I think it's fair to say that it calls the Windows 7 changes into question; I don't see how it undermines the idea as implemented in Vista.
But anyway, as you should all remind yourselves every time you see "UAC", it is not a security boundary. In order for this attack to commence you need to get malicious code onto the system and execute it. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Juha-Matti Laurio Sent: Saturday, March 07, 2009 3:14 PM To: [email protected] Subject: [funsec] Windows 7's UAC is a broken mess; mend it or end it "The changes Microsoft has made to Windows 7's UAC render it little more than a pesky annoyance. If this is the path the company wishes to go down, it should stop doing things by halves and kill it off altogether. By Peter Bright | Last updated March 4, 2009 I wrote a few weeks ago about changes Microsoft has made to Windows 7's User Account Control (UAC) that make the component less secure than it was in Vista. Though the company has responded by saying it will change some of the problem behaviors, yet more problems have emerged that indicate that a real fix will be harder than first expected. But more than that, the flaws call into question the entire purpose of the Windows UAC feature, at least in its commonplace "Admin Approval" mode." --clip-- More at http://arstechnica.com/microsoft/news/2009/03/opinion-ms-should-kill-win 7-uac.ars Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
