Despite all the anti-malware roadblocks built into Windows Vista, a senior Microsoft official is lowering the security expectations, warning that viruses, password-stealing Trojans and rootkits will continue to thrive as malware authors adapt to the new operating system. "There is no guarantee that malware can't hijack the elevation process or compromise an elevated application," Russinovich said after providing a blow-by-blow description of how UAC works in tandem with Internet Explorer (with Protected Mode) to limit the damage from malicious files. Even in a standard user world, he stressed that malware can still read all the user's data; can still hide with user-mode rootkits; and can still control which applications (anti-virus scanners) the user can access.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-07-06
Point is....
I might be root on my own machine, I know the root password.
I can set up sudo so that my normal account cannot do anything silly like open up mc and delete all the files in certain directories.
Root can do it... but sudo cannot.. even though as sudo, I still have the root password.
I can install software as root, but limit sudo accounts to not install software.
I can give my friends sudo accounts, and let them install/remove anything, but limit their abilities to create other accounts.
My friends, even though having sudo accounts to do superuser commands, will not know the root password.
My friends cannot rm * -f /
as they are not root
sudo users should be disabled from things like fdisk
uac on the other hand will let someone run things like fdisk when they give admin password. Silly MS mistake.
Member since:
2005-07-06
If you have the admin password you can do anything anyway.... what's your point?