Star Editorial: Windows 7's UAC Is Broken and Insecure
Linked by Thom Holwerda on Thu 5th Mar 2009 13:27 UTC
Windows For Windows 7, Microsoft has made some changes to User Account Control to counter the criticism that UAC was too intrusive. It didn't take long before several holes were poked in Windows 7's default UAC settings, and now one is left to wonder: is it wise to sacrifice security for (perceived?) usability? Ars has an editorial that deals with this question.
E-mail Print r 8   · Read More · 93 Comment(s) http://osne.ws/g9p
Permalink for comment 351877
To read all comments associated with this story, please click here.
RE: That's just crazy talk
by Morph on Thu 5th Mar 2009 21:00 UTC in reply to "That's just crazy talk"
Morph
Member since:
2007-08-20

I don't mind typing in a password but I do mind a uber-modal dialog blocking everything but the UAC window asking permissions

The `uber-modality' is by design, and it has a very important reason. Only the true UAC can create such a window, no other app can grey out the screen, etc. This means that malicious apps cannot create a replica UAC window in an attempt to fool the user, like phishing. If you ever get a UAC prompt that's not `uber-modal' then you know it's a fake.

This is the same reason some systems require you to press ctrl+alt+delete to open a login window; no regular app can capture ctrl+alt+delete because it is handled specially by the hardware and keyboard drivers. So when a login window appears as a result of you pressing ctrl+alt+del, you know it must be genuine.

Reply Parent Bookmark Score: 2