Another Sign That Vista Is Half Baked… UAC Is Easy For Coders To Bypass

I’ve made no secret of the fact that I think Vista sucks isn’t all that it’s cracked up to be. But I read something a few minutes ago that really says to me that I should stick with XP. Free software developers from the non-profit NeoSmart Technologies have published a report detailing their experience with coding around Windows Vista’s UAC (User Account Control) limitations, including the steps they took to make their software perform system actions without requiring admin approval or UAC elevation. Their conclusion? That Windows Vista’s improved security model is nothing more than a series of obstacles that in reality only make it more difficult for honest guys to publish working code and not actually providing any true protection from malware authors. Note the key comment from these guys:

“Perhaps most importantly though, is the fact that Windows Vista’s newly-implemented security limitations are artificial at best, easy to code around, and only there to give the impression of security.”

The only upshot is that the methods that they employed make the code more secure in some ways, but still it’s a bit of a hole. I can’t wait for Microsoft to respond to the fact that their annoying pop ups telling you to cancel or allow something are just bullshit there for show and don’t actually provide any security.

Oh, here’s a document that describes what User Account Control is supposed to do for you.

One Response to “Another Sign That Vista Is Half Baked… UAC Is Easy For Coders To Bypass”

  1. libray Says:

    The iReboot application still needs to be verified to run. After granting access to run, the application can become whatever it needs, within limitations that they found. In UNIX term, what they have done is install a cron job that runs as root, that executes a user-writable file. Give anyone enough rope.

Leave a Reply