Posted 11/05/09 at 06:19:45 PM by Ryan Whitwam

Security firm Sophos recently took it upon itself to run some tests on Windows 7 sans anti-virus software. Sophos used ten unique viruses found in circulation and attempted to infect Windows 7. While many may have thought this would be a foregone conclusion, they wanted to make a point. Microsoft claims that User Account Control (UAC) is more secure in Windows 7. Does it actually make a difference?

Sure enough, eight out of ten viruses ran without problem on a stock install of Windows 7 without User Account Control. With UAC active, an additional threat was actually blocked, and the other two still failed to run. Overall, UAC didn’t make much difference in virus protection. So yes, you still need to run an anti-virus on Windows 7. There’s been a lot of positive buzz around Redmond’s new release, just don’t let that stuff go to your head. 

Read More

Posted 04/22/09 at 05:05:03 PM by Mark Edward Soper

Windows 7 brings enterprises more security with less annoyance, says Paul Cook, director of Microsoft's Windows Client Enterprise Security, Cnet reports. Cook's remarks come as the annual RSA security conference opens. 

How much less annoying? 29% fewer UAC prompts, according to Cook, and UAC can be fine-tuned to meet any Windows 7's user's requirements.

But there's more to Windows 7 security than a less nagging UAC. To learn more about how Windows 7 Enterprise and Ultimate editions and Windows Server 2008 R2 work together for more security and to discover why a new BitLocker feature enables Windows XP users to access BitLocker media, join us after the jump.

Read More

Posted 02/06/09 at 04:57:43 PM by Mark Edward Soper

When Microsoft launched its Engineering Windows 7 blog last summer as part of its drive to be more transparent and more responsive to user concerns, a lot of people were skeptical about whether it would become anything more than a PR ploy. But, with the announcement yesterday that Microsoft will be fixing problems with Windows 7's UAC, even Redmond skeptics should be impressed.

In case you missed the earlier stories, MaximumPC readers and many others have been concerned about how easy it was for malware to change UAC levels and subvert the new and allegedly improved User Account Control in Windows 7.

To find out what's changing - and who deserves the credit - join us after the jump.

Read More

Posted 02/05/09 at 05:16:51 PM by Mark Edward Soper

Earlier this week, our own Josh Kamperschmidt told us how scripts could be used to disable Windows 7's UAC. Well, that's just the prelude to a potentially even bigger security issue: according to Long Zhen of the I Started Something blog, Windows 7's "improved" UAC can be disabled by malicious software that is coded for auto-elevation. Auto-elevation is a feature that enables software being run by Administrators to skip the annoying "do you want to run this program" prompt that has made Windows Vista's version of UAC one of its most controversial features, not to mention one of the "I'm a Mac" commercials' favorite targets. Unlike the proof-of-concept exploit reported earlier, this one doesn't prompt you to reboot the system: it works silently.

So, what is it about Windows 7's UAC that makes it vulnerable? As Zhen puts it:

Windows is a platform that welcomes third-party code with open arms. A handful of these Microsoft-signed applications can also execute third-party code for various legitimate purposes. Since there is an inherent trust on everything Microsoft-signed, by design, the chain of trust inadvertently flows onto other third-party code as well. A phenomenon I’ve started calling “piggybacking”.

To demonstrate, one of the many Microsoft-signed applications that can be taken advantage of is “RUNDLL32.exe”. With a simple “proxy” executable that does nothing more than launch an elevated instance of "RUNDLL32 pointing to a malicious payload DLL, the code inside that DLL now inherits the administrative privileges from its parent process "RUNDLL32" without ever prompting for UAC or turning it off.

It sounds serious, but before you jump to conclusions, join us after the jump for Microsoft's response and a workaround.

Read More

Posted 02/02/09 at 09:00:00 AM by Josh Kampschmidt

It seems like just yesterday that Microsoft reluctantly introduced us to the world of User Account Control (UAC). Many disgruntled reviewers claimed that the UAC present in Windows Vista was too intrusive. It caused a lot of frustration when trying to install programs that needed administrator credentials. Apple even made a commercial that illustrated how people felt about the constant nagging of UAC in Windows Vista.

Fast forward to Windows 7 Beta 1, Microsoft now gives full control over the number of prompts you receive. The problem is any malware can defeat UAC by sending a few Visual Basic scripts to activate the slider and turn off UAC. Once UAC is off, the computer can be restarted and the malware can be launched with full administrator credentials and expose the computer to more malware and exploits.

Hit the jump for more details. 

Read More

Posted 10/09/08 at 01:00:11 PM by Paul Lilly

Can we all agree that User Account Control (UAC) sucks? Good. Now if only we can get Microsoft on the same page. That shouldn't be too hard considering at this point it's no secret that UAC was designed to annoy, and if Ben Fathi, president of Microsoft's core OS development is to be believed, we're all finally in agreement.

"We've heard loud and clear that you are frustrated," Fathi wrote on his blog. "You find the prompts too frequent, annoying, and confusing. We still want to provide you control over what changes can happen to your system, but we want to provide you a better overall experience."

Fathi goes on to explain that in Windows 7, users logged in as an administrator will be able to determine the range of notifications received. Fathi also says the dialog UI will be more telling, perhaps leading to less of a knee-jerk reaction to automatically click 'Allow' every time the dialog pops up.

Fathi sounds optimistic that the revamped UAC system will be far less hated than it is now, but the question isn't whether or not it will be less hated, but will we still hate it?

Read More

Posted 05/26/08 at 10:01:06 PM by Mark 'Marcus_Soperus' Soper

Discover how to make IE8 act like IE7, discover which platform renders rich internet frameworks faster, find out what Vista's User Account Control is good for, and how GPS technology is helping make smarter-than-laser-guided weapons possible.

Read More

Posted 05/10/07 at 03:04:55 PM by Mark Soper

Do you want to read this post? Are you sure you want to read this post? Click "yes" to read this post. Are you sure you clicked...

Read More