Comments on: Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code)

By: Windows 7 tiene un serio problema de seguridad con UAC | El Blog De Osky - Un Blog Echo Por Todos

Wed, 10 Mar 2010 23:35:04 +0000

[...] información | i started something: Sacrificing security for usability Más información | i started something: Microsoft dismisses Window 7 UAC security flaw [...]

By: Anonymous

Anonymous — Sun, 13 Dec 2009 19:38:40 +0000

Your proof of concept just wow…. A vrius for stupid people OMGZ who cares really. I backup my data if someone administratively took over my computer (oh well). I would A.) Be able to backtrace very likely the source of it because im not idiotic enough to allow maleware etc. to download on my system, it would have to be a malicious (active) take over. If it did get trhough zomg reboot/reinstall 30 mins later you did What? (nothing). Id personally rather take the risk then have to deal with the annoying UAC, and at Best a virus that rewrites the MBR with 0’s and requires a Full Flash ZOMG you sure as hell dont need to exploit the uac to pull that off from Win n – Win N + 1. Theres always security holes no matter how well written your software is. 99% of a good security system is tracking any immediate intrusions, trace, report, making logs, and restricting access from the security breach as quickly as possible. And the fact you would go ZOMG over someting as minor as this compared to some flaws in the past, in many other operating systems as well shows your ability to hack is little more then a script kiddie. You rely on decieving the user into downloading and execing it as well. A True flaw would be through programs like windows mail itself, and finding ways to auto exec a file, forcing data packets through an unsecured port, not sir, what you are griping about(a virus for stupid people).

By: Anthony

Anthony — Sun, 13 Dec 2009 19:23:06 +0000

Really your POC shows one thing. To an unintelligent user, it would be very easy to get infected. Some very basic firewall software would all but mitigate this risk. Your POC would be like leaving your keys on a table in a locked house, its still secure. Really if your a big enough idiot to download every piece of maleware and bloatware you find across the internet you deserve what you get hit by. This is only a virus to unintelligible neanderthals, and gratz for spreading a plague of fear about a new operating system. All systems, security and software come with a few bugs in it. A setting you have to change to make it flawed, is hardly a loophole… Really stop the panic attacks and compare the level of security flaws to previous releases, its honestly a fairly solid release for an operating system.

By: Windows 7 tiene un serio problema de seguridad con UAC

Windows 7 tiene un serio problema de seguridad con UAC — Thu, 22 Oct 2009 14:22:35 +0000

[...] información | i started something: Sacrificing security for usability Más información | i started something: Microsoft dismisses Windows 7 UAC security [...]

By: En Windows 7 sigue la patética “win-seguridad” | Carlos Zayas Guggiari

Wed, 21 Oct 2009 13:07:49 +0000

[...] Sacrificando seguridad por usabilidad en Windows 7:http://www.istartedsomething.com/20090130/uac-security-flaw-windows- 7-beta-proof/ [...]

By: Pearl Tech » Blog Archive

Pearl Tech » Blog Archive — Mon, 27 Jul 2009 15:43:41 +0000

[...] in the week, independent researchers Rafael Rivera and Long Zheng described an exploit that could turn off the UAC prompt, which typically notifies the user of [...]

By: UAC w Windows 7 to kompletne nieporozumienie | Gry 3D

UAC w Windows 7 to kompletne nieporozumienie | Gry 3D — Wed, 22 Jul 2009 00:58:26 +0000

[...] zwłaszcza tę prezentacje ). Żeby nie było nieporozumień, to nie jest ten sam problem, który pozwalał wyłączyć UAC wysyłając klawisze (tamtem problem Microsoft rozwiązał). Prawdopodobnie Microsoft nie jest w ogóle zainteresowany [...]

By: matt’s blog » Blog Archive » Windows 7 UAC — Door is Wide Open

Tue, 07 Jul 2009 04:11:55 +0000

[...] news circulating around today about UAC in Windows 7. The guys at istartedsomething.com write about it in detail…. By default, Windows 7’s UAC setting is set to “Notify me only [...]

By: Why upgrade to Vista when Windows 7 will be here soon? | OS Attack

Why upgrade to Vista when Windows 7 will be here soon? | OS Attack — Thu, 28 May 2009 14:31:36 +0000

[...] Long Zeng posted a while ago about the change with UAC in Windows 7 that essentially makes it less secure than Windows Vista. Rafael of Within Windows then posted about applications that have been White Listed and are automatically elevated to the highest UAC level. Windows 7 is new and there are bound to be flaws found in it. Vista however has now been out for 3 years and has been highly criticized for being overly secure. [...]

By: Security hole found in Windows 7? | Tech Support Team Blog

Security hole found in Windows 7? | Tech Support Team Blog — Sun, 17 May 2009 14:11:53 +0000

[...] researcher Long Zheng has shown how an attacker could bypass the User Account Control (UAC), although he’s also [...]