Windows 7 Security Flaw is "By Design"

You see, it would be very good PR for MS to change this. But they won't even do something for PR sake. Way to fail miserably, Microsoft.

the middle ground between being totally irritating dialogs and no dialogs is almost impossible to achieve

If a user disables the UAC on purpose, then they do something that would infect their machine. I think Micro actually has this one right. I hated the UAC from Vista, If I disable it then I do something that allows it to blow up. Well that is my fault, but at least I have the freedom in the OS to disable it if I want. I am not a Micro fanboy at all, but I say way to go Micro!!

Once again Microsucks shows that they do not consider their costumers.
Why pay for software that is a piece of crap, and that you know that their are problems with viruses and spyware. Normal users will have to spend money (more or less 100$) to format and reinstall their Windows.
When they fix some security issues, they have enough people working there to think a step forward (If a virus does that, it will do this.....) I guess they like to pay engineers to do nothing...

anyhow good luck microsucks

Well, Microsoft changed their response to fit the times. Now things are "by design".

Used to be errors and malfunctions were "undocumented features" lmao

"Yes, support? Why does my coffee cup holder keep going back into the computer?" lmao

You know you guys are funny. You all hacked on Micro for UAC in the first place then you hack on them for allowing the user to "REALLY" disable the UAC. I guess when it comes to OSes Micro just can't win.

sounds like microsoft is being a little defensive. personally i think they should not make a big deal about it and that they should change it so that if the user is going to change / disable uac then they should be prompted. personally one of vista's biggest dislike, other than it being a pig, is those constant popups. i disable uac the first chance i get and i think that windows 7 is a big improvement in this sense over vista, still windows 7 is a pig just like vista

For another thing the system is NOT "vulnerable to attack" because UAC is disabled, the only thing UAC does is instigate consumer against computer attacks (ie. beating the computer, punching the monitor, throwing mice, smashing keyboards...etc.) But really, without UAC if you have a simple virus program like AVast anti virus, you are fine, I have not have a problem with UAC disabled on Vista Ultimate.

LOL: "Mr. Bank President, did you know there's a huge hole in your vault?"

"Yes, we built the vault with that big hole on purpose. That way customers can make withdrawals or deposits without having to stand in line. It's not a problem though, cause nobody can steal any money unless they walk through the front door first..."

i dont get your point. bank vaults have a big gaping hole, othewhise how you get in and out of the vault. ;-) the point is you have to have someone that you trust controlling access to the vault and its content, like some nice internet security suite... and even with that you know that people might break in ,nothing is perfect.

UAC prevents programs having adminitrative priviliges all the time, so that any damaging tasks would cause a prompt before they can happen. By disabling UAC, programs run with perpetual administrator rights and can do anything unless stopped by other software.

People cry too much about UAC. As long as you're using your computer properly, the prompts aren't bad.

?not bad? yeah, i like my work to be interrupted every keystroke with some popup asking me if it was ok for me to press the key, i thought we all agreed some time ago what an annoyance that was and agreed to use popup blockers.

Anyone who has a problem with Microsoft products, should just use Linux or OSX. Okaaaaaay?

linux / osx not option because i wont be able to run my games...

Wow. What a perfectly accurate real world representation of what is going on. Completely realistic.

Well, everyone likes to hit on MS on everything and everything. It's like a culture now. When something doesn't work, most of the time they will point the finger at the Windows..just like when people can't see their 4GB or more ram, alot of people just assume its Windows bug lol. Especially when you ask them, how's Vista, they will tell you it's buggy, problematic...slow. Then if you ask them , so what bugs and problematic you encounter on your Vista and they will reply....eeerrr so far non, but it is buggy and problematic. @_@
I am not a MS fan or what, i have used linux and other OS as well and i can tell you...they are far from perfect.
I guess people just like to follow what the majority, and always pick on what is common and widely used/wellknown and underground things are cooler.

Microsoft already sacrified security over convenience; case in point, as mentioned, users are Administrators by default. Then there is how, from the start, they let third party software developers on very long leash, or no leash at all, on developing software for Windows. Software needing to install/run a service for no apparent reason? True, if third party developers want to be as invasive as they want, there is little to stop them. But since users are accustomed to such low standards, they won't complain, won't look harder for alternative software.

I don't mind if MS breaks compatibility with older software on new Windows, as long the standard has significantly improved. Ofcourse, it's better if Windows execute such software in a sandbox. Sandbox. Speaking of which, not only does Vista doesn't have a sandbox feature, it made the system incompatible with a lot of sandbox software (ie, sandboxie).

Microsoft, listen: just because a user has allowed a software to run, doesn't have to mean that he/she is on his/her own. Provide a powerfull sandbox feature or let others develop powerfull sandbox solutions (the kind that even allows installation of drivers in the sandbox. scr3w DRM drivers).

The old "It's a feature, not a bug!"...
Actually "windblows security" is a oxymoron.

"If you can't make it good, at least make it look good." by m$'s Billyboy

Dammed if you do, dammed if you don't.

You guys are retarded.... MS is absolutely right about this... If you are WRITING THE SCRIPT on your machine, then ya no kidding you have cricumvented and protection because you have done this intentionally......... your AV software is what needs to protect this UNCOMPILED script from even making it to the PC. Are you guys even really technical...

How about this compromise (I copy this idea from Ubuntu...)

When the OS is installed, you enter a username (and maybe a password.) That user is *NOT* an administrator but has an attribute defined in system policies that they can 'sudo' admin access by clicking 'ok' in the UAC box or entering their OWN password if they set one. This way, the user can be protected by UAC if they wish and if they turn UAC off the system can prompt them whether or not they wish to be added to the admin group (with a reasonable description of the impact of such...)

You could still add yourself to the admin group manually if you wanted to... which would effectively bypass UAC I guess. Just make sure you don't turn off your "Can sudo to admin" flag since you then don't have access to turn it back on!!!

Having some button available somewhere on the login screen would help too... so the user could log in as the default (hidden) administrator account in case they REALLY need to fix a messed up user account. You could ask the user upon install to enter a "recovery" password or something so they understand what the "administrator" account really is being used for.

I ask you the same question. Do you really think this script is the only thing capable of penetrating your system? Did you read the article? This is a proof-of-concept script, not the only way of doing it. You could write a virus to do the same thing but completely silently (whereas this is quite crude) and the user would never know that UAC was disabled (except for the sudden lack of prompts).

You're coming to a sad realization ... allow or deny?

I have to say I am getting that impression. There is a fix for this: make any change to UAC itself need to be confirmed via a UAC dialog.... but it might not be as 'easy' a fix as people are saying it should be.

If M$ can implement a UAC prompt for every other menial task, they can do it for UAC changes as well.

It is STILL up to the AV.... And if MS packages it's AV into the OS, EU fines them and users whine and complain. What a predicament. And no, obviously it is not the only thing that can compromise the system but how utterly irrelevant that the UAC could become disabled based on a KeySending script... I doubt Windows 7 is the only OS that this would happen on. Go create a "Robot" script on OS X and then see hwo much coverage that crap story gets. It's irrelevant because this story makes no message of the transport of the script to the end-user. Any virus that ORIGINATES on the end-user PC has not INTRUDED because it was created there. Non-point and mindless dribble. Next.

I'm actually with microsoft on this one. Ye it can be exploited, but for that to happen, something or someone else must fuck up first. It's a bit like blaming your car maker for a blown engine, because you didn't bother checking your oil level or didn't bother getting the warning light fixed when you noticed it was broken.

Agreed. Download the AWESOME keygen or crack and suffer the consequences. That wouldn't be labeled a Windows XP vulnerability either.

Why is it that the same people that complain they hate UAC complain that UAC has an easy way to be worked around? Isn't that what they want?

UAC is a tool to HELP people. The fact this "hack" (btw calling it a security flaw is like calling a screensaver that displays a fake bluescreen a virus) is rather minor doesn't seem to bother the legions of apple fanatics seizing on any anti-microsoft fodder. These same people think firefox is more secure than IE regardless of facts.