Linked by Thom Holwerda on Thu 24th Jul 2008 22:04 UTC
Windows As someone who uses Windows Vista practically daily, I've always wondered where all the negativity in the media comes from. Sure, Vista isn't perfect (as if any operating system is), but I just don't see where all the complaints are coming from. It runs just fine on my old (6 years) machine, all my software and hardware is compatible, and it's stable as a rock. Microsoft has been wondering the same thing, and after a little test, they may have found out why people seem to dislike Vista so much.
Thread beginning with comment 324538
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: I Hate Vista
by kaiwai on Fri 25th Jul 2008 09:27 UTC in reply to "RE[3]: I Hate Vista"
Member since:

What is so hard about UAC running an md5 against the exe file in question.


First example:
1. user executes destroy.exe: UAC prompt, user clicks on "always consent"
2. malware executes destroy.exe, no prompt because the exe is the same.
-> you're pwned!

Incorrect. End user loads it once, knows that it is an application he or she wants to use on a constant basis - heck, it could be their very own application they've written.

If you do an md5, compare the result of the stored one to the one done at the execution of the application - if malware has through some way replaced the legitimate file with something bad - the md5 comparison will fail and a warning along the lines of "exe has failed security check, file possibly compromised, excution haulted".

Second example:
1. user changes a firewall rule: UAC prompt, user clicks on "always consent"
2. malware changes a firewall rule, no prompt because the firewall configurator executable is the same.
-> you're pwned!

Third example:
1. user copies a file in c:\windows using windows explorer: UAC prompt, user clicks on "always consent"
2. malware copy a trojan in c:\windows, no prompt because the copy command executable or the explorer.exe is the same.
-> you're pwned!

If you are going to compare, don't be dishonest and quote only the first half; the issue was addressing a specific question; the specific question was a specific executable file. It didnot involve file copying, it didn't involve anything else. It involved running one piece of software and the contious asking whether its ok to run it because it isn't signed.

The issue has NOTHING to do with UAC, because it isn't UAC querying the end user. This security check exists on Windows XP to; if you choose to run something downloaded via the internet from the download window - when one clicks on 'open', one is faced with the same question.

Edited 2008-07-25 09:36 UTC

Reply Parent Score: 7