Sign in with
Sign up | Sign in

Windows 7 Security Flaw is "By Design"

By - Source: Tom's Guide US | B 37 comments

It is well known now that User Account Control (UAC) in Windows 7 is more customizable than in Windows Vista. With several levels of notification, the system can be "tamed" so that it doesn't ask for permission to do every task. However, the default setting that most people will run has an inherent flaw that will allow a malicious script or program to trick users into disabling UAC, without causing a UAC security prompt to occur.

Vista users complained about UAC, so Microsoft offers four levels of notification in Windows 7. The default option is “Notify me only when programs try to make changes to my computer” and “Don’t notify me when I make changes to Windows settings”. A security certificate is used to distinguish Windows settings from third-party software, thus preventing prompts when changes are made to these settings.

The problem lies with the fact that when a user alters UAC settings, it is considered a "change to Windows settings" by the default notification level. Therefore UAC's notification level can be altered, or even disabled altogether, and the user would not be prompted to actually consent to it.

A basic proof-of-concept VBscript has been made public that demonstrates how simple it is to disable UAC automatically. A sequence of keyboard inputs is emulated to perform this simple task, alongside Sleep and Run methods. It is also possible to force a restart after UAC has been toggled off to force the user to run with full administrative rights. Malicious programs can then freely alter the system now that they have sufficient privileges to do so.

It would be simple for Microsoft to fix this security hole before the OS ships out. All that is needed is to force a UAC secure desktop prompt to occur whenever UAC settings are changed, regardless of current level of notification. The user would then have to click "yes" to render their system open to attack, so while the fix is not bullet-proof, it is better than requiring no user intervention at all.

Microsoft responded to the publication of this security flaw stating that in order for this vulnerability to be exploited, a user's computer would have to contain malicious code already, which means other security software has failed to prevent this or the user has explicitly allowed it. Also, on Microsoft Connect, submissions made regarding this flaw were all closed and labeled as "By Design."

It is important to note that only users that are part of the Administrative user group will be vulnerable, as Standard users will require an administrative password to make these changes (whether they are initiated by the user or by scripts). However, since the default user group is Administrative, most home users, especially those with only a single user account, will be vulnerable.

Display 37 Comments.
This thread is closed for comments
  • -5 Hide
    scryer_360 , February 3, 2009 6:40 PM
    You see, it would be very good PR for MS to change this. But they won't even do something for PR sake. Way to fail miserably, Microsoft.
  • 3 Hide
    Anonymous , February 3, 2009 6:52 PM
    the middle ground between being totally irritating dialogs and no dialogs is almost impossible to achieve
  • 2 Hide
    waikano , February 3, 2009 7:04 PM
    If a user disables the UAC on purpose, then they do something that would infect their machine. I think Micro actually has this one right. I hated the UAC from Vista, If I disable it then I do something that allows it to blow up. Well that is my fault, but at least I have the freedom in the OS to disable it if I want. I am not a Micro fanboy at all, but I say way to go Micro!!
  • -7 Hide
    dextermat , February 3, 2009 7:11 PM
    Once again Microsucks shows that they do not consider their costumers.
    Why pay for software that is a piece of crap, and that you know that their are problems with viruses and spyware. Normal users will have to spend money (more or less 100$) to format and reinstall their Windows.
    When they fix some security issues, they have enough people working there to think a step forward (If a virus does that, it will do this.....) I guess they like to pay engineers to do nothing...

    anyhow good luck microsucks
  • 3 Hide
    jcknouse , February 3, 2009 7:19 PM
    Well, Microsoft changed their response to fit the times. Now things are "by design".

    Used to be errors and malfunctions were "undocumented features" lmao

    "Yes, support? Why does my coffee cup holder keep going back into the computer?" lmao
  • 4 Hide
    waikano , February 3, 2009 7:28 PM
    You know you guys are funny. You all hacked on Micro for UAC in the first place then you hack on them for allowing the user to "REALLY" disable the UAC. I guess when it comes to OSes Micro just can't win.
  • -3 Hide
    jsloan , February 3, 2009 7:34 PM
    sounds like microsoft is being a little defensive. personally i think they should not make a big deal about it and that they should change it so that if the user is going to change / disable uac then they should be prompted. personally one of vista's biggest dislike, other than it being a pig, is those constant popups. i disable uac the first chance i get and i think that windows 7 is a big improvement in this sense over vista, still windows 7 is a pig just like vista
  • 2 Hide
    brendano257 , February 3, 2009 7:44 PM
    For another thing the system is NOT "vulnerable to attack" because UAC is disabled, the only thing UAC does is instigate consumer against computer attacks (ie. beating the computer, punching the monitor, throwing mice, smashing keyboards...etc.) But really, without UAC if you have a simple virus program like AVast anti virus, you are fine, I have not have a problem with UAC disabled on Vista Ultimate.
  • 4 Hide
    jerreece , February 3, 2009 8:24 PM
    LOL: "Mr. Bank President, did you know there's a huge hole in your vault?"

    "Yes, we built the vault with that big hole on purpose. That way customers can make withdrawals or deposits without having to stand in line. It's not a problem though, cause nobody can steal any money unless they walk through the front door first..."
  • -3 Hide
    jsloan , February 3, 2009 8:58 PM
    jerreeceLOL: "Mr. Bank President, did you know there's a huge hole in your vault?""Yes, we built the vault with that big hole on purpose. That way customers can make withdrawals or deposits without having to stand in line. It's not a problem though, cause nobody can steal any money unless they walk through the front door first..."


    i dont get your point. bank vaults have a big gaping hole, othewhise how you get in and out of the vault. ;-) the point is you have to have someone that you trust controlling access to the vault and its content, like some nice internet security suite... and even with that you know that people might break in ,nothing is perfect.
  • 0 Hide
    randomizer , February 3, 2009 8:59 PM
    brendano257For another thing the system is NOT "vulnerable to attack" because UAC is disabled, the only thing UAC does is instigate consumer against computer attacks (ie. beating the computer, punching the monitor, throwing mice, smashing keyboards...etc.) But really, without UAC if you have a simple virus program like AVast anti virus, you are fine, I have not have a problem with UAC disabled on Vista Ultimate.

    UAC prevents programs having adminitrative priviliges all the time, so that any damaging tasks would cause a prompt before they can happen. By disabling UAC, programs run with perpetual administrator rights and can do anything unless stopped by other software.
  • 1 Hide
    Maxor127 , February 3, 2009 9:28 PM
    People cry too much about UAC. As long as you're using your computer properly, the prompts aren't bad.
  • -1 Hide
    jsloan , February 3, 2009 9:56 PM
    Maxor127People cry too much about UAC. As long as you're using your computer properly, the prompts aren't bad.


    ?not bad? yeah, i like my work to be interrupted every keystroke with some popup asking me if it was ok for me to press the key, i thought we all agreed some time ago what an annoyance that was and agreed to use popup blockers.
  • 3 Hide
    cruiseoveride , February 3, 2009 11:08 PM
    Anyone who has a problem with Microsoft products, should just use Linux or OSX. Okaaaaaay?
  • 0 Hide
    jsloan , February 3, 2009 11:12 PM
    linux / osx not option because i wont be able to run my games...
  • 3 Hide
    tayb , February 4, 2009 12:01 AM
    jerreeceLOL: "Mr. Bank President, did you know there's a huge hole in your vault?""Yes, we built the vault with that big hole on purpose. That way customers can make withdrawals or deposits without having to stand in line. It's not a problem though, cause nobody can steal any money unless they walk through the front door first..."


    Wow. What a perfectly accurate real world representation of what is going on. Completely realistic.
  • 1 Hide
    Anonymous , February 4, 2009 2:52 AM
    Well, everyone likes to hit on MS on everything and everything. It's like a culture now. When something doesn't work, most of the time they will point the finger at the Windows..just like when people can't see their 4GB or more ram, alot of people just assume its Windows bug lol. Especially when you ask them, how's Vista, they will tell you it's buggy, problematic...slow. Then if you ask them , so what bugs and problematic you encounter on your Vista and they will reply....eeerrr so far non, but it is buggy and problematic. @_@
    I am not a MS fan or what, i have used linux and other OS as well and i can tell you...they are far from perfect.
    I guess people just like to follow what the majority, and always pick on what is common and widely used/wellknown and underground things are cooler.
  • 0 Hide
    seatrotter , February 4, 2009 2:53 AM
    Quote:
    ...in order for this vulnerability to be exploited, a user's computer would have to contain malicious code already, which means other security software has failed to prevent this or the user has explicitly allowed it.

    Microsoft already sacrified security over convenience; case in point, as mentioned, users are Administrators by default. Then there is how, from the start, they let third party software developers on very long leash, or no leash at all, on developing software for Windows. Software needing to install/run a service for no apparent reason? True, if third party developers want to be as invasive as they want, there is little to stop them. But since users are accustomed to such low standards, they won't complain, won't look harder for alternative software.

    I don't mind if MS breaks compatibility with older software on new Windows, as long the standard has significantly improved. Ofcourse, it's better if Windows execute such software in a sandbox. Sandbox. Speaking of which, not only does Vista doesn't have a sandbox feature, it made the system incompatible with a lot of sandbox software (ie, sandboxie).

    Microsoft, listen: just because a user has allowed a software to run, doesn't have to mean that he/she is on his/her own. Provide a powerfull sandbox feature or let others develop powerfull sandbox solutions (the kind that even allows installation of drivers in the sandbox. scr3w DRM drivers).
  • -2 Hide
    ossie , February 4, 2009 6:45 AM
    The old "It's a feature, not a bug!"...
    Actually "windblows security" is a oxymoron.

    "If you can't make it good, at least make it look good." by m$'s Billyboy
  • 1 Hide
    LightWeightX , February 4, 2009 12:55 PM
    Dammed if you do, dammed if you don't.
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter