Linked by Thom Holwerda on Sat 9th Sep 2006 17:15 UTC, submitted by danwarne
Windows One of Vista's big security features is 'User Account Protection' (or 'User Account Control') which pops up and asks for user authentication before software can make any administrative changes to the system. But the TweakVista utility can turn off UAP in one click. Microsoft says this is UAP working as intended, because when a user runs TweakVista they are asked to authenticate. However, James Bannan at APC Magazine asked Microsoft what's to stop a downloaded 'freeware game' requiring user authentication upon installation and then disabling UAP altogether? Elsewhere, there's a tweaking guide for Vista RC1.
Thread beginning with comment 161031
To read all comments associated with this story, please click here.
This is no flaw
by PJBonoVox on Sun 10th Sep 2006 09:25 UTC
PJBonoVox
Member since:
2006-08-14

On Linux, what is stopping an application asking you for the root password and then using that information to do something as root?

No different/

Reply Score: 3

RE: This is no flaw
by Samhain on Sun 10th Sep 2006 15:52 in reply to "This is no flaw"
Samhain Member since:
2005-07-06

The difference is that once you give it the root password it flicks a little switch that says, no other application, including itself ever has to ask for the root password again. They can just always run as root.

And you have no idea that it has done this.

Reply Parent Score: 1

RE[2]: This is no flaw
by eMagius on Sun 10th Sep 2006 16:50 in reply to "RE: This is no flaw"
eMagius Member since:
2005-07-06

That's true on *nix as well; a malicious program could set the suid bit (for any file on the system) just as easily.

No matter what system you use, if you grant a program root/Administrator privileges it can do horrible things.

Reply Parent Score: 1