Critcal Windows 7 Beta UAC Flaw
PrintIt seems like just yesterday that Microsoft reluctantly introduced us to the world of User Account Control (UAC). Many disgruntled reviewers claimed that the UAC present in Windows Vista was too intrusive. It caused a lot of frustration when trying to install programs that needed administrator credentials. Apple even made a commercial that illustrated how people felt about the constant nagging of UAC in Windows Vista.
Fast forward to Windows 7 Beta 1, Microsoft now gives full control over the number of prompts you receive. The problem is any malware can defeat UAC by sending a few Visual Basic scripts to activate the slider and turn off UAC. Once UAC is off, the computer can be restarted and the malware can be launched with full administrator credentials and expose the computer to more malware and exploits.
This is not a typical security flaw since anyone can change the UAC level. Probably one of the major reasons for making Windows 7 insecure like this is because of the feedback received from Windows Vista. It would probably have been more secure if they required the person to type in their user account password. Linux for example requires people to enter in the root password before making system changes.
If you want to see how this works, you can download a simple file and try it out for yourself. It does turn off UAC so make sure when you are done you turn UAC back on. If you are unsure how to turn UAC back on, follow Method 1 from this link, but instead slide it back up.
More like this
jvc08
February 02, 2009 at 9:17pm
it's not ready.
i hope they release it when it's ready.
and this thing about the uac, just turn it off, hackers can go around anything, it is completely useless.
FrancesTheMute
February 02, 2009 at 2:07pm
heh, microsoft probably created the flaw on purpose in response to the "release it now" campaign to prove to people it's not ready yet.
Balgaroo
February 01, 2009 at 10:18pm
I find it funny that this is right above the article on the petition for Windows 7 to be released now because some twat thinks it's ready now. This is why beta testing is and these two post back to back is thevery definition of ironic.
I find it funny.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Here's what the @horse_ebooks bookmarklet (http://t.co/brE6898A) does to Maximum PC: http://t.co/Y6OhO6zk9 hours 35 min ago
- maximumpc: Microsoft on Patents: Can't We All Just Get Along? http://t.co/g0vginvG11 hours 56 min ago
- maximumpc: Google Drive Cloud Storage: Is Google Preparing To Muscle In On Dropbox? http://t.co/lCWzeYmS12 hours 21 min ago
