33 Comments(s). 1 Pages(s). Showing page 1. [ 1 ]

   #29. Posted at 05:56 PM on May 17th 2007, Edited at 06:28 PM on May 17th 2007 Edit   Reply
axeman
You can't really blame Microsoft, but given that about 95% of existing software craps out in some way on Vista without elevated privileges, the average Vista user is getting so desensitized by the UAC prompt that it is pretty much useless already. Where I think we can point the finger at Microsoft, is the fact that you can just click on "continue", whereas on Mac and Linux platforms, privilege elevation usually requires entering a password. Were Microsoft to make UAC _more_ intrusive, the backlash against software vendors would probably more motivating to fix their crap. The simple fact of the matter is, that most (not all by any means) software that refuses to run as a non-privileged user would be a cinch to fix, if the developers actually paid a little attention to setting permissions on required registry keys and files properly.

What actually makes me grin with sick fascination, is that when you combine all factors is that Vista ends up being just as vulnerable to malware infections as any other Windows OS. In fact, in my personal experience is that the "increased security" in Windows Vista often makes it more difficult to remedy such infections, as well as the fact as that some malware breaks the OS in ways that the authors never intended, increasing the fun...
collapse
#29, Spoken like someone who has never booted Vista before in the...  :  Sahrin  (#32)  «
#32, Yeah, since you use it yourself on one computer, whereas...  :  axeman  (#33)  «

   #3. Posted at 10:29 AM on May 17th 2007 Edit   Reply
IntelMole
This just in: users are stupid.

UAC can't protect against social engineering, nor should it be expected to.
collapse
#3, " This just in: users are stupid." Now, that's a good attitud...  :  Cuhulin  (#9)  «
#9, No, if software companies were to actually adopt the 'use...  :  BiffStroganoffsky  (#12)  «
#12, Vista is written from the "Users are stupid" standpoin...  :  Sahrin  (#31)  «
#3, Hey now, if the UAC couldn't detour the legions of hell, how...  :  krazyredboy  (#13)  «
#3, I'm not sure this is quite a case of users being stupid. If ...  :  blastdoor  (#23)  «
#3, arn't you a user?  :  albundy  (#27)  «
#27, Power User. Big difference :-P  :  IntelMole  (#30)  «

   #28. Posted at 05:52 PM on May 17th 2007 Edit   Reply
albundy
ms should make the next version of windows completely unusable, that way users will never have problems.
collapse

   #26. Posted at 05:33 PM on May 17th 2007 Edit   Reply
Flowboy
UAC gives you information about the program including publisher and digitial signature information, which would have changed for malware. So long as you read the UAC prompt and check, you're fine.
collapse

   #4. Posted at 10:32 AM on May 17th 2007 Edit   Reply
Usacomp2k3
That's why people need to run themselves as non-administrators and the programmers need to get with the program and learn how to code without needing any elevated privileges. I think this will come with time, but I'll all for an accelerated development.
collapse
#4, For real. I'm not sure how it is now, but a year ago, the la...  :  Corrado  (#10)  «
#4, That is exactly the #1 reason why Linux is more secure than ...  :  Krogoth  (#11)  «
#11, "#4, That is exactly the #1 reason why Linux is more secu...  :  ManAtVista  (#24)  «
#24, Those bad, bad developers -- ruining a perfectly good ...  :  blastdoor  (#25)  «

   #2. Posted at 10:28 AM on May 17th 2007 Edit   Reply
blitzy
out of curiousity would this exploit be possible in linux or os x?
collapse
#2, Well, not quite the same way as this exploit would have to b...  :  Logdan  (#5)  «
#5, I second the initial question for OS X. Are there situati...  :  nstuff  (#14)  «
#14, I'd like to hear an answer from someone more knowledge...  :  blastdoor  (#21)  «
#2, yes, this is (to date) the only way to infect an OS X machin...  :  derFunkenstein  (#20)  «
#20, How so exactly? It sounds like the malicious program woul...  :  blastdoor  (#22)  «

   #1. Posted at 10:22 AM on May 17th 2007 Edit   Reply
StefanVonS
While it is an interesting vulnerability, I agree with Microsoft's response... it is not possible to account for every scenario such as when a user, deliberately or otherwise, downloads and executes malware.
collapse
#1, " While it is an interesting vulnerability, I agree with Mic...  :  Cuhulin  (#6)  «
#6, Wow... I nominate Cuhulin head of Better Business Bureau....  :  StefanVonS  (#15)  «
#6, So cars don't need bumpers or seatbelts? The entire point ...  :  Byte Storm  (#16)  «
#16, Well said Byte  :  StefanVonS  (#17)  «
#6, You complain that Windows allows you to edit shortcuts in...  :  Mithent  (#18)  «
#6, First of all, the bumper/seatbelt analogy is flawed, as B...  :  TheTechReporter  (#19)  «

   #7. Posted at 10:49 AM on May 17th 2007, Edited at 10:50 AM on May 17th 2007 Edit   Reply
provoko
Is this humor? It starts with a user downloading the trojan.... It would have been funnier if it said "INITIALLY the user gives away his or her credit card number.... or password... or bank account number....."
collapse
#7, Given the number of published programs that have contained v...  :  Cuhulin  (#8)  «
33 Comments(s). 1 Pages(s). Showing page 1. [ 1 ]
 
Name/Password: / Remember
Reply to:
[click to clear]

[RED] [GREEN]
[BOLD]
[ITALIC] [STRIKE]
[UNDERLINE]

Notice: All posts should abide by the rules, please.
Note: Ctrl-Enter submits the post. (In IE)
DThread keys: Click on a reply to position the blue bar. 'A'/'Z' move it up/down.
Jazztags: (they MUST be closed)
    r{ red }r     g{ green }g     /[ italic ]/     *[ bold ]*
    _[ underline ]_     -[ strike ]-     s[ sample ]s     o[ spoiler ]o  q[ (QUOTE) ]q