Microsoft changes policy over UAC row
Microsoft has announced it will change the way User Account Control works in Windows 7 to allay fears it could be abused by hackers. The change comes after the firm had previously denied the problem was a true vulnerability.
As we reported yesterday, the company had come under criticism after a writer noted a potential problem with the fact that Windows 7’s default level for UAC was to not prompt for confirmation after a request to change Windows settings. Long Zheng pointed out that this would mean there were no prompts for changes to UAC itself and argued that malicious code could actually disable UAC without the user knowing.
Microsoft originally argued that this was not a security ‘vulnerability’ because the system worked as designed and the problem could only be exploited by the user running the malicious code (however unwittingly).
Writing on the engineering blog which charts the development of Windows 7, the firm notes the negative response to this stance: “We don’t like where we are in terms of how folks are feeling and we don’t feel good.”
With that in mind, the firm will be taking up Zheng’s suggestion that changing the UAC levels will trigger a prompt, regardless of the setting for prompts about Windows changes.
In another change, which Microsoft says it had already been planning, the entire control panel for UAC will run as a high integrity process. That means you’ll need to provide administrator privileges to make any changes (though this does assume people are following Microsoft’s advice to always run in a standard user account).
Aside from the unnecessarily dismissive tone of Microsoft’s initial response, there’s nothing particularly wrong with a change of heart such as this. After all, the entire purpose of a beta edition is to discover problems: of course it would be better if the firm had figured out this issue rather than a blogger picking it up, but the point is that the problem has been found and fixed before the final release.
What is concerning in Microsoft’s new response is a note that when it comes to people suggesting methods of violating security, “if the first step is ‘first get code running on the machine’ then nothing after that is material, whether it is changing settings or anything else.”
Microsoft is effectively arguing that Windows 7’s protection against hackers being able to run code remotely is so good that it doesn’t matter if the system itself has flaws that make such malicious code more effective. That’s great in theory, but in reality hackers can and will find a way to run code remotely, even if it’s simply by exploiting human gullibility. Taking this approach is like a millionaire deciding not to bother keeping their valuables in a safe or have locks on their doors, simply because their land is surrounded by an ‘impassable’ fence.
Related Posts:
