Windows 7 UAC flaw silently elevates malware access Researchers have uncovered yet another flaw in Microsoft's Windows 7 beta that could allow attackers to gain full administrative privileges by bypassing the operating system's UAC, or user access control. Researcher Rafael Rivera Jr. has released proof-of-concept code that demonstrates how unauthorized third-party software can …
Haven't we been through this since Unix has had the setuid flag on executables ? "A suid program must be careful not to execute anything with elevated privileges" (or write files really carefully, sanitize arguments and so on). Do we really have to go through it again, until MS learns ?
I wish they would hire a couple of Unix guys to help them get a clue. Seriously.
It seems that by trying to make UAC prompt less, it is making it a lot less secure. Should Windows 7 revert to Vista's type of UAC by default?
Having said that, users still shouldn't be running those dodgy applications - no safeguards in the system that protects users from themselves should be relied upon.
They should try it the other way round - make non-admin tasks a hassle under an admin account.
Then people might use a non-privileged account for everyday stuff. (Ok, sysadmins ...!)
But it's hard to change people's mindset - I still come across developers brought up on Windows, when using Linux, logged in to 'root' for their normal work.
Hey, I'm no Windows fan but it does say on the "box" when you download it "Windows 7 BETA"! You are MS guinea pigs, it is for MS to test if it works. This is exactly the sort of thing they want to come out. So if you're stupid enough to rely on a beta O/S to run you production stuff and keep your important info safe, then sorry but you deserve everything you get quite frankly!
Play with it by all means, but please don't think you're getting a free copy of Vista Ultimate SP2 for nothing, it comes at a price.
I am looking forward to the day the beta program closes and all those people who loaded W7 and got used to it won't be able to get to their files unless they punch in a credit card number first! Mwahhahahah! "All your data is belong to us!".
Or, in other words: It's a piece of piss to do this on a UNIX system as well, once you've got your calling program installed with the correct owner and flags set.
The only thing left to work out is whether that's a harder exercise than getting the trusted, digitally signed calling program onto Win 7........
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
