Microsoft claims Windows 7 UAC flaw is by design

Woody leonhard
By Woody Leonhard

Changes to User Account Control are designed to make Win7 less annoying, but they also make the OS vulnerable, according to a prominent researcher.

A very simple Visual Basic script — which in many cases runs without any prompts — can disable UAC completely, without warning.


Attempts to enhance UAC make it vulnerable

On Jan. 30, Windows über-geek Long Zheng posted a detailed explanation of a security flaw he had discovered in the Windows 7 beta, along with working proof-of-concept code. The next day, Microsoft responded with a lengthy riposte, declaring “[t]his is not a vulnerability” and refusing to fix the problem when Windows 7 ships later this year. And therein lies a story …

Anyone who has used Windows Vista for any time at all has encountered UAC, the vilified but effective security feature that dims the screen and forces you to click, click, and click again before you’re allowed to make changes to your PC.

Yeah — I hate UAC, too.

Windows 7, which is expected to ship as early as this summer, takes great strides to reduce the number of clicks required to perform many common tasks. If you use an administrator account, Win7’s Action Center lets you set a slider to choose among four levels of UAC intrusiveness, er, accountability (see Figure 1).

This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.



Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 10, Windows 8, Windows 7, Firefox, Internet Explorer, Google, etc. Join our 460,000 subscribers!

Enter your email above to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.
The Windows 7, Vol 3 (Excerpt)

Subscribe and get our monthly bonuses - free!

The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!

= Paid content

All Windows Secrets articles posted on 2009-02-05:

Woody Leonhard

About Woody Leonhard

Woody Leonhard is a Windows Secrets senior editor and a senior contributing editor at InfoWorld. His latest book, the comprehensive 1,080-page Windows 8 All-In-One For Dummies, delves into all the Win8 nooks and crannies. His many writings tell it like it is — whether Microsoft likes it or not.