Windows 7 UAC has a second flaw

Long Zheng of I Started Something has uncovered a flaw in Windows 7's UAC that means malware can elevate itself to administrator privileges. This news comes after a previously discovered flaw in Windows 7's new tiered UAC system that meant malware can disable UAC silently.

Zheng has stated "a second UAC security flaw in the Windows 7 beta's default security configuration allows a malicious application to autonomously elevate themselves to full administrative privileges without UAC prompts or turning UAC off", which is bad news for Microsoft. It is also bad news for all the people currently running the Windows 7 beta, leaving them with a security risk. Zheng recommends that, if you're using Windows 7 currently, set your UAC to High to reduce any potential problems. For more information on how to set the UAC level please read our UAC overview.

Windows 7 has the ability to allow Microsoft-signed applications to become 'trusted' by UAC, reducing the number of UAC prompts. However, certain Microsoft applications can execute third-party code, which, while being for legitimate reasons, can be exploited for malicious purposes. This can fool the average consumer, as they would (correctly) assume Microsoft products are safe, and that then has a flow-on effect, leaving them assuming that any code run within Microsoft products is also safe.

Microsoft has not commented on this latest flaw but last week Microsoft denied the original flaw was not a risk. Rumors are that it will be addressed internally and Microsoft will be making a statement regarding these issues.

For more information on this risk, and a non-malicious file to try this flaw for yourself, head over to Within Windows to check it out.

Report a problem with article
Previous Story

Google Latitude released, share your location on the go

Next Story

Hackintosh store opens in Europe

103 Comments

Commenting is disabled on this article.

I went over to "Within Windows" just now and found this juicy bit of information which makes me feel a hell of a lot better about win 7.

"As of today, there has been no official word from Microsoft regarding this issue. Birdies, however, have told me this problem was fixed in later builds. We'll just have to wait and see what Microsoft implemented. Removing of the auto-elevate flag from rundll32.exe would fix that process but what about mmc.exe that suffers from a similar problem?"

If the "Birdies" are correct this whole thing was a "storm in a teacup" and nothing more. But it does show two things...

1. Microsoft is paying attention (we will see for sure in the next public build ....the Release Candidate)
2. People (including me) really want Windows 7 to be the best that it can be.

Lastly this shows that that silly campaign of "release win 7 now" is just that ....silly !

I dont understand why people complain about the UAC, but not OS X. I find I get the prompt in OS X far more than I do in Vista. Not only that, but I have to enter my password on both OS X and Linux, instead of just a click.

I have three programs that I use on my computer of note.
1. I scan any program before I install it with Norton IS
2. I scan it with Spybot S&D
3. I scan my hardrive with Ad aware as well.

If the program gets past all these it is safe to install (well 99.9% )
The UAC to me is just another barrier to stop Malware and should always be taken notice of.
It is better to be safe than sorry ! !

I use the hardened kernel of 64bit Vista, UAC, Firefox, Admuncher, and my brain.
AV is a total waste of resources for anyone with common sense. Even the lean Russian code of Kaspersky will considerably slow down your PC.
I did not buy a PC for it to run at half speed.

UAC is definitely a strong component in my strategy and should not be dumbed down for the masses.

I think that the malware needs to get on your computer in the first place for this to even happen. UAC is only in place so that unexperienced users don't do something stupid. In an attempt to make it less annoying microsoft lowered the amount of warnings it spits out by lets say 10%. This 10% will probably not let to many problems through. I personally have no firewall or virus scanner but if you added one into the mix for paranoia sakes it would probably close that 10% gap. I only have abp on my firefox and that works fine. I also turned off uac. Haven't had a problem yet. I've been running windows 7 for 4 days and 11 hours without reboot and is still running very smooth. Great OS

People keep trying to compare UAC to sudo in Linux, but it's really very different.

Sudo allows you to run a command as a *different* user with more (or less, even) priviledges than the user you are currently logged in as. This works great in the Linux world because it has been the long-standing common knowledge that you don't log in as root, and only use sudo to run as root when needed.

In the Windows world, 90% of the users log in as an administrator. If you are logged in as a standard user, you have the option to do use the "Run as" option to do something that requires administrator priviledges - the same as using sudo in Linux. This functionality has been around since NT.

The problem is, since 90% of users are logged in as administrators, 90% of software is (or was before Vista) written to simply assume administrator access - it doesn't check to see if it has administrator access, and just breaks when it doesn't. With Vista, Microsoft tried to change this situation by encouraging developers to write their programs in a way that only used admin access if it really needed it, and added APIs for the application to request admin authority.

On the user end, rather than encourage users to log in with standard accounts instead of as admins (with all the fuss around UAC, can you imagine if users were required to remember and type in an admin password!), they created UAC. UAC's job is to allow someone who is logged in as an admin user to have the same kind of security as if they had logged in as a standard user until an application is run that requests admin priviledges. The purpose of the UAC prompts is to alert the user to an application trying to do something that requires administrator priviledges. It's kind of a compromise between always running as administrator (pre-Vista style), and logging in as a standard user (Linux-style).

IMO, UAC really doesn't have much place in an enterprise and can be disabled. IT admins will have admin accounts, and users will have standard accounts. Security measures are already in place.

For the home user, though, I think it is an incredible idea. Once software is (and most software already has been) updated to work around the idea of not always running as an admin, it should give the best of both worlds for home users - except that if they remove the UAC prompts and automatically elevate any process that wants it in Windows 7, then why have UAC at all?

All MS has to do is make an acception to there system and no matter what UAC setting is selected, have that popup that comes up to inform the user like it does in Vista or if you turn on the highest setting in Windows 7.

Wasn't this same topic talked about like 3 days ago all over the Internet (neowin included)? I'm sensing dejavu.

People need to be licensed to use a computer, far too many people running around who think it's an appliance like a toaster and doing whatever they want.

They can't it right either way it seems. Vista was too intrusive and ridiculous, 7 is too weak. Funny how Linux, OS X, etc. can be secure without aggravating the user to death. I'm not trying to bash Microsoft but why is this so hard for them? I'm guessing for the sake of backward's compatibility with old crappy programs, something that should be eliminated.

TRC said,
They can't it right either way it seems. Vista was too intrusive and ridiculous, 7 is too weak. Funny how Linux, OS X, etc. can be secure without aggravating the user to death. I'm not trying to bash Microsoft but why is this so hard for them? I'm guessing for the sake of backward's compatibility with old crappy programs, something that should be eliminated.


*nix systems are no less aggravating than UAC. They prompt for the exact same reasons: The program is trying to access something that requires administrative rights.

GreyWolfSC said,
*nix systems are no less aggravating than UAC. They prompt for the exact same reasons: The program is trying to access something that requires administrative rights.

I've never heard of anyone complaining about the UAC in Linux or OS X. Ever.

UAC in Windows is implemented differently.

LTD said,
I've never heard of anyone complaining about the UAC in Linux or OS X. Ever.

UAC in Windows is implemented differently.


Nope. It is exact same thing.

LTD said,
I've never heard of anyone complaining about the UAC in Linux or OS X. Ever.

UAC in Windows is implemented differently.

No, it's not.

LTD said,
I've never heard of anyone complaining about the UAC in Linux or OS X. Ever.

Linux users have always really had it so they are used to the idea of having to run things as root and not using root by default.

OS X probably had complaints at the start but knowing apple they would have just PR'ed it to death and deleted the posts from their forums and even probably the lawyer dogs to aid in their endevors (most sites will delete and not risk having issues with apple regardless of their rights)
Now though they idea has sank in more and because backwards compatability was not the best for os 9 apps they, in a way wiped clean the slate of crud admin based apps. This means a more painful launch more then likely for os x (and there were a lot of complaints from people I knew with it) but when you have such a little market share and they are so loyal it wouldnt matter as it seems to have worked out.

As for the "flaw" as other users have said, its a BETA these issues are SUPPOSED to come out during it. Like beta testing the new os x will have issues but apple nda you where as MS at least have issues in the public eye, mass tested and found which at least means there is more userbase input rather then a few apple snobs who do all to gain access to the secret nda'd beta's apple release. I wonder how much positive PR you need to do to get access to a apple beta? any idea LTD?

Because all of this i have now set mine to the top level. I was enjoying using the relaxed UAC but it seems they pretty much succumbed to idiot consumers who don't know a modem from a hard drive and successfully broke UAC all on there own. Whats that? The advertising about how UAC is more relaxed is turning out to be just a sham? That by basically doing that your compromising any security gains? Great!

It can elevate itself because YOU set UAC to allow system changes without notifying you. If you don't set UAC that low you won't be affected by this potential issue.

You are aware that UAC is set to allow system changes without prompts by default right? So, no, *I*, didn't set UAC to allow system changes without prompts. Think before you type next time.

I'm really getting tired of all this crap on UAC having "flaws". There is really only so much you can do in software. Sometimes you really just need a bit common sense. Don't run your computer without a malware scanner if you don't know what your downloading. If your really insecure then simply set the UAC to max right after you install/upgrade to Win. 7.

We know this. Consumers that dont know anything about computers other than to press the icon with the E on it dont have a clue to any of this. So basically it IS up to people who do know what is going on to do something about it.

Unfortunately, that is true. I cringe to see someone with a college degree try to operate the basics of a computer. They really should make computer a mandatory class. I'm not sure where some type of computer isn't used these days.

when MS's official standpoint is it's 'by design' and 'wont fix' then it's not just a beta issue and this online frenzy is entirely necessary.

yakumo said,
when MS's official standpoint is it's 'by design' and 'wont fix' then it's not just a beta issue and this online frenzy is entirely necessary.

+1

I have UAC cranked up to full - it didn't bother me with Vista so it doesn't bother me with Windows 7.

MS will probably set the default level to MAX for RTM - seems the logical thing to do now and if they are not going to fix the last issue then adding another bullet point informing the user that this setting may not 100% protect them (in other words) may be needed.

Edit: Seems that, after reading comments over at istartedsomething, MS has addressed the previous problem in the latest internal builds, so no doubt this one will also be 'addressed'. whatever that involves.

It's not gonna be turned up for the simple fact that they are marketing this as a more relaxed UAC. I dont see them changing the marketing view for the simple fact that 7 is Vista R2 and their are not that many new features/changes that are gonna justify the upgrade. Can't throw out one of the few improvements as a marketing standpoint.

solution, require a password whenever UAC settings are changed, manually or if some bad code attempts to change it. there has been ALOT of whining about UAC in the past and again this week, the majority of users complained asking for this, saying they can take care of themselves, i assume this is why Microsoft feels its a non issue, users can always bump up the setting and protect themselves if they are that concerned.

Microsoft probably should ship it with UAC at its highest settings if they decide not to address the issue, its a bad place we've all put MS in. i never found Vistas prompts annoying, i've even turned off UAC because i watch what i click, i don't stray off into corners of the internet i shouldn't

all that said, i'd like to see MS address the issue once again, like i said... requiring an admin password to change these settings is the key, its nothing to enter a password and it would actually vastly improve UAC IMO.

So um what about x64? I keep hearing about UAC flaws in Windows 7 and malware and fake-signed crap and blah blah blah but does anyone mention if the supposed increased security of x64 makes any lick of difference?

Obviously you reap what you run but I thought that part of the whole f*cking push to x64 hardware/OS/software was a system (kernel) which was, at least somewhat, locked-down.

Forgive my silly backwards thinking, but the major selling point of x64, for me, was increased security and performance rather than simply the ability to address more RAM. It's a selling point so prevalent that when coupled with the increased memory should be pushing everyone everywhere into x64 operating systems and hardware/software. (right?)

I guess the best question to ask these days in regards to any OS is: If there is a supposed security benefit from using x64 over x86 then why aren't we seeing more flaws broken-down into which ones harm which architecture? And if the answer to that is that they are, in fact, relevant to both architectures then why the big push towards x64 with regards to security?

This is Windows 7-specific, not architecture-specific, because UAC has been designed to work the same as both architectures. The only security feature specific to x64 that I can recall is that Microsoft has made a commitment to ensure that only signed drivers will work with x64 versions of Windows (not any hardware feature).

Nobody is forcing you to use x64, if you don't think that it's any more secure than x86, then that's up to you if you want to use or not.

I'm speaking more of the forest rather than one tree.

It's not about Windows 7 or UAC per say but rather the overall push towards x64. Basically every OS that you could possibly care about comes in an x64 flavor at this point and security was supposed to be one of the major pillars of that hardware push.

But that selling point hasn't exactly panned-out in regards to there being a clear distinction between flaws which involve one architecture vs. the other or rather those reporting said flaws have made basically zero distinction. (perhaps simply because there is none to be made)

You will, soon enough, be forced to migrate to x64 whether you like it or not. If you want to address 'X' amount of RAM in OS 'Y' then you simply have to use x64 so the inevitable push/switch is, and always has been, built right in. (the same can be said for 128-bit down the line)

My gripe is with tech people, who for years and years, have cited security as a major reason to move to x64 but yet I'm still seeing the same flaws, the same holes, the same exploits, the same patch Tuesday bombshells that I have been for ages and next to none are harmless to x64 systems.


All Microsoft needs to do is ensure that if UAC is attempted to be changed it will cause a prompt no matter what setting its on (except if its disabled), problem solved.

UAC sucks. Its an annoying useless thing microsoft has invented. This elevation does mean nothing cause if it is a dumb user he will say "yes" to anything and if it is an advance user he wont have UAC activated and wont download malware. So, UAC is useless for everybody.

Think of UAC as a seatbelt. Imagine for a moment if you're thrown outside of your car during a crash because you didn't wear your seatbelt, and you got severely injured. Is the seatbelt useless by your reason because the user is dumb enough to not wear it, if the seatbelt mitigates or reduces your injuries? If you had worn your seatbelt like you should, then you would still be in the car where it's statically safer.

KevinN206 said,
Think of UAC as a seatbelt. Imagine for a moment if you're thrown outside of your car during a crash because you didn't wear your seatbelt, and you got severely injured. Is the seatbelt useless by your reason because the user is dumb enough to not wear it, if the seatbelt mitigates or reduces your injuries? If you had worn your seatbelt like you should, then you would still be in the car where it's statically safer.

Then Linux and OSX suck too because UAC has been in them for years.

mclaren05 said,
Then Linux and OSX suck too because UAC has been in them for years.

Did you quote the wrong person? lol

mclaren05 said,
Then Linux and OSX suck too because UAC has been in them for years.

We've never complained about those two particular implementations of the concept. They work quite well. I'm not sure why Windows users can't get used to it. Unless UAC pops up when it really shouldn't.

LTD said,
We've never complained about those two particular implementations of the concept. They work quite well. I'm not sure why Windows users can't get used to it. Unless UAC pops up when it really shouldn't.

+1

LTD said,
We've never complained about those two particular implementations of the concept. They work quite well. I'm not sure why Windows users can't get used to it. Unless UAC pops up when it really shouldn't.

It doesn't. I only see UAC prompts when I run the defrag tool manually now. I haven't had an elevation prompt other than that in months.

LTD said,
We've never complained about those two particular implementations of the concept. They work quite well. I'm not sure why Windows users can't get used to it. Unless UAC pops up when it really shouldn't.

+2

KevinN206 said,
Think of UAC as a seatbelt. Imagine for a moment if you're thrown outside of your car during a crash because you didn't wear your seatbelt, and you got severely injured. Is the seatbelt useless by your reason because the user is dumb enough to not wear it, if the seatbelt mitigates or reduces your injuries? If you had worn your seatbelt like you should, then you would still be in the car where it's statically safer.

I dunno. I saw this drunk driver going 90+ mph on the highway. Rammed into the guard rail and the car flipped at least 3 times in the air before landing upside down. The driver, also not wearing a seatbelt, was tossed out of the vehicle where he immediately got up, ran, jumped the guard rail, and stopped to look at the vehicle. His friend was in a seatbelt and was unconscious in the car.

I don't really have a point here, other than seatbelts do not always protect you. I suppose that could fall in line with UAC, as it won't protect you if you're going to drive drunk (that is, be retarded) anyhow.

lol, what does linux have to do with this..

Yes, Linux has it, and Linux was designed from the ground up with various user privilege levels in mind, penalizing users with a "sudo" if having to raise them. This never happened in anything pre-Windows Vista, which caused lazy devs to assume "admin" status, and hit Vista much harder than Linux.

Jugalator said,
lol, what does linux have to do with this..

Yes, Linux has it, and Linux was designed from the ground up with various user privilege levels in mind, penalizing users with a "sudo" if having to raise them. This never happened in anything pre-Windows Vista, which caused lazy devs to assume "admin" status, and hit Vista much harder than Linux.

WinNT was also designed from the ground up with various user privilege levels in mind :P

Before Vista we just got "Run as" instead of UAC.

waruikoohii said,

WinNT was also designed from the ground up with various user privilege levels in mind :P

Before Vista we just got "Run as" instead of UAC.

The flaw is they need to keep it as tight as it was in Vista and not listen to people like you.

Jugalator said,
lol, what does linux have to do with this..

Linux and others have everything to do with this particular comment. Vista is following in the footsteps of sudo with UAC, and like sudo, it is (or at least used to be) a massive security benefit. If it's a "PITA" for Windows users, why is it not a "PITA" for Linux users?

Jugulator said,
Yes, Linux has it, and Linux was designed from the ground up with various user privilege levels in mind, penalizing users with a "sudo" if having to raise them. This never happened in anything pre-Windows Vista, which caused lazy devs to assume "admin" status, and hit Vista much harder than Linux.

Laziness is exactly what is wrong with us Windows users (me being one of them). We took for granted the fact that we could do anything we wanted with our OS without "PITA" elevation, and as a result we ended up with elevation because we couldn't be trusted with the freedom (Malware, etc). Sure at first it wasn't our fault, but after XPSP2 it was.

Additionally, it's the fault of the Lazy devs who assumed admin privs for everyone for UAC being a PITA, not Microsoft.

Steven77 said,
What does linux have to do with this. Why does every single article have to turn into a MAC VS. Linux VS. MS


Good god, can you not read? You just replied to a whole line of "so what" answers! It's "so what" because Linux and OSX have been prompting for elevation for ages and it's just not an issue.

Did you notice the real point from this whole article? The user has to CHOOSE TO RUN the app handed out to you in order for it to elevate itself. Remember kids, when you run a program yourself, you have already given your consent to let it do whatever it wants to do.

Yet another example of the user's carelessness that I don't expect UAC to be able to fix.

Yes, a user has to run an executable. But the main point is that the 3rd-party executable can use Microsoft-signed application to "trick" it allowing the third-party executive to run at FULL admin without a UAC prompt. He made an example by invoking rundll32.exe (which is trusted and set to auto-elevate itself) to run a payload DLL file. Of course, the payload can do anything once it gets admin privilege.

Again, the main point is that third-party code can use Microsoft-signed applications as a proxy to run itself with admin privilege WITHOUT getting a UAC prompt. This essentially bypasses the UAC protection at the default setting.

But as Brandon Live mentioned above, Low IL cannot do so. But any program run as a standard user, I believe, can use this bypass mechanism. Someone already mentioned that this flaw was fixed in later builds, but we don't know yet how it's fixed.

KevinN206 said,
Yes, a user has to run an executable. But the main point is that the execute can use Microsoft-signed application to "trick" it allowing the third-party executive to run at FULL admin without a UAC prompt. He made an example by invoking rundll32.exe (which is trusted and set to auto-elevate itself) to run a payload DLL file. Of course, the payload can do anything once it gets admin privilege.

Again, the main point is that third-party code can use Microsoft-signed applications as a proxy to run itself with admin privilege WITHOUT getting a UAC prompt. This essentially bypasses the UAC protectio.

But as Brandon Live mentioned above, Low IL cannot do so. But any program run as a standard user, I believe, can use this bypass mechanism. Someone already mentioned that this flaw was fixed in later builds, but we don't know yet how it's fixed.


From the article, rundll32 is a public utility program whose job is to execute arbitrary code. Trusting a program and running it while KNOWING that it does the auto-elevate "trick" is equivalent of pressing on the "ok" button in the UAC prompt already, the UAC setting just saves you one prompt. If you aren't sure whether you wanna trust a piece of software to not do what it is not supposed to do like using such "tricks", the default UAC level is not for you.

With that aside, I am amused by everyone believing everything others say in the comments in some blog. "Someone" who says the flaw was fixed has no bearing on what MS is actually doing, unless he can prove his words with facts (which I would certainly welcome).

Nave said,
From the article, rundll32 is a public utility program whose job is to execute arbitrary code. Trusting a program and running it while KNOWING that it does the auto-elevate "trick" is equivalent of pressing on the "ok" button in the UAC prompt already, the UAC setting just saves you one prompt. If you aren't sure whether you wanna trust a piece of software to not do what it is not supposed to do like using such "tricks", the default UAC level is not for you.

With that aside, I am amused by everyone believing everything others say in the comments in some blog. "Someone" who says the flaw was fixed has no bearing on what MS is actually doing, unless he can prove his words with facts (which I would certainly welcome).


But isn't it a security problem if a third-party code can execute with admin rights without getting UAC prompt, even though UAC is enabled by default at that setting? The trustworthiness of a program in question is not very relevant, because any program can potentially be malicious unless otherwise signed by trusted vendors. A user expects that if a third-party program is about to run, and it requires a UAC prompt to perform privileged operations, then the user should get a prompt. Isn't that what the article is about?

Just for fun, I ran the demo code and got the screenshot: http://img27.imageshack.us/my.php?image=ua...utprompteh3.jpg

The only prompt I got was the "download from Internet" warning.

KevinN206 said,

But isn't it a security problem if a third-party code can execute with admin rights without getting UAC prompt, even though UAC is enabled by default at that setting? The trustworthiness of a program in question is not very relevant, because any program can potentially be malicious unless otherwise signed by trusted vendors. A user expects that if a third-party program is about to run, and it requires a UAC prompt to perform privileged operations, then the user should get a prompt. Isn't that what the article is about?


In my opinion, it is not a security problem if third-party code elevates without a UAC prompt. It is a security problem if third-party code elevates _without user consent_. There are other ways of getting user consent than UAC prompts.

While you state that the trustworthiness of a program is not relevant, you argue that precise point by saying that programs signed by _trusted_ vendors are not likely malicious. I believe a reasonable user would expect that if he has given the consent to running the program from someone he trusts, Windows shouldn't need to ask him again.

By making this UAC level default, I can see how Windows is trying to shift some of the burden of identifying trustworthy programs to you, the user, because people always complained about "I know what I am doing so stop bugging me". Don't let Windows overestimate your intelligence.

Nave said,
It is a security problem if third-party code elevates _without user consent_.

That's the whole issue with this UAC flaw. With UAC still on, even though I chose to run said third-party application, I do not want it to silently elevate itself. I at least want the option for it to prompt me for elevation.

The whole "I know what I'm doing so shut up" mentality is just ignorant. One of the effects of UAC is to let YOU know what YOUR pc is doing.

xiphi said,
That's the whole issue with this UAC flaw. With UAC still on, even though I chose to run said third-party application, I do not want it to silently elevate itself. I at least want the option for it to prompt me for elevation.

The whole "I know what I'm doing so shut up" mentality is just ignorant. One of the effects of UAC is to let YOU know what YOUR pc is doing.


hmm, I wonder why nobody called out on the people who had that mentality during Vista...

If you really are that paranoid, set the UAC setting to its highest.

That's not the point, we are not paranoid, we just know this is a valid flaw and what you are saying is getting nowhere. The Average Joe should be able to buy a PC with Windows 7 and after a while of use, understand that UAC will tell it when special privileges are given. But if Average Joe has a special software that manages his music and feels like switching to a new software, and finds out it needed a restart and when he saw his desktop again, it had no aero glass, then he would be ****ed that UAC poorly did it's job. The default setting should protect Average Joe, and any threat to his computer system-wide should need special privileges, and this needs authorized, and when it is silently authorized, that is a mistake. The default setting is not low or high, it is the third option, it uses secure desktop and prompts for stuff that Windows isn't sure about but silently authorizes certain Windows apps and other apps that are known not to cause problems. That means it should be prompting, we are not paranoid, we just know this is an issue, and UAC is going down-hill.

Electric Bolt said,
That's not the point, we are not paranoid, we just know this is a valid flaw and what you are saying is getting nowhere. The Average Joe should be able to buy a PC with Windows 7 and after a while of use, understand that UAC will tell it when special privileges are given. But if Average Joe has a special software that manages his music and feels like switching to a new software, and finds out it needed a restart and when he saw his desktop again, it had no aero glass, then he would be ****ed that UAC poorly did it's job. The default setting should protect Average Joe, and any threat to his computer system-wide should need special privileges, and this needs authorized, and when it is silently authorized, that is a mistake. The default setting is not low or high, it is the third option, it uses secure desktop and prompts for stuff that Windows isn't sure about but silently authorizes certain Windows apps and other apps that are known not to cause problems. That means it should be prompting, we are not paranoid, we just know this is an issue, and UAC is going down-hill.


I have offered a fix for the immediate future (crank your settings up). Whatever MS decides to do is up to them. I would argue that if actions can be taken so that you can make things work the way you want it, there is no flaw. I do see however that this discussion is going nowhere, so let's just agree to disagree with each other.

It seems this problem is even worst since any program can now launch itself to admin without a UAC using rundll32.exe, while the user is left to believed that UAC is protecting them. Essentially, with the default UAC setting enabled, programs can still do almost anything it wants with relative ease as if UAC is off. Yikes!

This seems to be a lot easier to exploit than sending simulated key presses.

Note: Someone from Long's istartedsomething has been corrected in later builds. However, we don't know how Microsoft solved this issue considering that there're many Microsoft-signed applications that can be potentially used to run third-party code with admin privilege without UAC prompting.

Low IL isolation (like IE Protected Mode and other mitigations) works the same in this mode as in Vista. That's 90% of the benefit of UAC.

A Low IL application *cannot* elevate itself by these mechanisms, nor turn off UAC, etc.

How about Medium IL application that run at the standard user's level?
I assume what Long is talking about Microsoft-signed Medium IL applications only?

and that's the reason why whitelisting was a bad idea, even if customers demanded it. To be honest, I think Microsoft needs to admit they made a mistake by listening to their user base (on this specific problem at least ;)) and set UAC to highest by default. If someone changes it to a lower level they should get a clear and short summary of the risks if they proceed.

Who's complaining? I love that I can turn it down to barely bothersome. If they tighten it back up for RTM I'll just go back to completely disabling it. It won't make a difference to me either way. No, that's not entirely true. If I just go back to disabling it I won't have so much trouble copying stuff to my Program Files folder.

Why are you copying files to your Program Files folder to begin with? There should be no need to do that unless you're "patching" software.

xiphi said,
Why are you copying files to your Program Files folder to begin with? There should be no need to do that unless you're "patching" software.

I copy various things to my Program Files folder; its a place for storing programs. Putty comes to mind, it doesn't have an installer. I also have to paste over configuration files for certain apps that I use. Its about the only place I find UAC intrusive in windows7.

Of course, I would hope you'd understand why it's acting that way. Granted, situations like that it can become annoying/tedious. In the end, I'm glad it's there to protect such directories.

I just don't see how you can't put up with one safety prompt when you copy a file to a protected area. It's not like UAC prompts you for every file and then continues to bug you after the files are in place.

It's not just that. When i moved files from within 7/vista from another 7/vista installation, as in moving a picture from C: to D: drive, it prompts me and then takes 5 years working it's crap out. The actual moving of the file takes 2 seconds.

Steven77 said,
It's not just that. When i moved files from within 7/vista from another 7/vista installation, as in moving a picture from C: to D: drive, it prompts me and then takes 5 years working it's crap out. The actual moving of the file takes 2 seconds.


You're moving a file from a drive with one set of permissions to one with different user tokens. It should prompt you for that. Any 5 year delay you're having is probably a hardware issue if it's for one picture.

JEEZE, when vista security was strict, the prosumer complained. Now that they cutting back and they still complaining. Microsoft just need to do whatever they know is secure and the prosumer should just stfu bc the average user is protected and that's what's matter.

The fallacy in that argument is that it's probably not the SAME "user" complaining. It's different users complaining. And the only reason you hear complaining is additionally because people being satisfied post more rarely.

So the end result is mostly people complaining, but different audiences. The problem here is that Microosoft is listening too much to a group that was just unaccustomed to UAC. You really don't get much about UAC notices once the system is set up and running.

It all depends on the end user. I personally disable UAC but have active AV, Mal/Spyware removal and software and hardware firewalls. They keep me right and to be honest, I am not browsing anything too dodgy to get hit with much in the way of malicious content. I have all that protection for when my wife uses the PC! lol

stezo2k said,
dont forget that windows 7 is still in development, it'll probably be patched by the time its out

I hope so. Long Zheng's Twitter posts seem to hint it's just the tip of the iceberg. Microsoft says "we did what users told us to".

a patch is not the only solution for this - Microsoft could just tweak the next Windows Defender definitions to detect the malicious code...

pjak said,
a patch is not the only solution for this - Microsoft could just tweak the next Windows Defender definitions to detect the malicious code...

If relying on WD to prevent malicious code is the answer, then why have UAC? ;)

UAC must be able to prevent unauthorized code from elevating itself. If it can't, then it is broken. WD is a 'safety net' in this situation, not the primary means of defense. It is reactive, not proactive.

They don't, because unlike Windows 7's UAC, Vista's UAC wasn't dumbed down based on acting on feedback from morons.

7Dash8 said,
They don't, because unlike Windows 7's UAC, Vista's UAC wasn't dumbed down based on acting on feedback from morons.

Exactly. The irony is that most of the people that cried about how insecure XP was also called for the nerfing of Windows 7's UAC, and as a result Windows security has taken a big step back in time.

The irony is that most of the people that cried about how insecure XP was also called for the nerfing of Windows 7's UAC

Really? Is this about the same demographies?

Otherwise this is a common fallacy to make. Usually it's about different groups complaining. One group of people want less security for convenience, another group is more security-minded. Not hard to understand at all. And the reason you hear mostly complaining is because people being satisfied don't use to shout that out. (so, for the same reason, it's never a good idea to read forums on hardware support, because you'll most likely only see angry users even if it only affects 0.1% of shipping hardware)

Jugalator said,
And the reason you hear mostly complaining is because people being satisfied don't use to shout that out. (so, for the same reason, it's never a good idea to read forums on hardware support, because you'll most likely only see angry users even if it only affects 0.1% of shipping hardware)

Good point sir.