Hacker flags 'very severe hole' in Vista UAC design

TalkBack 17 of 196:: Next »; « Previous

Thread View
Flat View

She's right: The user should have the option of installing a program without administrator privileges. If the installer then tries to change things it's not allowed to, the user can then be notified and asked to approve the change (assuming he/she has appropriate authority to do so).; Posted by: John L. Ries Posted on: 02/13/07 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Vista is all about DRM whisperycat | 02/13/07

no matter how cynical you get it's impossible to keep up broadway al | 02/13/07

Same song, millionth verse... bpolhemus@... | 02/13/07

Leftists are ignorant? salimbag | 02/13/07

Fees?? ericseba | 02/14/07

Per machine, not per Windows license mds_z | 02/15/07

Correction mds_z | 02/15/07

Proof? ericseba | 02/16/07

Why they agreed to that. Spiritusindomit@... | 05/21/08

You've proven his point mrleo1957 | 02/14/07

Monopoly - definition Dr. John | 02/14/07

Odd... Dr. John | 02/14/07

It's not an agreement everyone has Spiritusindomit@... | 05/21/08

wow...where is rod serling... cuz we must be in the twilight zone jmelnik | 03/09/07

Re: same song, millionth verse alflanagan | 02/14/07

Typical MSFT Attitude Chad_z | 02/13/07

She's right John L. Ries | 02/13/07

There are plenty of programs that don't need installation georgeou | 02/13/07

Just a question... zkiwi | 02/13/07

Installer needs admin, runtime does not georgeou | 02/13/07

That's the problem: stupid installers Leria | 02/14/07

Sims Dr. John | 02/14/07

Have to disagree, in part... 3D0G | 02/14/07

I agree Computer_User_1024 | 02/13/07

It's a choice, not a hole georgeou | 02/13/07

I have to take exception to this phrase Scrat | 02/13/07

But I can give you several examples georgeou | 02/13/07

What about developer tools? Mr_Dave | 02/13/07

It isn't a matter of dev. tools Mark Miller | 02/14/07

Or a problem with MS security mds_z | 02/15/07

the mac ad says it better broadway al | 02/13/07

Adds are for the simple minded. No_Ax_to_Grind | 02/13/07

And if you think I can't bring a Mac to it's knees ... mrlinux | 02/13/07

So, in your hypothetical example the Mac is copying Vista? Still Lynn | 02/14/07

simple minded broadway al | 02/14/07

All the experts say Vista is more secure. georgeou | 02/13/07

Dave (MS Zealot) Maynor? Rick_K | 02/13/07

Feature comparison Ryan Naraine

| 02/13/07

Over the Line Journalism yyuko@... | 02/13/07

hrmm.. dmaynor | 02/13/07

Take your choice klumper | 02/13/07

C'mon yyuko... Dr. John | 02/14/07

How Do You Know? Ole Man | 02/13/07

"expert"? drew1313 | 02/13/07

ONE PERSON = All the experts? V-Train | 02/14/07

Experts? Mercat | 02/15/07

Security really isn't everything larry@... | 02/13/07

Secure and usability terrym@... | 02/14/07

A voice of reason... Dr. John | 02/14/07

Metaphorically a problem. CyeKat | 05/02/07

There is such a thing. Dr. John | 02/14/07

Why should it be a choice? bportlock | 02/13/07

Because, silly... Dr. John | 02/14/07

numerous choices zoroaster | 02/13/07

An old joke solyom@... | 02/15/07

There goes ZDNet again Jaschink | 02/13/07

Just switch to MAC or LINUX kokuryu | 02/13/07

How Apple's security functions GuidingLight | 02/13/07

You're either living in Fantasyland... Gordon Gonsalves | 02/13/07

Your the one living a Fantasy jnimble | 02/14/07

Vista Most Secure? mwiley_z | 02/14/07

It was the most secure ever. Dr. John | 02/14/07

Before posting please understand what can you are opening... Mercat | 02/14/07

I apologise... Gordon Gonsalves | 02/15/07

How is this different from Mac installers? rlawler | 02/14/07

it depends... impala_sc | 02/14/07

You're right about OS X installers... Gordon Gonsalves | 02/15/07

Sort of maldain | 02/13/07

Yes, no, and sometimes... No_Ax_to_Grind | 02/13/07

Hacker - Vista design flaw. jnlubken@... | 02/13/07

Vista's security must be pretty good given all the FUD... ye | 02/13/07

Perhaps that explains... zkiwi | 02/13/07

Re: Vista's security must... alflanagan | 02/14/07

It's not the discussions that are FUD. It's the... ye | 02/14/07

The more secure your operating system is the more public each flaw becomes MacGeek2121 | 02/14/07

Ya know, if it weren't for all the ranting Kid Icarus-21097050858087920245213802267493 | 02/13/07

She complains of MS's Attitude! andrej770 | 02/13/07

Ah-1, ah2, ah3, rah rah rah, yeeeaahh! Microsoft Ole Man | 02/13/07

Taken from the original chant John Zern | 02/13/07

mean way to say right thing blindguyinanorgy@... | 02/14/07

In general there two levels of installation - period FirstNLastN | 02/13/07

UAC is Microsoft's sudo osreinstall | 02/13/07

Not quite the same TtfnJohn | 02/13/07

Sure it is. osreinstall | 02/13/07

But with Linux... KWierso | 03/09/07

It's not automatic/You misunderstand toadlife | 02/14/07

I can't decide wjkahlssmd@... | 02/14/07

The pragmatic side osreinstall | 02/14/07

The Ludicrous Side Dr. John | 02/14/07

You are not too bright. osreinstall | 02/14/07

Vista and XP alaniane@... | 08/30/07

Leave her alone!!! yyuko@... | 02/13/07

I wish I had your faith... bpolhemus@... | 02/13/07

I'm with yyuko Tranman123 | 02/13/07

Not relevant to the conversation John L. Ries | 02/13/07

The thing is... bpolhemus@... | 02/14/07

You shoulda been... Dr. John | 02/14/07

?? dmaynor | 02/13/07

Hmmm maldain | 02/13/07

Kind of Nemglan | 02/14/07

Message has been deleted. hegira1 | 02/13/07

Security is a matter of desire, and M$ isn't remotely interested njic@... | 02/13/07

You think your average geek user could care less about security mrjonno | 02/13/07

One big difference . . . njic@... | 02/13/07

That... IAHawkeye | 02/14/07

Where is Non Zealot on this one then! Tossing hirez | 02/13/07

Wil this problem be fixed in Windows 7? B.O.F.H. | 02/13/07

Focus a_lesueur@... | 02/13/07

MS = BS ghot@... | 02/13/07

You should... IAHawkeye | 02/14/07

This is completely damning. Resuna | 02/13/07

INSTALLERS!!! TacoSauce | 02/13/07

Two bad choices don't = a good choice ghot@... | 02/13/07

I used to feel your pain.... IAHawkeye | 02/14/07

history of ms os impala_sc | 02/14/07

A few you missed alaniane@... | 08/30/07

UAC Vulnerability? danzig6 | 02/13/07

There goes MS again solar_satellite | 02/13/07

I really LIKE Joanna Rutkowska! Jeff Hayes | 02/13/07

Not to mention... bpolhemus@... | 02/14/07

Cancel or Allow Reverend MacFellow | 02/13/07

Love the "Security" Apple ad Richard Flude | 02/14/07

She looks like Q in a wig! Reverend MacFellow | 02/13/07

If only MS TRIED to make Windows secure Macheads | 02/14/07

Just in the numbers O_tempore_o_more | 02/14/07

Russinovich and sysinternals doas777 | 02/14/07

Does she not understand the purpose of UAC? TasteeWheat | 02/14/07

Ever heard of... IAHawkeye | 02/14/07

Two different issues TasteeWheat | 02/14/07

Actually, I don't alaniane@... | 08/30/07

So what? It's Microsoft be damned no matter what. Winfan | 02/14/07

Hello IAHawkeye | 02/14/07

Linux and Mac require administrative privileges to install software too mail880277@... | 02/14/07

Have even used OS-X or Linux? Zen380 | 02/14/07

The password dialog is nothing more than a GUI... ye | 02/14/07

sudo does not equal root impala_sc | 02/14/07

Really... IAHawkeye | 02/14/07

There is the rub! miyojim | 02/14/07

most do not impala_sc | 02/14/07

Sorry to disappoint you Macheads | 02/15/07

UAC is a way for MS to say they tried robert@... | 02/14/07

You know... IAHawkeye | 02/14/07

MS = Mostly Secure? nick.bunyan@... | 02/14/07

Hard Labor Jail for Malware Writers ericseba | 02/14/07

You forgot... Dr. John | 02/14/07

Daily ericseba | 02/14/07

The Windows NT lineage is abnormal miyojim | 02/14/07

It sounds alaniane@... | 08/30/07

registry is a cancer way_z | 02/14/07

Forget Trying To Secure Windows... blackfalconsoftware@... | 02/14/07

Real Flaw or Bad Press? Narg | 02/14/07

Glass Ceiling Matt.Fahrner@... | 02/14/07

Listen to her MS can, but would it avail? miyojim | 02/14/07

Even if UAC wasn't automatic... rlawler | 02/14/07

Effective Administration by OS or Admin? emmarx1@... | 02/14/07

the point is automatic escalation is bad impala_sc | 02/14/07

LET'S TELL BILL! BALTHOR | 02/14/07

Another problem caused by not having a package manager Sxooter_z | 02/14/07

installing is an administrative task smarria@... | 02/14/07

compliant install process needed Mark Miller | 02/14/07

Correction Mark Miller | 02/14/07

Mac OS : drag & drop install impala_sc | 02/14/07

Package Installer is built in smarria@... | 02/14/07

Good idea.... Macheads | 02/15/07

One can tell ... ttocsmij | 02/14/07

Your email is so combative smarria@... | 02/14/07

I disagree, Rutkowska is right. impala_sc | 02/14/07

In other words ... ttocsmij | 02/14/07

what is holeless anyway blindguyinanorgy@... | 02/14/07

your a fool doas777 | 02/14/07

Secure OS Dr. John | 02/14/07

Excellent point!! ericseba | 02/14/07

Cite source please... jasonj@... | 02/14/07

Your email is so combative smarria@... | 02/14/07

"reduced previleges installer" alinconstantin | 02/14/07

rights control? impala_sc | 02/14/07

why heuristics? impala_sc | 02/14/07

Should We Boycott Windows Vista? Evisscerator | 02/14/07

Remember BillyBully Sowhatsupyouranus@... | 02/14/07

Facts versus Utopia a_gautier | 02/14/07

I beleive that sould not be considered a security flaw waldoalvarez00@... | 02/14/07

Security is human based Codexena | 02/15/07

perspective Codexena | 02/15/07

The Vista on sale isn't the Vista originally advertised. Dr_Zinj | 02/15/07

Got a little problem with Mark, huh? z3lk3 | 02/15/07

Security citizen_200@... | 02/18/07

vista lynster430@... | 02/20/07

Microsoft security and Russinovich someonewhoknows | 02/23/07

She's right- this is a major hole jbullis | 03/09/07

security isn't the issue inertman@... | 03/09/07

re: security isn't the issue Robert_JR | 03/23/07

RE: Hacker flags 'very severe hole' in Vista UAC design tatianahunt | 03/24/08

And yet... Spiritusindomit@... | 05/21/08

RE: Hacker flags 'very severe hole' in Vista UAC design DonBurnett | 07/24/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
CDW Services Overview: Unified Communications CDW Businesses that utilize unified communications solutions empower employees ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
Smart People The best and worst moves in the management and strategy trenches. Learn More

Read the original story

Hacker flags 'very severe hole' in Vista UAC design

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads