Windows 7 UAC row comes down to technicalities
A security researcher says he’s found a flaw which could let hackers use Windows 7’s User Account Control to their advantage. But Microsoft says the system is working as designed and the problem is not a true vulnerability.
The issue involves a change to UAC in Windows 7, meaning the default setting is to only notify users about third-party software wanting to make changes. Under this setting, users aren’t notified and asked for confirmation when they try to change Windows settings. This appears to be a trade-off between security and useability designed to cut down on ‘unnecessary’ alerts which simply irritate users.
However, Long Zheng of istartedsomething.com says this setting has a major flaw: the User Accounts Control itself is classed as a Windows setting meaning that by default, users aren’t prompted and queried when there’s a request to change the way it works.
That’s a hassle-saver when users want to change their UAC settings – but a potentially serious problem if rogue software does it without their knowledge. Zheng has produced a working model of a rogue application which, once run, will simulate the user commands necessary to switch off UAC completely without the user being prompted for confirmation.
It’s worth noting this will only work when a user is logged in as an administrator, and the main point of UAC is that users instead create a standard account and let UAC give them temporary administrator privileges as and when they are needed. However, in reality many if not most users will never create an extra user account and will stick to the one which comes when Windows is installed – an administrator account.
Microsoft says it is taking the issue seriously but is adamant it doesn’t count as a security ‘vulnerability’ because there’s no way of taking advantage of the loophole without some form of user consent (that is, running the rogue application). It points out that the enhanced security of Windows 7 makes it less likely this can happen without the user’s knowledge.
Changing the UAC settings to the notify user of all changes solves the problem, but Microsoft says it won’t alter the default settings; it says testing shows the ‘always notify’ setting quadruples the number of prompts without making any meaningful difference to the chance of a computer being infected.
Zheng argues that, even with the comparatively limited time left to make changes at this stage of Windows 7’s development, Microsoft could tweak the system so that any change to UAC forces a prompt regardless of the security settings.
Related Posts:
