Russinovich (Technet) on Win 7 UAC

[Scotteq]

http://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx


It's a good read, and worth the time.

 

[r_manic]

Based on my quick browse (sorry, a bit busy right now), they still haven't a crucial flaw in the UAC system: any program that can pass itself off as an admin will get full access, and may actually hijack the escalation dialog to pass itself off as legit to a less savvy user.

 

[Scotteq]

Based on my quick browse (sorry, a bit busy right now), they still haven't a crucial flaw in the UAC system: any program that can pass itself off as an admin will get full access, and may actually hijack the escalation dialog to pass itself off as legit to a less savvy user.

This has been covered time and again: That is NOT inherent in the operating system. It's a bootkit exploit that changes system files as they load into active memory on startup. This means the person hacking your computer has to be physically sitting there for the exploit to work, and that the vulnerability goes away when you no longer boot to said corrupted media.