Long Zheng and Rafael had come up with proof earlier that malware can turn off UAC in Windows 7. Later Microsoft responded insisting that this is by design and actually not a bug. Microsoft has finally agreed to do changes to the Windows 7 UAC and deliver the changes to the Windows 7 Release Candidate.
Jon DeVann and Steven Sinofsky have blogged about the two changes Microsoft is planning to bring to Windows 7 RC:
- UAC control panel will run in a high integrity process
- Changing the level of the UAC will also prompt for confirmation
There you go! Simple changes, but brings out big differences to the way UAC behaves in Windows 7!
UAC control panel will run in a high integrity process
UAC control panel running in a high integrity process means it requires elevation. So, you might get prompted to change the UAC settings in your system, even if you are an protected admin (the default user account created during the installation process)
Expect the UAC icon appear just before the setting Change User Account Control Settings in the above screenshot in Windows 7 RC
Changing the level of the UAC will also prompt for confirmation
As there is going to be a prompt for confirmation to change the UAC level, expect a prompt when you click Ok to change your UAC settings
These two changes are more than enough to make Windows 7 UAC to respond to the threat Zheng and Rafael had come up. The user now, when running a malware has to bypass the UAC prompt in order to execute it.
Jon and Steven still insisted on - Malware making it onto a PC and being run Vs What it can do once it is running - and treat very seriously the ability to get code on a machine and run without consent.
They were also very serious that users should still not download code and run it unless the source is trusted. HTML, EXE, VBS, BAT, CMD and more are all code and all have the potential to alter the environment (user settings, user files) running as a standard user or an administrator.
So, here we have - many were furious about this UAC flaw, Microsoft listened, reiterated back that 'this is by design' and now have responded really well!