It seems like just yesterday that Microsoft reluctantly introduced us to the world of User Account Control (UAC). Many disgruntled reviewers claimed that the UAC present in Windows Vista was too intrusive. It caused a lot of frustration when trying to install programs that needed administrator credentials. Apple even made a commercial that illustrated how people felt about the constant nagging of UAC in Windows Vista.
Fast forward to Windows 7 Beta 1, Microsoft now gives full control over the number of prompts you receive. The problem is any malware can defeat UAC by sending a few Visual Basic scripts to activate the slider and turn off UAC. Once UAC is off, the computer can be restarted and the malware can be launched with full administrator credentials and expose the computer to more malware and exploits.
This is not a typical security flaw since anyone can change the UAC level. Probably one of the major reasons for making Windows 7 insecure like this is because of the feedback received from Windows Vista. It would probably have been more secure if they required the person to type in their user account password. Linux for example requires people to enter in the root password before making system changes.
If you want to see how this works, you can download a simple file and try it out for yourself. It does turn off UAC so make sure when you are done you turn UAC back on. If you are unsure how to turn UAC back on, follow Method 1 from this link, but instead slide it back up.
Comments are closed on this article
jvc08
February 02, 2009 at 10:17pm
it's not ready.
i hope they release it when it's ready.
and this thing about the uac, just turn it off, hackers can go around anything, it is completely useless.
FrancesTheMute
February 02, 2009 at 3:07pm
heh, microsoft probably created the flaw on purpose in response to the "release it now" campaign to prove to people it's not ready yet.
Balgaroo
February 01, 2009 at 11:18pm
I find it funny that this is right above the article on the petition for Windows 7 to be released now because some twat thinks it's ready now. This is why beta testing is and these two post back to back is thevery definition of ironic.
I find it funny.
Print
