TulipTools Internet Business Owners and Online Sellers Community

Quote:Joanna Rutkowska has always been a big supporter of the Windows Vista security model. Until she stumbled upon a "very severe hole" in the design of UAC (User Account Control) and found out — from Microsoft officials — that the default no-admin setting isn't even a security mechanism anymore.

utkowska, a hacker with a track record of defeating Vista's security mechanisms, believes UAC has a major flaw in the way it automatically assumes that all setup programs (application installers) should be run with administrator privileges.

"[When] you try to run such a program, you get a UAC prompt and you have only two choices: either to agree to run this application as administrator or to disallow running it at all. That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing it to load kernel drivers!...

Quote:Security company Kaspersky claimed that Vista's User Account Control (UAC), the system of user privileges that can be used to restrict users' administrative rights, will be so annoying that users will disable it.

Natalya Kaspersky, the company's chief executive, said that without UAC, Vista will be less secure than Windows XP SP2. "There's a question mark if Vista security has improved, or has really dropped down," she said...

Kaspersky confirmed that her analysts had found five ways to bypass Vista's UAC, and that malware writers will find more security holes...