You have to hand it to them: Microsoft has made an excellent marketing move the last couple of days. Remember the UAC issue we reported on earlier? It turned out that changing UAC settings did not actually trigger a UAC dialog, allowing scripts and malware to disable UAC altogether without the user ever noticing anything - obviously leaving the system wide open. After stating numerous times the company wouldn't do anything about this issue, they have now done a complete 180, and will fix UAC to work as many had already advised. A brilliant marketing ploy right there.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-07-17
And not only that, but with some distros (perhaps most notably Ubuntu), anyone with physical access to your computer can gain root-level access without any effort at all, by selecting "recovery mode" from the bootloader prompt.
Not quite the same thing, I realize, but still an example of an easily fixable security flaw that remains untouched.
Member since:2005-07-06
Member since:2007-09-08
Big deal - you can reset the admin password on just about anything (Windows, Linux, or MacOS X) if you happen to have a boot CD handy. An Ubuntu LiveCD will do the job nicely, as would a WinPE boot CD, or a Mac OS X install CD.
The only way to prevent someone with physical access to your machine from getting root-level access is to use whole-disk encryption.
By the way, as with the recovery console on Windows XP, most Linux distributions require you to enter the root password before you can use recovery mode. It's just Ubuntu that doesn't, because it doesn't have a root password.
Member since:
2008-01-20
I wouldn't get too excited about this..
Many Linux distro's STILL maintain a 15 minute sudo timeout (apparently ubuntu is one of them), which means any program (virus or otherwise), can sit there and wait until there's an open sudo session available, and then get admin privs without a password. Some linux distro's are still calling that a feature unfortunately (so they are no better then Microsoft).
But yeah, its about time Microsoft fixed this stupidity. UAC is certainly a good thing, but that broken behavior would have made it as insecure as Windows XP. Good to see they stopped playing politics and caved in.
Btw, at least they did a 180degrees... I wouldn't say its a marketing ploy though (not sure where the author came up with that BS from).
Either way, I don't care as long as its fixed.