On Wed, Jul 15, 2009 at 4:39 PM, Miller Bonnie L.<[email protected]> wrote: > So question on disabling AAM—Wouldn’t that defeat the “malware protection” > component of UAC ...
That assumes that, the unknown admin, having been conditioned to click "Allow" every time it pops up -- because it pops up constantly during admin work -- won't just click "Allow" when the malware triggers the pop-up. Remember: They're logged in as an admin to do admin work; they're expecting AAM prompts. (If you have people who log in as admin when they *aren't* doing admin work, that's a problem, regardless of UAC/AAM. But it doesn't sound like you do that.) > Assuming nothing else catches it (AV, etc), would disabling AAM > allow it to run without consent? Sure. What if the admin unwittingly double-clicks the malware because (s)he thinks it's the executable they want? We can come up with any number of scenarios to defeat any number of counter-measures. At some point, basic competency has to take over. As far as malware via USB drive goes, I strongly recommend blocking AUTORUN.INF, which stops malware from in any way promoting itself. But the operator can still run it the old-fashioned way, by clicking on the malware executable directly. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
