Attention morons who didn’t like UAC in Windows Vista, that thing that turns everything off whenever you make a change to Windows and asks for your password, Long Zheng would like to have a word with you. Because of a change in Windows 7, you can basically write a script that turns the function off completely, thereby creating gaping security holes similar to those found in every previous Microsoft product ever made.
The threat is this: by running a simple program, you can turn off UAC, restart the computer, embed something at boot time, and take control of the computer. Bingo – instant admin access. According to Zheng this is a simple fix for Microsoft:
This is the part where one would usually demand a large sum of money but since I’m feeling generous, there is a simple fix to this problem Microsoft can implement without sacrificing any of the benefits the new UAC model provides, and that is to force a UAC prompt in Secure Desktop mode whenever UAC is changed, regardless of its current state. This is not a fool-proof solution (users can still inadvertently click “yes”) but a simple one I would encourage Microsoft to implement seeing how they’re on a tight deadline to ship this.
Generally, though, what we see here is Microsoft, in an effort to pander to those who know little to nothing about security, has essentially disabled one of the things that would keep our parents from installing WeatherBug inadvertently. Sure UAC is annoying, but isn’t spyware more annoying?
Cool discovery!
The picture was blocked by my browser (IE8) on the main page, which led me to REALLY want to know why…
Coincedently, I can read Swedish — but how do you know it does not say something really inappropriate? (It doesn’t, but I had to ask…)
Loose translation = I’ve got the coolest ability/status one can get, so I can kick people out.
WeatherBug isn’t spyware.
Exactly. I don’t know why I would want to prevent my parents from getting realtime WEATHER info on their desktop. That just seems unsafe. :P
In reality, the UAC function was created for the “MORONS” who didn’t know how to safely own and operate a computer in the first place (which apparently includes the author of this starting thread).
Anyone, with functional Gray matter between their ears who knows how to run and maintain a computer with any degree of common sense didn’t need this function and that is precisely why Windows 7 makes it optional.
>In reality, the UAC function was created for the “MORONS” who didn’t know how to safely own and operate a computer in the first place (which apparently includes the author of this starting thread).
not everyone is a super genius, DC
“…that is precisely why Windows 7 *BETA* makes it optional.”
Fckin Fix’d
Knowing Micro$oft, you wont have that option in the shipping version, or pay a premium for a version which gives you that option.
Personally I don’t care for UAC in vista however I will probably use the new model in windows 7 as it reportedly will give you more control on what it flags -like only programs trying to run on their own.
Otherwise I’d have to say UAC at a max level is designed to Idiot proof windows.
I wonder what Apple would do if it had to protect its users from themselves? Probably only find out if they can ever reach 20+ percent share of the market.
You got it right YiQin. It is a major blunder to try and idiot proof ANY tool from the owner as MS found out. You only wind up crippling the tool from those who have common sense in using the tool.