Windows 7: Poking holes in Vista's UAC umbrella
Once again, Microsoft's obsession with the consumer market leaves enterprise customers exposed.
Follow @infoworldIs UAC in Windows 7 broken? That's what some IT Windows community agitators are saying. They claim that one of the most critical system settings in all of Windows 7 -- the on/off switch for UAC (the User Account Control) -- can be compromised using nothing more than a simple VBScript file.
On the surface, their claim seems to have some credibility. However, Microsoft has been quick to deny that what these people have discovered is in fact a flaw. Rather, the behavior observed is by design, and furthermore could not be exploited without complicity on the user's part (i.e., a social-engineering attack).
[ Get the scoop on Windows 7 performance and usability in InfoWorld's special report. ]
I believe that both sides are correct. The particular exploit in question requires that the user somehow introduce the VBScript file (or comparable malware payload) to their system -- either through a download, file copy, or similar operation.
However, the fact that once introduced said script can so easily take out Windows 7's primary line of defense (just don't call it a "security boundary"!) shows how ill-conceived this version's UAC implementation really is.
What Microsoft was thinking, and why it's a lazy approach
Microsoft's goal in dumbing down Windows 7's UAC was to eliminate the frequent double-clutch nag prompts that drove so many Vista users crazy (myself included). Want to enable a network connection in Vista? Nag prompt. Want to disable this same connection you just enabled? Another nag prompt, even when the very last task you performed was to enable it.
Simply put, Vista's UAC lacks any sense of state or context. Basic operations, like modifying files in a protected folder, cause a parade of nag prompts -- at least two for each operation: One to warn you that your initial attempt resulted in an "access denied" error (because you're running in deprecated Administrator context) and a second to confirm that you want to elevate your security context so that the operation can succeed.
