Despite all the anti-malware roadblocks built into Windows Vista, a senior Microsoft official is lowering the security expectations, warning that viruses, password-stealing Trojans and rootkits will continue to thrive as malware authors adapt to the new operating system. "There is no guarantee that malware can't hijack the elevation process or compromise an elevated application," Russinovich said after providing a blow-by-blow description of how UAC works in tandem with Internet Explorer (with Protected Mode) to limit the damage from malicious files. Even in a standard user world, he stressed that malware can still read all the user's data; can still hide with user-mode rootkits; and can still control which applications (anti-virus scanners) the user can access.
To read all comments associated with this story, please click here.
Member since:2005-07-06
Member since:2005-11-10
Please. If you have been reading around you will see that this is not the first time people in MS have backed down from UAC.
UAC is just like DRM, it just keeps the honest people honest. Anyone who wants to get around it can.
There has been more then one person in MS who has said UAC is not even a security feature??? LOL!
http://www.networkworld.com/news/2007/021407-microsoft-uac-not-a-se...
http://talkback.zdnet.com/5208-10533-0.html?forumID=1&threadID=3161...
MS fan boys fall for the slick marketing every time.
Member since:2006-01-10
UAC is nothing like sudo. Well it'll ask you for a password like sudo will. Sudo is completely non-obtrusive though. The only time it'll ask for a password is when you actually are trying to do some administrative things, and it also will keep it cached for five minutes (you can configure the time on that).
On the other hand, with UAC enabled, if you want to do something as simple as create a new folder outside of your home folder, you have to click continue on two dialog boxes and enter the administrator password twice! That is just overkill for everyone.
If you don't believe me, open up your Program Files directory, then right click and select "new folder" then it'll ask you to confirm, then ask for the Administrator password, then it'll prompt you to rename the folder as always, but then it'll ask you to enter the Administrator password a SECOND time.
This is just plain overkill and is badly implemented.
Member since:2005-08-28
Given the conflicting opinions I've seen, I suspect UAC's main offense is that it exists.
Prior to Windows Vista, Windows never asked for permission. Now it's asking, and I'm betting ANY sort of UAC would irritate people who were used to the old behavior.
Now, maybe they have taken it too far; maybe they haven't. I haven't had any first-hand experience with Vista yet so I can't say for sure.
Member since:
2005-10-11
Especially with Vista's UAC since everybody is disabling it because it's more annoying than malware itself.