Posted by: YuvalShavit
.NET application testing and security, Windows 7
A couple blog entries ago, I mentioned that among Windows 7′s improvements is a fix to the user account control (UAC) functionality introduced in Vista. UAC was always a good — and overdue — idea, but Vista’s implementation was annoyingly chatty. Windows 7 would fix that, I wrote.
A security hole in Windows 7′s UAC has been found that uses a script to disable future UAC warnings, according to blogger Long Zheng. I haven’t tested it yet (our work machines still run XP), but Zheng’s blog entry includes proof-of-concept code. According to the blog, the issue had previously been marked as a bug on Microsoft Connect, but Microsoft closed the issue as “by design.
The easy fix is to set your UAC warning level to always ask for confirmation, even if it’s just to set system settings. That means malicious code won’t be able to disable UAC behind your back, but it also means UAC will be back to its annoying Vista persona.
Let this be a reminder to us all: convenience and security are often at odds. The problem is that too many warnings are also a problem, as users are apt to just click “yes” without reading your warning message. Striking the right balance between giving users power, giving them options, giving them convenience and giving them security is always difficult.