Windows 7 default user account control worries experts

Discussion in 'Windows News' started by reghakr, Oct 23, 2009.

  1. reghakr

    reghakr Excellent Member

    Joined:
    Jan 26, 2009
    Messages:
    14,220
    Likes Received:
    180
    Windows 7 default user account control worries experts. Corporate IT departments should be pleased with new security measures in Windows 7, but consumers are still at risk of getting hit by malware despite changes in the User Account Control (UAC) feature designed to help people be smarter when using applications, security experts say. Probably the most talked about security change in Windows 7, scheduled for public release on Thursday, are modifications to the UAC, which was introduced in Vista. The UAC was designed to prevent unauthorizedexecution of code by displaying a pop-up warning every time a change was being made to the system, whether by the operating system or a third-party application. Vista users complained that they were bombarded with the warnings and security experts speculated that as a result, many people were just ignoring them or turning them off.

    With Windows 7, users can choose how often they want to be notified and the default is set to notify only when a third-party application is making a change, as well as when a change is being made to the UAC itself. However, an attacker could use code injection and exploit several components in Windows 7 that auto-elevate to bypass UAC and get
    full access to the machine, experts have warned. A Sophos white paper from September says: “Another issue with thesedefault (UAC) settings is that malware could bypass the system by injecting itself into a trusted application and running from there. Indeed, some malware has been observed spoofing UAC-style prompts to obtain user permission to operate unimpeded.â€Â￾

    Tepid will like that 2nd part;)

    More............Windows 7 default user account control worries experts | InSecurity Complex - CNET News
     
  2. iroken22

    iroken22 Extraordinary Member
    Premium Supporter

    Joined:
    Nov 10, 2008
    Messages:
    1,649
    Likes Received:
    49
    Interesting little tidbit of information you have provided for us. I had a similar issue with UAC where spyware infected a trusted application on my PC (Adobe Reader) and bypass UAC all together. This is definitely an issue and should be resolved with some sort of patch.
     

Share This Page

Loading...