Malware turns off Windows' UAC, warns Microsoft

By Marshall
in Back Page News

 Share

Recommended Posts

Grand Master

Marshall Veteran

Posted
  • Veteran
Posted
Computerworld - Microsoft this week urged users to keep an oft-criticized Windows security feature turned on, even as it said that more malware is disabling the tool.

User Account Control (UAC) is the feature that debuted in Vista and revised in Windows 7 that prompts users to approve certain actions, including software installation.

UAC was "universally hated" in Vista, and was a major complaint about the unsuccessful operating system, a Gartner security analyst said more than two years ago.

"From a usability standpoint, no one was happy. And from a security standpoint, no one was happy either, because we knew that people get 'click fatigue,'" said John Pescatore of Gartner in the months before Windows 7's launch.

Microsoft took the complaints to heart, and downplayed UAC in Windows 7 after its data showed users got irritated when they faced more than two such prompts in a session at the computer.

This week, Microsoft's Malware Protection Center (MMPC) said that malware was increasingly turning off UAC as a way to disguise its presence on infected PCs.

To disable UAC, attack code must either exploit a bug that allows the hacker to gain administrative rights -- Microsoft calls those flaws "privilege elevation" vulnerabilities -- or trick the user into clicking "OK" on a UAC prompt.

Apparently, neither are difficult.

Some of the most-common threats now in circulation -- including the Sality virus family, Alureon rootkits, the Bancos banking Trojan and fake antivirus software -- have variants able to switch off UAC, said Joe Faulhaber of the MMPC team in a post to the group's blog.

One worm, dubbed "Rorpian" by Microsoft, is especially enamored with the anti-UAC tactic: In more than 90% of the cases involving Rorpian on a single day, MMPC observed the worm disabling UAC by exploiting a four-year-old Windows vulnerability.

Nearly one-in-four PCs that reported malware detections to Microsoft had UAC switched off, either because of malware antics, or because the user turned it off.

UAC has not been problem-free on the technical side, either. Months before Windows 7's debut, a pair of researchers revealed a bug in the feature that hackers could use to piggyback on preapproved Microsoft code to trick Windows 7 into granting malware full access rights.

Although Microsoft initially dismissed their reports, it later changed UAC.

Faulhaber provided a link to instructions for switching UAC on or off on Vista. They can also be used on Windows 7, but the final step is to pull the slider to "Never Notify" to turn off UAC.

Source

Grand Master

mad_onion

Posted
Posted

My understanding is that privilege escalation vulnerability are in fact pretty rare. But in regards to the news isn't it pretty obvious that malware might disable UAC. I mean if I was writing malware I would probably do that too....

Mentor

Jen Smith

Posted
Posted

Was never a fan of UAC myself.. always set my systems up the "proper" way with multiple accounts. One admin account, everything else runs as a standard user. Do it the old fashioned way requiring an admin username/password for elevation. UAC was always too easy to disregard and click through anyway, but I guess that's just what I'm used to growing up with Unix in the first place. Doubly so for my daughter's system... if its asking you for a password, chances are you're messing with something you shouldn't be.

Veteran

Kondrath

Posted
Posted

Was never a fan of UAC myself.. always set my systems up the "proper" way with multiple accounts. One admin account, everything else runs as a standard user. Do it the old fashioned way requiring an admin username/password for elevation. UAC was always too easy to disregard and click through anyway, but I guess that's just what I'm used to growing up with Unix in the first place. Doubly so for my daughter's system... if its asking you for a password, chances are you're messing with something you shouldn't be.

I have no idea why I never thought of that. I always disable UAC completely just because it's annoying and I'd probably click "Continue" without really caring, anyway. Maybe I'll set it up like that eventually.

Grand Master

jakem1

Posted
Posted

I've personally never had a problem with UAC and happily leave it running as a final safety check whenever I'm doing something. I quite like the fact that it makes me think twice if it pops when I wasn't expecting it.

In regards to the article, it seems like typical Computerworld flamebait. It's pretty much devoid of facts and spends most of it's time dredging up Vista-era hate. Here's the best bit:

Apparently, neither are difficult.

Why provide any evidence to back up your claims when you can just make an unsubstantiated assumption :rolleyes:

Lazy "journalism" at its best.

Grand Master

Denis W. Veteran

Posted
  • Veteran
Posted

The social engineering problem will never be solved, short of some real-time scanner catching culprits on the fly. The whole OS X fake antivirus scare from a few months ago was proof of that; users would willingly enter their credentials without thinking twice of what they're installing.

Contributor

bugsbungee

Posted
Posted

The social engineering problem will never be solved, short of some real-time scanner catching culprits on the fly. The whole OS X fake antivirus scare from a few months ago was proof of that; users would willingly enter their credentials without thinking twice of what they're installing.

+1. Idiots will be idiots. We can't protect people from themselves in real life nevermind on their own computers - and the sooner this is realised the better.

Mentor

etempest

Posted
Posted

I remember when MS initially decided to not have UAC prompt when turning UAC off and was resistant to the outcry about this until it became so bad, MS eventually reversed it's decision so turning off UAC would prompt you.

Vista UAC frequency was annoying, Win7 seems to get it right (for me).

Grand Master

Rigby

Posted
Posted

I don't use it. My account is set up as a standard user and I have Windows firewall configured to block everything outbound except for the programs I specifically allow. The problem with UAC is that it popped up for too many things (especially in Vista where it was in your face constantly). People got used to just clicking the UAC notice away without even reading it because it was so annoying. If I need admin access for a program or something I just click Run As Administrator and put in my password, and these days I rarely have to do that since people are finally learning to write their programs properly.

Grand Master

Growled Member

Posted
  • Member
Posted

Was never a fan of UAC myself.. always set my systems up the "proper" way with multiple accounts. One admin account, everything else runs as a standard user. Do it the old fashioned way requiring an admin username/password for elevation. UAC was always too easy to disregard and click through anyway, but I guess that's just what I'm used to growing up with Unix in the first place. Doubly so for my daughter's system... if its asking you for a password, chances are you're messing with something you shouldn't be.

That's the exact same way I set up all my systems. My wife use to get annoyed with me and ask for the password, but after almost making a couple of bad boo-boos she has sense learned the value in the system. She would have a ton of malware installed left to her own devices.

Mentor

dvb2000

Posted
Posted

UAC was implemented in Windows mostly because a lot of looney linux fanatics constantly harangued the media and Microsoft and kicked up a scare campaign saying Windows NEEDED this type of protection to make it secure, "like linux" - lol

Unfortunately Microsoft took the "easy" path and implemented it, rather than stand up for themselves and their users and stuffed up Windows usability as a result.

+1 for the linux fanboys. Didn't do them any good though. Even though they bought down Windows, no one took up linux as a result!

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • The official Funny Pictures thread

      By Steven P. · Posted

    • Apple MacBook Neo is a blessing for Windows users, here's why

      By The Werewolf · Posted

      1. Define "better". 2. It's still more expensive than equivalent PCs so...
    • Major Xbox layoffs may claim South of Midnight developer Compulsion entirely

      By LoneWolfSL · Posted

      Major Xbox layoffs may claim South of Midnight developer Compulsion entirely by Pulasthi Ariyasinghe Microsoft has been making major changes in its gaming wing Xbox for a few months now, including the appointment of a new CEO, a large number of leadership changes, and strategy shifts. However, the company is seemingly also looking at initiating a major layoffs wave at Xbox and perhaps even a studio closure. The new report lands from Kotaku, Xbox first-party developer Compulsion Games is being shuttered soon by Microsoft. For those unfamiliar with the studio, it's the team behind Contrast (2013), We Happy Few (2018), and South of Midnight (2025). Its latest game was quite well received, even winning a Peabody Award for its writing. It even received a 9/10 in Neowin's own review, highlighting its engaging storyline, gorgeous world, and curious characters. The studio joined Xbox Game Studios in 2018, just as Microsoft announced it is acquiring Playground Games, Undead Labs, and Ninja Theory. Despite recent listings for new staff roles, according to the new report, Compulsion Games is being closed entirely, with over 90 staff being let go. Kotaku also added that the studio's leadership is in negotiations with Microsoft about this decision, but no official details have been revealed yet. The report lands just as two senior managers of Xbox leave their posts at Microsoft Gaming. Head of Xbox Game Studios Craig Duncan and chief of staff Louise O'Connor originally began their journey in Rare and have been a part of Xbox for over two decades. Dunkan has been responsible for games like Kinect Sports and Sea of Thieves, while O'Connor was primarily working on Rare's Everwild project before its cancelation. If this report about the studio shutdown is accurate, this may just be the start of a major new layoffs wave at Xbox Game Studios. There are also rumors of Arkane Studios being heavily affected. As always, take all these reports with a grain of salt until something official materializes from Microsoft or the studios.
    • Apple MacBook Neo is a blessing for Windows users, here's why

      By The Werewolf · Posted

      The flaw with this analysis is that this laptop has a cellphone CPU in it. In the Intel world, that would be an N150 and those are everywhere, even in low end laptops. You can get an N150 based NUC with 16GB RAM and 256GB-512GB SSD... NOT soldered in... for < $500 Canadian (around US$360). The problem is two fold: tech bloggers/writers on most tech site (like this one, ironically) overvalue Apple and apparently aren't in the same earnings class as most regular people. As a result, we get breathless articles about how everyone needs a folding phone when most people just cannot afford one... or really need one. And we get Apple used as the baseline metric regardless of whether that comparison makes any sense. If Dell or HP released a retail laptop with a cellphone motherboard, you'd be all over them for doing that - but Apple does it and it's genius. I see articles suggesting what Samsung - a company that basically started the foldable phone market and has built them for eight years - needs to do to compete with Apple's unreleased, unspecced and unseen folding phone. Sorry, no - if the Neo (really creative name there BTW - still, better than the Go, the other "creative" product name everyone's using) encourages PC makers to make cellphone laptops using lower end ARM processors, we all lose. It's a step backwards and a capitulation to the fact that semiconductor makers and computer OEMs (and tech bloggers) have totally lost the plot.
    • Steam Next Fest returns with thousands of new demos to try out

      By +pmrd · Posted

      Everyone should install this extension and ignore games that use AI. https://chromewebstore.google....nnigaaeelfkeomjcngmnh?pli=1 https://addons.mozilla.org/en-US/firefox/addon/ai-warning-for-steam/

  • Recent Achievements

    • One Year In
      ThatGuyOnline earned a badge
      One Year In
    • Week One Done
      Jeroen Wilms earned a badge
      Week One Done
    • Week One Done
      rolfus earned a badge
      Week One Done
    • One Month Later
      Leroy Jethro Gibbs earned a badge
      One Month Later
    • Conversation Starter
      flexorcist earned a badge
      Conversation Starter

  • Popular Contributors

    1. 1
      +primortal
      506
    2. 2
      +Edouard
      199
    3. 3
      PsYcHoKiLLa
      127
    4. 4
      Steven P.
      82
    5. 5
      ATLien_0
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!