Home
Build a PC

Build a PC Featured Content

Build a PC: Recommended Builds (May 2013)

CES 2013: AMD Talks Up Surround Computing Strategy

Operation Upgrade: How We Rebuilt Three Old PCs, Part By Part

Build It: How to Build a Kick-Ass Ivy Bridge Gaming PC, Step by Step

Blueprints: The Maximum PC Recommended Builds - June 2012

All Build a PC Articles
Windows
Windows RSS
Windows Featured Content

Windows 8 Review

6 Features iOS 7 Took from Android and Other Operating Systems

Microsoft Announces Xbox One Console

20 Awesome Screensavers

Best Windows 8 Apps

All Windows Articles
Best of the Best
Hardware
- Hardware Home
- CPU
- Memory
- Video Cards
- Cases
- Cooling
- Displays
- Motherboards
- Reviews
Hardware RSS
Hardware Featured Content

Build a PC: Recommended Builds (May 2013)

Commemorating the Best PC Hardware

Microsoft Announces Xbox One Console

7 Unsung Heroes of the PC Universe

Getting Loco with Video Cards

All Hardware Articles
Software
Software RSS
Software Featured Content

Nvidia E3 2013 Highlights

Virus Protection Guide

Adobe Photoshop Lightroom 5 Beta Impressions

Spotify vs. Xbox Music

XBMC vs. Plex

All Software Articles
Gaming
- Gaming Home
- Reviews
- Hardware
- Software
- Gaming PCs
- Bioshock
Gaming RSS
Gaming Featured Content

Razer Edge Unboxing (Video)

CES 2013: Nvidia Shield and Grid Impressions [Video]

Nvidia at CES 2013: Project Shield Console, Tegra 4, and Onlive Style Cloud Gaming

Transformers: Fall of Cybertron Review

The 10 Best PC Game Trailers from E3 2012

All Gaming Articles

uac

Security Researcher Demos Windows 8 Bootkit

Posted 11/26/2011 at 7:08am | by Pulkit Chandna

0

Comments

Few men can lay claim to being ahead of their time like Peter Kleissner. While most of us were busy playing around with the Windows 8 Developer Preview, this Austrian security researcher was vetting it for possible vulnerabilities. Whatever he was up to seems to have worked. Kleissner has successfully identified a vulnerability in this early version of the upcoming operating system and even posted a video of his proof-of-concept “Stoned Lite” bootkit successfully exploiting this flaw. Hit the jump for the video.

» Read More

Firefox Keeping Rapid Release, But Adding Silent Update Option For Irritated Users

Posted 10/04/2011 at 11:04am | by Brad Chacos

14

Comments

Firefox’s relatively new rapid release schedule lets developers implement and unveil new features and updates quickly, but there’s one thing we hate about it. No, it’s not the headache it causes enterprise users, although that sucks, too. It’s the constant update notifications. Geez, Firefox needs to update again, we get it already! Fortunately, Mozilla gets that we get that, and they’re looking to move to silent updates sometime in 2012.

» Read More

Microsoft Downplays "Nightmare" Kernel Bug

Posted 11/29/2010 at 7:55am | by Paul Lilly

0

Comments

There's a nasty little Windows exploit making the rounds, one that lets would-be attackers sidestep the User Account Control (UAC) mechanism in Windows Vista and Windows 7, Computerworld reports. A security firm called the bug a potential "nightmare," a notion Microsoft isn't ready to agree with.

"Microsoft is aware of the public posting of details of an elevation of privilege vulnerability that may reside in the Windows kernel," said Jerry Bryant, a group manager with the Microsoft Security Response Center. "We will continue to investigate the issue and, when done, will take appropriate action."

Microsoft also stressed that the exploit requires local access, which "requires attackers to be already able to execute code on a targeted machine." The bug itself doesn't allow remote code execution, but it does enable non-administrator accounts to execute code as if they were admins, Bryant said.

» Read More

Security Firm Trend Micro Claims Windows 7 is Less Secure Than Vista Out of the Box

Posted 12/13/2009 at 9:04pm | by Justin Kerr

39

Comments

Security

The headline sounds quite a bit more sensational than the content, but bear with me here folks. According to Raimund Genes, CTO of the security firm Trend Micro, the User Account Control changes in Windows 7 make it significantly less secure out of the box than Vista was. Genes claims Microsoft has made design choices that sacrifice security, primarily in the name of usability.

"I was disappointed when I first used a Windows 7 machine that there was no warning that I had no anti-virus, unlike Vista," Genes said. "There are no file extension hidden warnings either. Even when you do install anti-virus, warnings that it has not been updated are almost invisible." "Windows 7 may be an improvement in terms of usability but in terms of security it's a mistake, though one that isn't that surprising. When Microsoft's developers choose between usability and security, they will always choose usability," Genes argued.

This is an interesting theory, but is Windows 7’s really less secure? Some might argue that when dealing with the general public, security and usability is a delicate and important balance. If you nag and warn users too much about non-critical security issues, they tend to eventually tune out or pay less attention to them. For example, if UAC prompts are so frequent that they interfere with your work, you’re less likely to stop and examine each one to determine its validity.

What do you think?

» Read More

SophosLabs Sets Out to Prove Windows 7 Has Some Vulnerabilities

Posted 11/05/2009 at 5:19pm | by Ryan Whitwam

9

Comments

Security firm Sophos recently took it upon itself to run some tests on Windows 7 sans anti-virus software. Sophos used ten unique viruses found in circulation and attempted to infect Windows 7. While many may have thought this would be a foregone conclusion, they wanted to make a point. Microsoft claims that User Account Control (UAC) is more secure in Windows 7. Does it actually make a difference?

Sure enough, eight out of ten viruses ran without problem on a stock install of Windows 7 without User Account Control. With UAC active, an additional threat was actually blocked, and the other two still failed to run. Overall, UAC didn’t make much difference in virus protection. So yes, you still need to run an anti-virus on Windows 7. There’s been a lot of positive buzz around Redmond’s new release, just don’t let that stuff go to your head.

» Read More

Windows 7: More Secure, Less Annoying

Posted 04/22/2009 at 3:05pm | by Mark Edward Soper

13

Comments

Windows 7 brings more security and UAC improvements

Windows 7 brings enterprises more security with less annoyance, says Paul Cook, director of Microsoft's Windows Client Enterprise Security, Cnet reports. Cook's remarks come as the annual RSA security conference opens.

How much less annoying? 29% fewer UAC prompts, according to Cook, and UAC can be fine-tuned to meet any Windows 7's user's requirements.

But there's more to Windows 7 security than a less nagging UAC. To learn more about how Windows 7 Enterprise and Ultimate editions and Windows Server 2008 R2 work together for more security and to discover why a new BitLocker feature enables Windows XP users to access BitLocker media, join us after the jump.

» Read More

You Complained, Redmond Listened: Win7's UAC Gets More Secure

Posted 02/06/2009 at 3:57pm | by Mark Edward Soper

1

Comment

Redmond planning to improve Win7's UAC by RC release

When Microsoft launched its Engineering Windows 7 blog last summer as part of its drive to be more transparent and more responsive to user concerns, a lot of people were skeptical about whether it would become anything more than a PR ploy. But, with the announcement yesterday that Microsoft will be fixing problems with Windows 7's UAC, even Redmond skeptics should be impressed.

In case you missed the earlier stories, MaximumPC readers and many others have been concerned about how easy it was for malware to change UAC levels and subvert the new and allegedly improved User Account Control in Windows 7.

To find out what's changing - and who deserves the credit - join us after the jump.

» Read More

Is There an Even Bigger Security Hole in Windows 7's UAC?

Posted 02/05/2009 at 4:16pm | by Mark Edward Soper

5

Comments

Is Windows 7's adjustable UAC a security flaw?

Earlier this week, our own Josh Kamperschmidt told us how scripts could be used to disable Windows 7's UAC. Well, that's just the prelude to a potentially even bigger security issue: according to Long Zhen of the I Started Something blog, Windows 7's "improved" UAC can be disabled by malicious software that is coded for auto-elevation. Auto-elevation is a feature that enables software being run by Administrators to skip the annoying "do you want to run this program" prompt that has made Windows Vista's version of UAC one of its most controversial features, not to mention one of the "I'm a Mac" commercials' favorite targets. Unlike the proof-of-concept exploit reported earlier, this one doesn't prompt you to reboot the system: it works silently.

So, what is it about Windows 7's UAC that makes it vulnerable? As Zhen puts it:

Windows is a platform that welcomes third-party code with open arms. A handful of these Microsoft-signed applications can also execute third-party code for various legitimate purposes. Since there is an inherent trust on everything Microsoft-signed, by design, the chain of trust inadvertently flows onto other third-party code as well. A phenomenon I’ve started calling “piggybacking”.

To demonstrate, one of the many Microsoft-signed applications that can be taken advantage of is “RUNDLL32.exe”. With a simple “proxy” executable that does nothing more than launch an elevated instance of "RUNDLL32 pointing to a malicious payload DLL, the code inside that DLL now inherits the administrative privileges from its parent process "RUNDLL32" without ever prompting for UAC or turning it off.

It sounds serious, but before you jump to conclusions, join us after the jump for Microsoft's response and a workaround.

» Read More

Critcal Windows 7 Beta UAC Flaw

Posted 02/02/2009 at 8:00am | by Josh Kampschmidt

5

Comments

It seems like just yesterday that Microsoft reluctantly introduced us to the world of User Account Control (UAC). Many disgruntled reviewers claimed that the UAC present in Windows Vista was too intrusive. It caused a lot of frustration when trying to install programs that needed administrator credentials. Apple even made a commercial that illustrated how people felt about the constant nagging of UAC in Windows Vista.

Fast forward to Windows 7 Beta 1, Microsoft now gives full control over the number of prompts you receive. The problem is any malware can defeat UAC by sending a few Visual Basic scripts to activate the slider and turn off UAC. Once UAC is off, the computer can be restarted and the malware can be launched with full administrator credentials and expose the computer to more malware and exploits.

Hit the jump for more details.

» Read More

Microsoft Refining Terrible UAC Experience in Windows 7

Posted 10/09/2008 at 11:00am | by Paul Lilly

3

Comments

Can we all agree that User Account Control (UAC) sucks? Good. Now if only we can get Microsoft on the same page. That shouldn't be too hard considering at this point it's no secret that UAC was designed to annoy, and if Ben Fathi, president of Microsoft's core OS development is to be believed, we're all finally in agreement.

"We've heard loud and clear that you are frustrated," Fathi wrote on his blog. "You find the prompts too frequent, annoying, and confusing. We still want to provide you control over what changes can happen to your system, but we want to provide you a better overall experience."

Fathi goes on to explain that in Windows 7, users logged in as an administrator will be able to determine the range of notifications received. Fathi also says the dialog UI will be more telling, perhaps leading to less of a knee-jerk reaction to automatically click 'Allow' every time the dialog pops up.

Fathi sounds optimistic that the revamped UAC system will be far less hated than it is now, but the question isn't whether or not it will be less hated, but will we still hate it?

» Read More

Featured Content

60 E3 2013 Pictures

6 Features iOS 7 Took from Android and Other Operating Systems

There's a reason iOS 7 looks so familiar

Nvidia E3 2013 Highlights

The Witcher 3, Hawken, Warframe, and more!

Richland Review

Even diehard fan boys can admit AMD’s not in the hunt against Intel’s top-end CPUs

Haswell Review

Can a laptop CPU keep enthusiasts happy?

Connect with MaximumPC

This month's issue

Feature

Budget Builds Battle

Feature

Microsoft Surface Pro

How To

Start a Minecraft Server

Build It

We Cram a Titan into a Small-Form-Factor Rig

Most Commented Articles

327Comments

LulzSec Hacker Receives One-Year Sentence for Sony...

184Comments

Windows 8 Review

140Comments

NSA Whistleblower Edward Snowden Identified, and...

136Comments

Windows 8 Sales Reach 100 Million Licenses, Should...

107Comments

Windows Blue Alpha Build 9364 Leaks

MaximumPC on Facebook

Recommendations

Future is AOP and PPA Consumer Digital Publisher of the Year.
MaximumPC is part of Future plc, an international media group and leading digital publisher. We produce content across five core areas:

Technology
- TechRadar
- T3
- Mac|Life
- Gizmodo UK
- More...
Entertainment
- GamesRadar
- CVG
- PC Gamer
- Total Film
- More...
Music
Creative
Sport & Auto
- BikeRadar
- Cyclingnews
- ChopMTB
- TriRadar
- More...

Featured Content

Connect with MaximumPC

This month's issue

Feature

Feature

How To

Build It

Buy Subscription

Most Commented Articles

MaximumPC on Facebook

Technology

Entertainment

Music

Creative

Sport & Auto