For the past several days, discussions in various venues have centered around what has been described as a security flaw in Windows 7 UAC. To illustrate the concern for this issue, at the end of this post is a sampling of blog posts by many well known bloggers in the tech community.
As has been pointed out, this change by Microsoft is “by design”. However, regardless of whether UAC is changed on the PC by a family member or malicious software, Bill Pytlovany has added a new feature to WinPatrol v16 (Beta) which Monitors Changes to UAC Settings.
I installed the new beta on the Windows 7 test installation and changed the UAC from the default (medium) security setting. Scotty warned me of the change and allowed me to prevent the change by clicking Yes to block the change and restore the original setting.
Had I installed a program that made this change, this warning would have allowed me to have WinPatrol restore the original setting.
Once again, I applaud Bill Pytlovany!
Blog Post Sampling:
- Adrian Kingsley-Hughes, ZDNet: Microsoft neuters UAC in Windows 7
- Andrew Nusca, ZDNet: UAC security flaw in Windows 7 beta
- Aubrey, Windows Connected: Massive Security Hole In Windows 7
- Bill Pytlovany, Bits From Bill: Windows 7, Not Ready for Prime Time
- Dana Epp, SilverStr’s Blog: Is UAC really broken in Windows 7? More importantly, does it make us less secure?
- Dwight Silverman, TechBlog: Updated: Windows 7′s UAC is now insecure ‘by design’
- Ina Fried, c|net News: Windows 7 less annoying, but also less secure?
- John Leyden, The Register: Windows 7 UAC shutoff ‘bug’ leaves Microsoft unmoved
- Larry Seltzer, PCMag, SecurityWatch: Is UAC Emasculated in Win7?
- Long Zheng, I Started Something: Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code)
- Long Zheng, I Started Something: Microsoft dismisses Windows 7 UAC security flaw, continues to insist it is “by design”
- Paul Thurtott, Supersite for Windows: Microsoft response to UAC ‘issue’
- Tom Warren, Neowin.net: Microsoft: Malware can disable UAC in Windows 7 ‘by design’
- Tom Warren, Neowin.net: Microsoft insists UAC vulnerability is not a flaw
- Rafael Rivera, Within Windows: Malware can turn off UAC in Windows 7; “By design” says Microsoft
- Sumeeth Evans, Bink.nu: UAC security flaw in Windows 7 beta (with proof of concept code)
- Swa Frantzen, SANS Diary: Windows 7 – not so secure ?