LOGIN | REGISTER NOW | SUBSCRIBE
 
SD TIMES BLOG
Comments (0)   
Email
dworthington

Windows 7 UAC flawed?

by David Worthington 02/04/2009 01:17 PM EST

Over the past week Long Zheng has been all over flaws that were discovered in Windows 7's implementation of User Account Control by Rafael Rivera. Long and Rafael are terrific young guys, and are among the most technically savvy Windows enthusiast bloggers. When they make a point, Microsoft should listen. Mary Jo Foley has written a great summary of the duo's findings, and came to the conclusion that Windows 7 could be less secure than Windows Vista.

The flaws are so serious that malware can elevate its privileges by exploiting flaws in Windows 7's UAC implementation or even turn off UAC entirely. Yikes! Microsoft has repeatedly said that it is by design, but it has become clear that the default UAC settings aren't secure enough. Microsoft might want to make Windows 7 more user friendly, but it would be a bad idea to backslide on security. There is still a lot of time between now and RTM, so hopefully Microsoft will correct the problem(s) before it(they) becomes our problem(s)

If Microsoft tweaks the default UAC settings (and doesn't submit into stubborness) Windows 7 will be more secure. However, it is not secure by design. Microsoft knows how to design a secure OS, but the trouble is that it cannot acheive the level of security that its engineers desire without starting from scratch.

Currently rated 1.5 by 4 people

  • Currently 1.5/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Share this link: http://www.sdtimes.com/blog/1262

Tags: , ,

Microsoft

Comments

Add comment


 
 

biuquote
  • Comment




 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 

Download Current Issue
MAY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?


 
blogs tab
Creation
To write better software, cultivate your ability to be creative.
05/19/2012 07:40 PM EST

Slick...but who needs it?
compilr.com is a well-designed site and the folks behind it seem to have their heart in the right place. But...who needs it?
05/16/2012 12:45 PM EST

How to be a better software developer
Want to be a better developer? You won't get there by mastering an interesting language or learning a new set of APIs.
05/14/2012 12:18 PM EST

Wooing Galatea
Do yourself a favor and check out Galatea 2.2, a wonderful book by novelist Richard Powers.
05/12/2012 07:05 PM EST

The world as story
An artificial-intelligence system at Carnegie Mellon seeks to understand the world by making statements about it.
05/10/2012 06:39 AM EST

The Rise of the Brogrammer, or the Rise of the Sexist Programmer?
Women in Silicon Valley get vocal about sexist ads and campaigns that contribute to a tense work environment.
05/09/2012 03:14 PM EST

 

Events calendar tab
Business Analytics Innovation Summit
5/23/2012 to 5/24/2012
Chicago
IEG

IBM Innovate Conf.
6/3/2012 to 6/7/2012
Orlando
IBM Rational

Agile Development Conference West
6/10/2012 to 6/15/2012
Las Vegas
SQE

Better Software Conf.
6/10/2012 to 6/15/2012
Las Vegas
SQE

AMD Fusion Developer Summit
6/11/2012 to 6/14/2012
Bellevue, Wash.
AMD