Linked by Thom Holwerda on Sat 31st Jan 2009 10:45 UTC
Privacy, Security, Encryption Yesterday, we reported on the security flaw in Windows 7's UAC slider dialog, and today, Microsoft has given a response to the situation, but it doesn't seem like the company intends to fix it. "This is not a vulnerability. The intent of the default configuration of UAC is that users don't get prompted when making changes to Windows settings. This includes changing the UAC prompting level." I hope this reply came from a marketing drone, because if they intend on keeping this behaviour as-is in Windows 7 RTM, they're going to face a serious shitstorm - and rightfully so. Let's hope the Sinfoskies and Larson-Greens at Microsoft rectify this situation as soon as possible.
Permalink for comment 346435
To read all comments associated with this story, please click here.
Thom_Holwerda
Member since:
2005-06-29

That may have happened as a result, but let's be honest here--it was a nice side effect.


I think you need a lesson on how UAC works.

UAC is not only effective when you run a LUA; admin accounts are protected as well. Admin users have to click "ok" when something requires elevated permissions, LUAs have to enter the password.

The goal, as clearly stated by Microsoft, was to annoy users so much, that they started demanding that 3rd party developers fix their apps so they don't need admin priveleges anymore.

As the dramatic reduction in the number of applications requiring admin privileges shows - this goal has been achieved.

For it to have resulted in the changes you suggest would have to mean most users of Windows are running as limited accounts. I don't think anyone wants to pretend that's happened--for the very same reason you point out: 'Everyone' knows installing apps requires admin privileges and so run that way as default.


That's the beauty: people running as admin are still protected because unauthorised access will still be picked up. Of course, running as non-admins is preferred, but oh well.

So, your argument falls flat: whether you're on a LUA, or an admin account, you get the same amount of prompts. In other words, the amount of prompts isn't forcing anyone to stick with an admin account.

Reply Parent Score: 2