• Total Members: 12780
  • Latest: eduard
  • Total Posts: 28049
  • Total Topics: 8055
  • Online Today: 862
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: Microsoft: Malware can disable UAC in Windows 7 'by design'  (Read 1823 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7152
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

A month has barely passed since the public beta debut of Windows 7 and we have our first horror story.

UAC (user account control) was the major gripe with Windows Vista which annoyed most tech savvy users and confused ordinary consumers. Microsoft has changed the behavior in Windows 7, lowering the requirement for user interaction when changing system settings. The apparent downside to this is, according to reports, the way Microsoft has changed the behavior makes it extremely easy for malware authors to write code to disable UAC without user intervention.

By default, Windows 7's UAC setting is set to "Notify me only when programs try to make changes to my computer" and "Don't notify me when I make changes to Windows settings". Microsoft makes the distinction between a (third party) program and Windows settings with a special signed Windows 7 security certificate. The applications/applets which manage Windows settings are signed with this certificate. Control panel items are signed with this certificate so they don't prompt UAC if you change any system settings.

The issue is as these applets are signed to not prompt for UAC, you could emulate some keyboard inputs and within a few moments have UAC disabled on a machine without user interaction. Rafael Rivera has done exactly that and posted concept code using some simple VBScript at his site. Malware authors could easily bake this into a fake program to trick the user to execute it.

You'd think this would be easy to fix right? Well you're right but beta testers have been filing bugs with Microsoft (via its connect program) and have met resistance from the software company when Microsoft employees state the behavior is "by design". We have contacted company officials for a statement on the issue but at the time of writing have not received a response.


Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising