jalaffa Posted January 31, 2009 Share Posted January 31, 2009 A change to User Account Control (UAC) in Windows 7 (beta) to make it “less annoying” inadvertently clears the path for a simple but ingenius override that renders UAC disabled without user interaction.With the help of my developer side-kick Rafael Rivera, we came up with a fully functional proof-of-concept in VBScript (would be just as easy in C++ EXE) to do that - emulate a few keyboard inputs - without prompting UAC. We soon realized the implications are even worse than originally thought. You could automate a restart after UAC has been changed, add a program to the user’s startup folder and because UAC is now off, run with full administrative privileges ready to wreak havoc.Having UAC on at the policy as it is currently implemented in Windows 7 is as good as not having it on at all.Until when Microsoft decides to fix this, if they do at all, beta users of Windows 7 can also apply a simple fix. Changing the UAC policy to “Always Notify” will force Windows 7 to notify you even if UAC settings change. Annoying, but safe.Post from: istartedsomething blog View: Original Article Link to comment Share on other sites More sharing options...
bearoninternet Posted January 31, 2009 Share Posted January 31, 2009 Good find. Though i doubt microsoft will fix or change that. When running as a user instead of administrator the uac is standard set to always notify.Though most people will use any installation out of the box instead of creating accounts, turning uac to always notify by default for administrators will annoy a lot of people. It's a matter of choice between safety and comfort. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.