Comments on: Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code)

By: rahman

rahman — Thu, 12 May 2011 11:56:50 +0000

not so excited..

By: Brian

Brian — Mon, 25 Apr 2011 03:36:27 +0000

There is a huge difference between having every single minor thing pop up a UAC alert and allowing any program to alter the UAC level without ever notifying the user or asking for their permission.
In the case of the UAC they DID NOT listen. If they had listened they would still have had a strong security concept included in it but given users/administrators a way to exempt or always allow specific programs prevent the constant pop ups which nullify any positive affect the UAC offers. That is on top of the fact that they apparently purposefully created this security hole which in no way is related to the original complaints. I do not remember anyone ever complaining that you received UAC notification when changing the UAC level.

So according to you everyone needs to program and compile all of the programs that they use on their computer, because that is the only true way you can really know the origin and function of the program. If the bad guys wanted to they could create and provide install material that appears to be as legit as anything you get from a real company, which means only when a person created the program themself can they know what it does and where it came from.

There was no crying wolf. There were legitimate complaints from all users that the UAC popups were occuring too often when there was no reason for them to occur. There is no reason that a person should have 2-3 additional clicks just to start a game or other program that must have admin privledges in order to run. Also, as I stated above, no one ever said that MS should remove the UAC prompts when changing the UAC level.

By: Brian

Brian — Mon, 25 Apr 2011 03:17:03 +0000

I find it unfathomable that they would purposefully leave incredibly dangerous flaw in the system, but still refuse to allow us to intentionally choose and exclude programs from popping up the UAC. It is almost as if they would rather we turn it off and use 3rd party programs for it all.

By: Windows 7 - Vunerabilidade encontrada na UAC do sistema | Blog do The Best

Windows 7 - Vunerabilidade encontrada na UAC do sistema | Blog do The Best — Thu, 10 Mar 2011 07:37:49 +0000

[...] A UAC foi criada para gerar uma barreira muito forte aos criadores de malwares, pois para qualquer modificação seria necessária a autorização do usuário e consequentemente dificultaria a infecção. Com essa suavização das intervenções a equipe de desenvolvimento facilitou o trabalho dos criadores de malwares, que agora podem criar códigos que desative a UAC e deixe o sistema vunerável, segundo alguns blogs. [...]

By: JJM

JJM — Sun, 16 Jan 2011 21:14:04 +0000

Why do you think the word “Microsuck” has been added to the dictionary? Windows 7 is a mess for sure. The super annoying interface that feels like its looking over your shoulder at all times is easily hacked. I myself have put together simple scripts to rape the system. The bottom line is the same as it has been for every other Microsoft product out there(Internet Explorer anyone?). They are insecure. Nothing will replace a third party antivirus/firewall program. Its all you need. They can run silently and not bother you at all. Windows 7 settings are never user friendly. I HATE MICROSOFT. I alway have for a good reason. They ignore the consumer. Where I come from if you try to sell the consumer a product while at the same time flipping the bird, you don’t deserve to be in business. That’s the reality.

By: Patrick

Patrick — Tue, 20 Jul 2010 10:37:33 +0000

@dE: Actually I have “switched” across to Linux and I’m one of the posters from above. I have been a user of MS products from 95-2005 (i.e. 95 to XP). Not buying into Vista/7/Server 2008 etc. I think MS went on a big tangent with UAC – should have focused on getting users into (true) non-admin rather than attempting to “constrain” administrators.

By: dE

dE — Mon, 19 Jul 2010 13:34:25 +0000

Actually it’s not working dude…

By: dE

dE — Mon, 19 Jul 2010 12:32:08 +0000

Despite all Microsoft’s nagging, you still all use windows. Besides UAC is a copy of Unix permissions which was implemented more than 50 years ago and always was better than this piecea crap.

By: Microsoft Windows Has ReachedSelf Destruction | Microsoft Windows Has Become Incapable of Self Protection

Tue, 13 Jul 2010 01:21:57 +0000

[...] In a post, expert Long Zheng states that the solution could be as simple as forcing a prompt whenever attempts are made to change UAC settings. Also, if you crank up the notifications to always notify, that will solve the problem as well. [...]

By: Links & Downloads - Windows 7 – Dirty Tricks

Links & Downloads - Windows 7 – Dirty Tricks — Fri, 09 Apr 2010 10:02:03 +0000

[...] http://www.istartedsomething.com/20090130/uac-security-flaw-windows-7- beta-proof/ [...]