Over the past week or so, there has been a lot of talk about a possible UAC (User Account Control) flaw in Windows 7. Microsoft stance on the issue kind of implys they don’t think the flaw is a flaw and have gone as far as to say it’s by design.
If you are a Vista user, you probably are familiar with UAC, if not UAC is basically a prompt that alerts you that a program is installing or alerts you if some program is doing something suspicious. While I like UAC some complained that it was annoying, and Microsoft wanted to make UAC less annoying in Windows 7.
The problem is, if you install malware on your Windows 7 system that Malware can disable UAC with out alerting you. That in my opinion and the opinions of others like Mary J Foley, Long Zeng and Rafael Rivera is a huge problem.
Microsoft doesn’t think this is an issue and today Jon DeVaan of the Windows at Microsoft posted to the Windows 7 blog.
He said “The first issue to untangle is about the difference between malware making it onto a PC and being run, versus what it can do once it is running. There has been no report of a way for malware to make it onto a PC without consent. All of the feedback so far concerns the behavior of UAC once malware has found its way onto the PC and is running. Microsoft’s position that the reports about UAC do not constitute a vulnerability is because the reports have not shown a way for malware to get onto the machine in the first place without express consent. Some people have taken the, “it’s not a vulnerability” position to mean we aren’t taking the other parts of the issue seriously. Please know we take all of the feedback we receive seriously.”
Microsoft needs to realize, with or with out consent any software installed on my system should not disable UAC with out my permission, there have been plenty of times where my mother who only visits Zone.com to play games, has been infected with Malware because ads on the site trigger installations she thought were for the games. A few times in the past couple of years, games she has even downloaded from Microsoft could of been considered Malware.
So yes Microsoft people will give consent to malware because they do not know it is Malware, especially when it’s coming from a trusted site you own. I ask you Microsoft to get off your high horse and fix the issue. Your customers demand a fix, so FIX IT! Force UAC to alert a user of any changes to the UAC settings regardless if the user has UAC enabled or not in Windows 7, stop fighting your customers and give them what they want.
Microsoft changed their tune
http://blogs.msdn.com/e7/archive/2009/02/05/uac-feedback-and-follow-up.aspx
Comments: (4)
Microsoft_Sucks on Thu, Feb 05th, 2009 at 05:38 PM
I don’t get what’s up Microsoft Ass about this issue, 1 prompt that is all whats being asked for.
Chris on Thu, Feb 05th, 2009 at 06:18 PM
I don’t know what UAC is am on XP but after reading that post from Microsoft, it comes off as snobby.
Chris on Fri, Feb 06th, 2009 at 12:10 AM
Glad to see they changed their minds.
Unstable on Mon, Feb 09th, 2009 at 03:06 AM
Typical MS but glad they changed their mind.
Page 1 of 1 pages
Post Tags: microsoft windows 7 uac flaw uac
Next entry: Transfering a Domain from Yahoo to GoDaddy Previous entry: Sharp's Bogus Appreciation Promotion!