Linked by Thom Holwerda on Mon 22nd Jun 2009 22:31 UTC
Here at OSNews I have hammered and hammered on a few times already about the major flaw in Windows 7's default User Account Control, which allows people or software with malicious intent to completely bypass UAC in such an easy manner that you wonder why UAC is there in the first place. Well, the source code to this flaw has been released - since Microsoft has made it clear they have no interest in fixing it anyway - and Long Zheng, fellow advocate of fixing this bug, made a very clear demonstration video.
Thread beginning with comment 369764
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:2005-07-17
What I would like to know is then why MS allows for the first user one creates to be the Administrator user in the first place.
An "Administrator" account on Vista/7 is no different than a sudo-er on Linux. Well, minus the whole auto elevate thing that the article's about.
RE[2]: Comment by suryad
by dylansmrjones on Tue 23rd Jun 2009 02:27
in reply to "RE: Comment by suryad"
Member since:2005-10-02
Member since:2005-07-06
An "Administrator" account on Vista/7 is no different than a sudo-er on Linux. Well, minus the whole auto elevate thing that the article's about.
Which is a completely different thing to how LInux does it. When you install Linux you are forced to choose a password then you're forced to create a limited user account; Microsoft fails miserably at implementing these very basic things. These aren't high end security features - just common sense that I'd expect a multibillion dollar company to implement from day one.
Installed Windows Server 2008 Standard Edition, enabled UAC, then created a standard account - logged back out, logged in as the standard user - and when I needed my permissions elevated I was asked for the administrator password (when I was installing some software). Nice, simple and easy - why don't Microsoft do that?
Microsoft want to avoid having to implement some real security that'll rock the boat, break some applications, and result in customers complaining. Quite frankly, the noise of a few whiners is a small price to pay if the net result is a robust and secure operating system.
With that being said, when Microsoft can't be bothered fixing their own software and issuing patches for old software (Office 2003 on Vista being the best example) - how can one expect third parties to make the necessary investments? do any of the divisions actually work together? When things occur in Windows do the other divisions actually get a heads up on what is happening or do they bump around in the dark like mindless noddies?
Edited 2009-06-23 03:56 UTC
Member since:
2005-07-09
What I would like to know is then why MS allows for the first user one creates to be the Administrator user in the first place.