Get Connected With Aubrey

You could also turn off UAC in Windows Vista. Ultimately it is up to the user to turn it of the same way it is not to install an anti-virus. Microsoft will recommend leaving it on, but ultimately it's the user's choice.

I can't belive they haven't come up with some sort of mitigation for this - this was the one of the main arguments for the design of UAC in Vista. They wouldn't have just "given up".

Seriously it can be a  massive one... I havn't gone through documentations but maybe it is an option that cannot be changed programatically... Like Turning off System Restore...

There is no prompt only when you already have UAC set to "Don't notify me when I make changes to Windows settings"

This makes sense, this option all but completely neuters UAC anyway.  With this mode set it's possible to install drivers, create new tasks with the "Run with higher privileges" and perform various other tasks that would ultimately allow user defined scripts or code to run.

The vulnerability here is allowing anything, absolutely anything anywhere, to run with administrative rights without a UAC prompt first.

Holy crap, do you HONESTLY think they haven't thought of this?

Claiming they haven't is almost as bad as claiming you'd do a better job!

"Turning UAC off does not cause any sort of a prompt"

Are you saying that changing the SETTING of UAC to off (when UAC is enabled) is accepted by windows without any prompting?  Or that once you turn UAC off you see no prompts for system changes (which I would expect)?

dugbug,

Disabling the UAC does not require a prompt. Once it's disabled, nothing requires a prompt.

Turned off UAC requires a prompt if UAC was fully enabled.  This is secure.

Turning off UAC doesn't require a prompt if UAC was already set to "don't prompt when Windows asks".  This isn't secure, but this setting is already unsecure in so many ways that being able to turn UAC off completely doesn't even make the list.

How about putting the UAC control panel applet on the secure desktop, just like CardSpace? That should stop this hack very easy!

For crying out loud: ditch UAC and stop running as admin! It's so bl**d1 simple...

I pointed Bill Pytlovany to your blog post, Aubrey.  His response:  

"WinPatrol v16 wlll include a feature that lets you know if your UAC settings have changed."

twitter.com/.../1163371356

WinPatrol v16 Beta has been working splendidly on Windows 7.  This new feature will be yet another plus.

I checked the post, and i also think it is very SERIOUS ISSUE, and i don't think, it is difficult for MICROSOFT to change this thing, so that whenever UAC settings are changed, it must be notified to the USER.

Really a serious issue !!!!!!!!!!!

The issue seems to be gaining more momentum, so I'm sure something is going to change between now and release.

Security is important and necessary. M$ has simply been doing it the wrong way and trying to satisfy all while ending up enraging all.

The whole idea of UAC is flawed to begin with and should be useful only to savvy administrators. A major issue with UAC is that it unloads all the security burdens to the user, who would probably not have the time/effort and security savvy to interpret all the messages and decide quickly at the spot. Secure configuration is necessary, and user-friendly warnings are desirable. But for an average user M$ shall at least provide sufficient defaults for access control, and its UI designers shall not have made the user-friendly messages confusing and meaningless.

I'd say, the best bet is rule-based access control with an adequate set of default settings (5 levels is probably enough). That way, the user can decide or even define which actions should cause warnings and UAC confirmation and which ones would not. And if the user doesn't even know what those actions are, then they should not touch the rules.