in the middle of the installation then it can.
APC’s comment on this is:
It confirms what we have come to suspect about UAC – it’s very useful for standard users and totally useless for power users/administrators.
That is especially true. If a user doesn’t have to enter a password in the elevated prompt then they are pretty much free to do what they want with the system. However, if a user does not know the administrative password, such as at a school or business, then a program would never be able to receive the privileged access that it needs to disable the UAC. So it may be good for some people, but it is still way too easy to disable.
Microsoft needs to change this option so that it can only be altered through the Control Panel. I don’t believe this is something that software should be able to tamper with no matter if it is running elevated or not.
And it begins… Vista’s gonna get hacked and tweaked up the ying-yang.
Windows Vista just wouldn’t be the same without being hacked. Like everything else, the hackers will find a way. :twisted:
The hackers are probably happy that a new version of Windows is coming out, it will give them something to do. :)
I remember when Windows XP was originally released the activation was hacked within 2-hours. With Vista being released to businesses a lot earlier than it is to consumers we can be guaranteed that it will be cracked and leaked before the projected consumer launch date.
Let the fun begin….
I was being interviewed at our corporate office in Cincinnati, OH for a promotion and move to our beverage plant in Irving, TX. I work for Kroger Manufacturing, yes, the food chain.
One of the 4 interviewers, having read my resume and my extensive experience and collateral jobs in computing, spent half the interview asking me questions about his home computers.
He was considering buying an Apple Mac for his daughter and mentioned that they are more secure and do not have the problems with viruses, spyware, etc.
While I told him that is true in a way, and that macs have a decent secure OS, I had to tell him that if Apple had the majority share of the computing market and Microsoft was the minority, then it would be reversed and Windows would appear the more secure OS.
FYI…I recommended that he buy a Mac for his daughter because she is going to school for graphics arts, and she asked for one.
First people complained that you were required to give permission for too many aspects of the OS. Now there are not enough prompts.
Which is it?
I think that it provides the right amount of prompts now but the UAC should be able to get disabled from another program. This is something that the users should have to do through the Control Panel.
Microsoft needs to “borrow” another design from its competitors with the UAC the same way it has “borrowed” all the features it had put into Internet Explorer. Take the Linux/Mac password prompt and use it instead of all the UAC popups. While they are at it they need to combine some of the multiple prompts that currently come up. We need fewer prompts not more! 8O
Windows 7 will actually include a slider so that you can actually choose how often you’d like to receive prompts. So your wish will be granted in the next version of Windows.