Linked by Thom Holwerda on Sat 31st Jan 2009 10:45 UTC
Privacy, Security, Encryption Yesterday, we reported on the security flaw in Windows 7's UAC slider dialog, and today, Microsoft has given a response to the situation, but it doesn't seem like the company intends to fix it. "This is not a vulnerability. The intent of the default configuration of UAC is that users don't get prompted when making changes to Windows settings. This includes changing the UAC prompting level." I hope this reply came from a marketing drone, because if they intend on keeping this behaviour as-is in Windows 7 RTM, they're going to face a serious shitstorm - and rightfully so. Let's hope the Sinfoskies and Larson-Greens at Microsoft rectify this situation as soon as possible.
Permalink for comment 346517
To read all comments associated with this story, please click here.
TBPrince
Member since:
2005-07-06

I remember when UAC was being introduced in Vista. There were much buzzing about it but I remember MS representatives always stating UAC is not to be considered a security boundary.

They were insisting user is the security boundary level they were taking care of and UAC was only a way to help user to spot potentially dangerous situations. So I guess this is what they mean when they say that behaviour is not a flaw.

Personally, I was against relaxing UAC in Windows7. I find UAC is extremely useful and it helped me spot a couple of bad situations. After all, other systems are imposing user to enter their password to elevate your privileges. UAC doesn't require you to type password (and I think it's a right decision) but can be extremely useful. Reducing its impact is not good to me.

Reply Score: 2