Another Mac OS X hack challenge launched | TalkBack on ZDNet

On MovieTome: The 10 worst movies of 2009 so far!

BNET Business Network:: BNET; TechRepublic; ZDNet

TalkBack 36 of 64:: Next »; « Previous

Thread View
Flat View

Not True: No, you are actually confusing UAC with "Run As". You can definitely us Run As to prevent the scenario you describe, but UAC would not help in that case. UAC does use Run As, but not for this circumstance. Think about it, your user token does not change with UAC. You are correct that certain rights are stripped out, but only the admin rights, not your user rights. Otherwise, EVERY time you edit a file, you would be forced to have UAC prompt you. Otherwise, how else does UAC distinguish between a "hack" and a legitmate request?

For more details:
http://www.microsoft.com/technet/windowsvista/security/uacppr.mspx

UAC does save you if a privilege escalation exploit exists. So in your example, say IE7 is hacked. Now, using an escalation trick, the hacker is able to gain admin rights. Now, when he tries to delete a system file, UAC finally comes to the rescue because even an admin no longer has the rights to delete a system file by default and the user must manually confirm that this is the action they want to take.

Overall, UAC is great and I'm very hapy Vista will have it, but we should be realistic about what it does.; Posted by: java.user Posted on: 03/08/06 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Wow, yes, did not realize the last hack was because accounts were given out DonnieBoy | 03/07/06

We don't even know that tic swayback | 03/07/06

True, untill the give more information, this tells us nothing. DonnieBoy | 03/07/06

Credit? Fred Fredrickson | 03/07/06

They HAD to follow up on it BitTwiddler | 03/08/06

they did mention linuxoverwindows | 03/08/06

ZDnet was misleading! An_Axe_to_Grind | 03/08/06

So who is taking bets? No_Ax_to_Grind | 03/07/06

... FreeBSD | 03/07/06

So before the machine is even compromised ... ShadeTree | 03/08/06

RE: So who is taking bets? crash89 | 03/07/06

Haven't your heard? There is one born everry minute. (nt) No_Ax_to_Grind | 03/07/06

Tada!!! 5th Limb in the Kisser | 03/07/06

Pretty Scary crash89 | 03/07/06

one born... linuxoverwindows | 03/08/06

Professional Hackers won?t advertise ?, a novice might, but ... (NT) Vily Clay | 03/07/06

Professional Hackers? Is there such a thing? Laff | 03/07/06

Oh, you believe that Osama is a dilettante because ... Vily Clay | 03/07/06

At first I was going to say that Hacker to Terrorist was quite a stretch! Laff | 03/08/06

Professional... jasonp@... | 03/08/06

heh heh heh .... So are you saying there are those who Laff | 03/08/06

distorted image linuxoverwindows | 03/08/06

Can't the just call programers....programers? Laff | 03/08/06

Laff, who's Osama - a professional or a dilettante? (NT) Vily Clay | 03/08/06

definition... linuxoverwindows | 03/08/06

You don't work in the intelligence field Chad_z | 03/08/06

Define people who are making a living by high-scale hacking (NT) Vily Clay | 03/08/06

I'll bet you that you'll LOSE!!! 5th Limb in the Kisser | 03/07/06

ZDNet isn't Richard Flude | 03/07/06

Thanks, Dave. zdnetGuy | 03/07/06

Kind of silly if you ask me toadlife | 03/07/06

Yup NonZealot | 03/07/06

Still a major advantage Richard Flude | 03/07/06

Incorrect java.user | 03/08/06

Correction george_ou | 03/08/06

Not True java.user | 03/08/06

Not. nomorems | 03/08/06

i agree with this linuxoverwindows | 03/08/06

And yet.. nomorems | 03/08/06

Nobody EVER listens to me! JetJaguar | 03/07/06

Nope, not good enough Boot_Agnostic | 03/08/06

like this? linuxoverwindows | 03/08/06

btw: that was in a 24hr period. linuxoverwindows | 03/08/06

Well, that should make anybody feel warm and fuzzy Boot_Agnostic | 03/08/06

i would feel special... linuxoverwindows | 03/09/06

The results are in! crash89 | 03/08/06

I wish this guy would do the same test with a Windows XP product mlindl | 03/08/06

well, i would say... linuxoverwindows | 03/08/06

i like the idea myself Monkey_MCSE | 03/08/06

For your infrmation j.m.galvin | 03/08/06

then it sounds fair to test... linuxoverwindows | 03/08/06

I forgot one thing j.m.galvin | 03/08/06

so macs really are unhackable corticus | 03/08/06

It's more secure than Windows Chad_z | 03/08/06

Great Idea miked@... | 03/08/06

in my post above... linuxoverwindows | 03/08/06

Just saying Boot_Agnostic | 03/08/06

Pointless ibabadur1 | 03/08/06

why do hax0rz hax0r? linuxoverwindows | 03/08/06

Most viruses don't attack port 80 or 443 anymore. Narg | 03/08/06

Why worry then? Immanuel Tranz-Mischen | 03/08/06

dont tell them our secret! linuxoverwindows | 03/09/06

No danger. Immanuel Tranz-Mischen | 03/09/06

but there are still some... linuxoverwindows | 03/09/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More