Forgot your password?
typodupeerror
Security Operating Systems Software Windows

Security Hole In Windows 7 UAC 388

Posted by kdawson
from the cancel-or-allow dept.
An anonymous reader writes "A prolific blogger is warning of a possible security hole in the latest beta version of Windows 7. Long Zheng has posted both a description and a proof of concept for an issue that could allow an attacker to skirt the User Account Control component in the new version of Windows. The problem, explains Zheng, is that UAC itself is controlled through system settings. This can allow an attacker to completely disable the protections without user notification. Zheng notes that the issue can be easily fixed by changing the UAC setting to notify users when Windows settings are altered, and that Microsoft could remedy the problem by prompting the user when the UAC setting is altered."
This discussion has been archived. No new comments can be posted.

Security Hole In Windows 7 UAC

Comments Filter:
  • "Gerald" (Score:5, Funny)

    by plasmacutter (901737) on Monday February 02, 2009 @06:09AM (#26692117)

    Everyone knows from recent news that microsoft has removed the innards of windows 7 and replaced them with "gerald", a lovable computer literate field mouse.

    Gerald is cheap, congenial, and zippy, but unfortunately has very poor judgment.

  • by Anonymous Coward on Monday February 02, 2009 @06:09AM (#26692119)

    This was discussed elsewhere (heise.de) earlier...

    Short answer: this only works iff you are logged in as Administrator already...

    Prompting the user when this setting is altered is quite worthless - if I have a script on my computer that can simulate keypresses and mouse clicks *nothing* will hinder it to click on "I've read the warning". Even adding captchas/moving the warning around/whatever will only be a fake-solution that will only work 'till there's a better script.

    • Re: (Score:2, Funny)

      Apparently Raymond Chen posted a response at http://blogs.msdn.com/oldnewthing/archive/2009/01/21/9353310.aspx [msdn.com]

      It appears that they are getting a "Service unavailable" prompt. Could it really be that they are running their blogs on an IIS server that is running Windows 7? Shock horror, it appears that someone has elevated privileges using vbscript to bypass UAC and has changed the IIS app pool to run under a guest account!

    • by Anonymous Coward on Monday February 02, 2009 @06:53AM (#26692331)

      if I have a script on my computer that can simulate keypresses and mouse clicks *nothing* will hinder it to click on "I've read the warning"

      That's completely wrong. The entire point of the UAC prompt is that it can't be automatically dismissed by simulated user input. The UAC prompt runs on a separate virtual desktop from everything else (which is why it flickers), and the kernel enforces that only real user input can touch it, and you can't run your own code in the kernel without going through a UAC prompt, so it's secure.

      If this guy is right and UAC can be disabled without user input, then the entire UAC system instantly becomes pointless. Saying that you shouldn't be running as administrator is stupid; UAC's purpose was to make it safe to use administrator accounts. If you can't do that, then UAC has failed. Anyway, Administrator accounts are the default and therefore what 99% of users are going to be using.

      • by nstlgc (945418) on Monday February 02, 2009 @07:11AM (#26692423)

        Saying that you shouldn't be running as administrator is stupid; UAC's purpose was to make it safe to use administrator accounts.

        Uh no. UAC's purpose is to make it possible (in practice) not to use administrator accounts. Pretty much the complete opposite.

        • by Anonymous Coward on Monday February 02, 2009 @07:44AM (#26692567)

          I'm afraid you're wrong. When UAC is on programs you execute are run under your user account which is normally (by default) a member of the Administrators group. However, the programs are run in a special mode where they are prevented from actually using most of the administrative rights granted to your account. (You can read all about it in Wikipedia [wikipedia.org].) When a UAC prompt comes up you don't have to type a password because you're not logging in to a different account; you're just granting permission to use the full administrative rights your account already has.

          It is also possible to use UAC from a non-administrator account. In this mode you must type a password every time a UAC prompt comes up, instead of just clicking "continue". Few people do this because it is not the default setup and it's even more annoying than regular UAC.

          • Re: (Score:3, Informative)

            by afidel (530433)
            Actually the GP was right, your account does not have the admin bits set in the token when using UAC. Responding to the dialog adds those pieces to the token for that app on a temporary basis.
        • Why is it that I can run as an 'admin' account on both Linux and OS X with out this happening? If I need the power I have sudo from the command line or OS X gives me a prompt.

          • Re: (Score:3, Informative)

            by Anonymous Coward

            The short answer: Because you're not really running as an admin. On OS X, the "admin" accounts are not really admins. They are allowed to authenticate to use root privileges however. To put it simplified... for *nix, regular user accounts are a member of the "users" group. If you decided that user account should have access to the sudo command, you add them to the "wheel" group (at least that's how it's setup on my distro).

            Now, let's compare to Windows Vista/Windows 7: Your "regular" user account is actuall

            • by coryking (104614) * on Monday February 02, 2009 @09:46PM (#26703397) Homepage Journal

              That is 100% not true. Your user account *is running as a regular user* no matter what group it is in. It doesn't matter if you are in the admin group (unless you stupidly disable UAC, in which case you basically run as root).


              "UAC" = "sudo [program name]"
              "Vista, Administrator Group" = "your account is in /etc/sudoers with 'username = NOPASSWD: [your program]'"
              "Vista, non admin group" = "sudo [program name] with password, but that depends on the group policy... "

              Your highly moderated post is 100% mis-information and is *not true*. YOU ARE NOT RUNNING AS ROOT UNTIL YOU ELEVATE VIA UAC!!

        • Re: (Score:3, Informative)

          by GooberToo (74388)

          Uh no. UAC's purpose is to make it possible (in practice) not to use administrator accounts. Pretty much the complete opposite.

          So how is one to use an administrator account without using an administrator account. You've completely missed the boat here. The gp is correct and you are wrong. The point is to allow secure access to administrator accounts without having to actually, explicitly log in as a desktop user as an administrator. So in that sense, you are right, but it does not change the fact the entire

      • by Darkon (206829) on Monday February 02, 2009 @07:29AM (#26692505)

        Anyway, Administrator accounts are the default and therefore what 99% of users are going to be using.

        And only when Microsoft change this will Windows be half way towards being secure.

        • by Kjella (173770) on Monday February 02, 2009 @08:55AM (#26692957) Homepage

          The real problem, and one that doesn't have a good techincal or sociological fix, is that most windows users are doing administration duties that far exceed their skills. Users get confronted with all sorts of dialogs they don't understand but just want to get on with it. I bet you, that if you popped up a page to someone saying "This video needs a newer version of flash" and redirected them to some completely bogus page that gave them a plugin with a completely bogus signature most people would go ahead and install it anyway. What is the latest version anyway? Couldn't even remember who makes it, and those companies keep on merging and rebranding and whatnot. No amount of UAC, or running as an unprivilidged user could possibly fix that because they are the ones with the admin keys and they're handing them out too easily.

          Most users don't understand trust, they want to see a nice little lock icon telling them this site is safe, this site is bad. Same goes for plugins. Same goes for software. If you try educating them they'll just go blank *bad thing* *bad thing* *REALLY bad thing* but they won't understand and just want the simple answer. There's some very professional looking sites out there that appear to give you good software. They often even look better than the real deal because the frauds are all about appearances while the real sites focus on delivering good software, no offence intended. While it does amount to some degree of security scissors, most users would be better of if they only downloaded from safe, verified sources of software and plugins. If only Linux would stop asking all the other technical questions, the repository model would be much better for these people. It's not the end-all and be-all of security but it concentrates 99% of the superuser tasks in one place and makes it that much harder for some random application to throw up a superuser prompt.

          • by rhsanborn (773855) on Monday February 02, 2009 @10:18AM (#26693717)
            Something they've been trained to do as a result of shortcuts and hacks used by applications written for Windows for years. I'm reasonably sure a check book balancing application shouldn't need administrator privileges to run, but so many applications are written that way, probably a little because it's easier, and a little because so many people use administrator accounts that it doesn't matter.

            Microsoft is in a tough position with regards to this. A large portion of the annoyance with Vista was 1) compatibility, which stemmed from bad time frames and poor vendor interaction, admitted, but also from enforcing proper security and structure that they hadn't done, that broke poorly written code. 2) from UAC going off very frequently due to applications constantly trying to elevate their privileges which is in most cases unnecessary.
        • Re: (Score:3, Informative)

          by plague3106 (71849)

          Um, that's what they've done. User programs that are causing UAC prompts are built wrong; they're trying to write to \Program Files, and that's been a no-no since Win2k. That's why many programs require Admin access. UAC was SUPPOSED to be annoying so that developers were forced to fix their badly implemented applications. That was the idea anyway, whehter or not it had the intended affect I don't know. Probably not, since people bitch about UAC (and many of these same who run Linux have no problem supp

    • by Yvanhoe (564877)
      I wholeheartedly agree : don't work as administrator on windows systems.
    • by drsmithy (35869) <drsmithy@@@gmail...com> on Monday February 02, 2009 @08:24AM (#26692777)

      Prompting the user when this setting is altered is quite worthless - if I have a script on my computer that can simulate keypresses and mouse clicks *nothing* will hinder it to click on "I've read the warning".

      You mean apart from the inability of your script to interact with the separate Desktop that UAC prompts occur on ?

      • by Jeremy Visser (1205626) on Monday February 02, 2009 @09:34AM (#26693209) Homepage

        You mean apart from the inability of your script to interact with the separate Desktop that UAC prompts occur on ?

        Right on the money.

        I use Synergy 2 [sourceforge.net], which lets me control my keyboard and mouse from another computer over the network. It's functionally no different to a keypress simulator like the G.P. mentioned.

        When using Synergy, I cannot use the remote mouse and keyboard to accept UAC prompts. I have to move to the local machine and physically click the button locally for it to work. Same goes for administrative apps -- if an app is running with administrative privileges, Synergy cannot register clicks on the privileged window. Unless I run Synergy itself as an administrator.

    • Re: (Score:3, Interesting)

      by kimvette (919543)

      In Linux (and OS X if you enable the root login) when you're root, it's assumed you know to not shoot yourself in the foot. In OS X, an admin isn't root. To actuall be root, you need to edit a config file (I forget which one) to enable the root login, then you can log in as root. However, OS X 10.2 and later make the admin process so friendly there is little to no need to ever log in to the desktop environment as root. If you need root in OS X, it's generally only for custom configurations of apache or sam

    • Re: (Score:3, Insightful)

      by Firehed (942385)

      UAC, believe it or not, can't be controlled by scripts or other software-based inputs - it only accepts input from physical hardware. Which is a good thing (assuming this bug is fixed which would get around the need to do so, anyways). I don't know the tech that's causing that to happen (a sibling poster explains it better), but I can say that it DOES work.

      Or, at least, this was the case using a Vista admin account. Found it out the hard way when trying to click OK in a UAC prompt via peripherals being s

  • by jamesmcm (1354379) on Monday February 02, 2009 @06:09AM (#26692121)
    The beta worked perfectly!
    Even the malware will be ready for Windows 7!
  • by DavidR1991 (1047748) on Monday February 02, 2009 @06:10AM (#26692127) Homepage

    MS have already said that this flaw is "by design" to stop the appearance of too many UAC prompts when users alter their own system settings

    http://www.istartedsomething.com/20090131/microsoft-dismisses-windows-7-uac-security-flaw-insists-by-design/ [istartedsomething.com]

    • Re: (Score:2, Insightful)

      by Yvanhoe (564877)
      defectivebydesign, then ?
    • Re: (Score:3, Insightful)

      by The New Andy (873493)
      From Microsoft's reply:

      * The only way this could be changed without the userâ(TM)s knowledge is by malicious code already running on the box.

      * In order for malicious code to have gotten on to the box, something else has already been breached (or the user has explicitly consented)

      What exactly is UAC then trying to protect people against? If protecting against malicious code isn't in the requirements, then it seems pretty useless.

      • by mwlewis (794711) on Monday February 02, 2009 @07:18AM (#26692447)
        Isn't that exactly what you quoted? If it's possible for malware to do this on your machine, then somehow it's already gotten past UAC, whether by some other hole, or by the user allowing it. What, exactly, do you suppose UAC is supposed to do in that case?
        • by LingNoi (1066278)

          block further attacks obviously.

          • Re: (Score:3, Insightful)

            by MrNaz (730548) *

            There is no way to properly prevent further attacks once a box is compromised. That's the nature of being compromised.

        • UAC should prevent it from disabling UAC?

          I don't see how UAC was supposed to prevent you from downloading said malware, nor should it prevent you from running it - what it should be doing is preventing it from doing anything you didn't authorize it to do.

        • As I understand it, the problem is that the app that sends the keystrokes (standard windows messaging APIs to interact with a UI) does not have to get around UAC at all. It can simply go to the control utility, lower the UAC level, and reboot.. no prompts (unless UAC is at the highest level - it is 1 lower by default), nothing.
          After the reboot, the -actual- malware.. that would otherwise get blocked by UAC ..can now do its thing without worry.

          But reports are sketchy, so that above *may* be incorrect.

      • by myxiplx (906307)

        Protect people? Where on earth did you get that idea?

        As far as I can see, UAC is all about protecting *Microsoft*. They've just shifted the responsibility for a whole class of security exploits to the end user:

        "Infected by a virus? Oh dear, you must have clicked 'accept' at some point, not our fault."
        "What do you mean you have to click 'accept' for everything?"

        If they were serious about security they wouldn't have buried things like Winternals Protection Manager. That had the potential to really improve

    • by cgenman (325138) on Monday February 02, 2009 @07:04AM (#26692395) Homepage

      I kind of agree with the less-is-more approach to end user interactions. I get a lot of clients who have learned to cope with the modern click-prompt overload by simply clicking somewhat randomly on everything that comes up in front of them. Frequently, this leads to disabling some vitally important part of their computer in a way that any person who actually read prompts would have easily avoided.

      Sadly, the less computer savvy you are, the more likely you are to be constantly deluged with upgrade prompts from Adobe, install requests for Safari from Apple, and the multitude of prompts when Hewlett Packard's genuinely awful drivers crash. Prompts to continue subscriptions to Symantec, upgrade to the latest acrobat, log in to windows messenger, etc. And, of course, each separate component has its own prompts. "Click here to upgrade. I see you've clicked here to upgrade, would you like me to go to the internet and upgrade? Upgrade will begin when you click the OK button below. Upgrading... Upgrade has completed, click OK below to continue. Thank you for upgrading, please visit unintelligiblylongwebsite.com/pagenobodywilleverclickon.html to give us feedback on this process. Press Dismiss below to return to the installer. Thank you for returning to the installer. If you are satisfied with this interaction, press OK below."

      90% of users have no idea what their computer is doing, or should be doing, under the hood. If they weren't already suffering from click-fatigue, they wouldn't be the right people to decide on technical issues anyway.

      Obviously, it shouldn't be possible to disable UAC without actually getting a UAC prompt. But in general, UAC is an annoying system that most users completely tune out. Instead of hightening user knowledge, it simply drowns out any real issues.

      • by netsharc (195805)

        Adobe Acrobat is the stupidest in their upgrade regime... it's a non-vital component, but after it updates itself: "You have to restart your computer in order to complete the updates. Restart now? Yes/No".

        F*** you, if you were the kernel I'd understand.. you're just a viewer for an overused document format ffs!

        • by jsoderba (105512)
          Why are you installing Adobe Reader? There are several alternatives, like Foxit, that are far less user-hostile.
      • by kvezach (1199717)
        See, this is why Windows is never going to rule the desktop. It doesn't even have a package manager!
      • by spitzak (4019)

        HP's popups are also on Macintosh. I have not figured out how to log in and not have it pop up a "configure your networked printers" dialog. Oh well, I learned you can cancel it and keep going (and the HP printer+scanner works fine!).

  • by pm_rat_poison (1295589) on Monday February 02, 2009 @06:18AM (#26692161)
    So, basically, what they did was build a big sturdy door (UAC) and put the treasure (system settings) behind it. Normally you need magic keys (certificates) to enter the door. Then, they built a button that unlocks the door from the outside. Wow!
    • by Anonymous Coward on Monday February 02, 2009 @06:19AM (#26692173)

      the worst car analogy I've seen on slashdot for a while.

      • by pm_rat_poison (1295589) on Monday February 02, 2009 @06:21AM (#26692177)
        It's so bad a car analogy, that it doesn't even have cars.
        • Re: (Score:3, Funny)

          by mdielmann (514750)

          (from GGP)

          So, basically, what they did was build a big sturdy door (UAC) and put the treasure (system settings) behind it. Normally you need magic keys (certificates) to enter the door. Then, they built a button that unlocks the door from the outside. Wow!

          the worst car analogy I've seen on slashdot for a while.

          It's so bad a car analogy, that it doesn't even have cars.

          I prefer to think of that as a chastity belt analogy. Put in that light, I think it's a great design!

      • Re: (Score:2, Funny)

        by Anonymous Coward

        You must be new here, that IS a proper car analogy on slashdot.

    • So, basically, what they did was build a big sturdy door (UAC) and put the treasure (system settings) behind it. Normally you need magic keys (certificates) to enter the door. Then, they built a button that unlocks the door from the outside. Wow!

      Nah.. it's the new Microsoft advertising slogan.. "Windows without walls"

      • But then there's nothing to hold the windows up! ... wait while I call Jay Leno for putting this in his "Truth in Labeling" part of the show

  • Early (Score:2, Insightful)

    by TehPhoenux (1467111)
    Hey, at least they found it early - this is what beta's are for - now they can build a lock for that door
    • While betas do help with testing, they're certainly not for such fundamental security testing. If they couldn't prove with hard math that their root access was limited properly, they should at least have had a bunch of unit tests for every variation from the tried and tested unix sudo model.

  • Fix it FFS. (Score:2, Interesting)

    by yakumo.unr (833476)

    re. MS's 'By Design' / 'Won't Fix' response, they basically say - 'This doesn't matter as if this happens you are already infected'.

    You need the damn UAC setting prompt so you are ALERTED TO THE FACT THAT THIS HAS HAPPENED SOMEHOW ASAP.

    Yes the user may have done something stupid to allow infection, but the UAC setting prompt would then protect them from further damage even before the malicious code check package was updated to find whatever was out there infecting systems.

    The Highest UAC setting would preve

  • by 51M02 (165179) on Monday February 02, 2009 @06:37AM (#26692245) Homepage

    correctly.

    I mean, Linux and MacOSX (and others) have sudo for years, the original code dating back to 1980 according to Wikipedia.

    The concept is not new : type your password to gain access to some privileges. That way bots and virus can't do everything while you can still administrative tasks easily.

    My question is how hard is it to copy some 25 years old functionality (marketing it as brand new) and still don't get it right.

  • by rarel (697734) on Monday February 02, 2009 @06:40AM (#26692257) Homepage
    From TFA: Microsoft could remedy the problem by prompting the user when the UAC setting is altered.

    ==============

    "It look like you're trying to alter the UAC settings, Cancel or Allow?"
    *click*
    "It looks like you've confirmed the change in UAC settings, Cancel or Allow?"
    *click*
    "The UAC settings have been altered, Cancel or Allow?"
    *click**click**click**click**click*-----INPUT DEVICE FAILURE

  • by jimicus (737525) on Monday February 02, 2009 @06:40AM (#26692261)

    With Vista, there's no (official, at least) way to disable UAC except by a user actively going to Control Panel and disabling it.

    This breaks a lot of things - particularly a lot of stuff concerning scripted/automated installers.

    The obvious solution to this is to provide a way for a script to disable and enable UAC. But as soon as you do that, a lot of the protection offered by UAC disappears.

    • by yakumo.unr (833476) on Monday February 02, 2009 @06:54AM (#26692335) Homepage

      The obvious solution to this is to provide a way for a script to disable and enable UAC. But as soon as you do that, ALL of the protection offered by UAC disappears.

      Fixed.

    • Re: (Score:2, Insightful)

      Wait a sec. When did the UAC ever provide protection for the system? Even before it appeared, nobody read the waring dialogs. The design failure was to try improving the security by prompting even more dialogs which led to the phenomenon that even less of those dialogs were ever read.

      I still think it would be a better way to teach the user about security than to prompt him messages he/she does not understand anyway.

      How about including a security and basic computer usage tutorial in the OS? Put in some p
      • Re: (Score:3, Funny)

        by ciderVisor (1318765)

        Put in some porn and computer security will rise at once!

        Ah, so you call him "Computer Security", do you ?

        Kinky !

  • Pointless. (Score:3, Interesting)

    by janopdm (1292860) on Monday February 02, 2009 @06:45AM (#26692291)
    Tell me about security holes after Microsoft fix the following UAC issues:
    1. Any process can perform a read on the whole system disregarding integrity levels.
    2. Any installer runs with full access to the system, allowing even kernel modifications.
    3. Any process can send a window message to any other process disregarding integrity levels.
    4. UAC uses heuristics to find out which privileges are required by each program.
  • UAC (Score:5, Funny)

    by essence (812715) on Monday February 02, 2009 @06:54AM (#26692337) Homepage Journal

    all this talk of UAC makes me feel like playing some doom again.

  • Security in UAC (Score:5, Insightful)

    by SeaFox (739806) on Monday February 02, 2009 @06:54AM (#26692343)

    The biggest security hole in Windows 7's UAC is the user.

    • Re: (Score:2, Insightful)

      by mrapps (1025476)

      The biggest hole in ANY system is the user. Not particularly a Windows 7 user..

    • by SirGarlon (845873)

      Well we've got to get rid of that guy then!

      Actually, I disagree. Requiring the user to click "I agree" isn't security, it's nagging. A judge might agree that the user's responsible for whatever if he clicks "I agree," but I am less forgiving. If a botnet is trying to take over the system and the only thing standing in the way is a dialog box, then security has already failed.

  • by amirulbahr (1216502) on Monday February 02, 2009 @07:01AM (#26692375)
    but is certainly no security expert [istartedsomething.com].
    • Re: (Score:2, Funny)

      by moriya (195881)

      Actually... I doubt I'd call him nice since... well, I'll quote a small excerpt from the link:

      First, I was originally going to blackmail Microsoft for a large ransom for the details of this flaw, but in these uncertain economic times, their ransom fund has probably been cut back so I'm just going to share this for free.

      Let's see what other people think of him now...

  • Watchmen (Score:3, Funny)

    by Thanshin (1188877) on Monday February 02, 2009 @07:01AM (#26692377)

    But... Who controls the user acces to the user access control?

  • by timmarhy (659436) on Monday February 02, 2009 @07:10AM (#26692411)
    people if that's not a big big warning sign i don't know what is. you know what this guy has discovered? if you login as administrator, attackers can do the same things you can.

    This is no different to me browsing the web as root in linux and running any shit that pops up

  • Anonymous submitters (Score:5, Interesting)

    by macraig (621737) <mark@a@craig.gmail@com> on Monday February 02, 2009 @07:10AM (#26692419)

    I wonder if Slashdot should allow anonymous article submissions? Isn't it useful information to know if the submitter is also the subject of the article or its reference source? Shouldn't we be allowed to know that, so we can better judge the credibility of the article and its source(s)? Transparency is ALWAYS good.

    What if the anonymous reader who submitted this was Roland P.? Wouldn't we wanna know that?

  • Hmmm (Score:3, Insightful)

    by Mr_Silver (213637) on Monday February 02, 2009 @07:29AM (#26692501)

    Seems like an odd bit of "by design".

    Unless i'm mistaken, I (as a user) could download an application and run it on the mistaken assumption that my UAC settings would alert me if anything suspicious is going to happen.

    The application could then drop my security level to the lowest possible (without me knowing) and then start silently installing a bunch of other stuff with no UAC prompts. If it was particulary careful, it could then reset the UAC level back to the what it was before it started.

    I'm now completely compromised without the slightest indication that anything suspicious happened.

  • by glwtta (532858)
    Even the anonymous submitter can't muster up a more flattering adjective for the author than "prolific" - I'm sure I am about to enjoy a quality article.
  • I don't use Windows much so perhaps I'm missing something obvious, but why is it so hard for MS to implement this sort of system? Unix has managed it with root, groups since the 70s and with ACLs, su, sudo etc since the 80s so why can't MS manage to get right something so simple and so fundamental to a multi user OS in 2009?? And why would you need it much anyway? If you're simply installing an app (as opposed to an OS/library update) why would you need administrator/root type access anyway?

    • Re: (Score:3, Informative)

      by magamiako1 (1026318)
      Viol8:

      UAC mimics much of the functionality present in a lot of Linux applications. You need root to install the application, but you don't need root to launch the application.

      At least, this is exactly how Microsoft has it designed. And anything that requires administrative privileges should have a service that starts as admin/root and then the client side process should be low privileged.

      This is exactly how Microsoft has it setup. The problem is that a lot of application developers are lazy. They don't want
  • by Peaker (72084) <(moc.oohay) (ta) (rekaepung)> on Monday February 02, 2009 @08:42AM (#26692883) Homepage

    If you look at the computer as a whole, it is incredibly stupid that after the user selects some option, the computer will pop up a dialog asking the user if he is indeed the one who selected this option.

    I realize the series of historic accidents that led to this absurd situation - but couldn't they figure out a better way that does not make the computer behave so incredibly stupidly?

    • Re: (Score:3, Insightful)

      The problem is there is in Windows no difference between an interactive task and an interactive task that presents no interface, this means that UAC has to prompt for the very very obvious like "did you really press the button marked install" because it has no idea if the user did something or it was done for them ...

      Because Microsoft does not have a proper installer interface that installs programs for you.. instead each program has it's own installer/updater Windows has no control over the process and doe

  • Bugs in Beta? (Score:3, Insightful)

    by Lord Byron II (671689) on Monday February 02, 2009 @09:34AM (#26693217)
    Why are we talking about a bug in beta software? This is code that is still 6-12 months from release.
  • UAC isn't "security" (Score:5, Interesting)

    by argent (18001) <peter@slashdot.2 ... com minus physic> on Monday February 02, 2009 @09:49AM (#26693373) Homepage Journal

    UAC is a hack to deal with the problem that the Win32 API is full of inherent security holes that would require changing lots third-party software to fix. So they put a prompt up if a program is about to use one of the features that contain or implement part of one of these security holes.

    The only real way to fix it is to implement a designed-for-security API and designate Win32 and everything based on it "legacy", only run in a sandbox.

    Which is what Windows 7 was rumored to be, a couple years ago.

    • Re: (Score:3, Insightful)

      by rsmith-mac (639075)

      At some point this tripe gets ridiculous, particularly when Vista has been out there for over 2 years now. The Win32 API has its flaws, but security issues are due to problems with the underlying OS, not the API.

      If there are security flaws in the Win32 API as implemented by Vista, please by all means point them out. But I'm going to be surprised if you can point out anything that doesn't fall under "It's a system level change, you need admin credentials moron" school of thought. Most people don't understand

      • Re: (Score:3, Insightful)

        by argent (18001)

        Since everything in the OS is exposed via the Win32 API... you can't even see the NT kernel API unless you're someone like Softway Systems... the difference is academic. So is "it's a system level change", when it's a system level change that thousands of applications (for many of which the source is no longer available) depend on.

        "There are APIs in Windows that applications have been written to use, that should not be exposed to untrusted applications. These APIs can not be blocked without breaking too man

        • Re: (Score:3, Insightful)

          by rsmith-mac (639075)

          Should the user not be free to run software as they please then? Because there are plenty of complaints just in this article that are people bitching about just that - how Vista is somehow preventing them from doing what they want. Should "untrusted applications" be everything other than a select few applications that only Microsoft gets to define?

          And if not, how should users tell the OS that an application is trusted? Perhaps they could indicate that in some kind of dialog box...

          At the end of the day the u

1 Billion dollars of budget deficit = 1 Gramm-Rudman

Working...