Coding Around UAC's Security Limitations

Coding Around UAC's Security Limitations-> 0

Submitted by Mariam on Sunday April 27 2008, @08:04AM

Mariam writes "Free software developers from the non-profit NeoSmart Technologies have published a report detailing their experience with coding around Windows Vista's UAC limitations, including the steps they took to make their software perform system actions without requiring admin approval or UAC elevation. Their conculsion? That Windows Vista's improved security model is nothing more than a series of obstactles designed to give the impression of an improved security architecture, while in reality only making it more difficult for honest ISVs to publish working code and not actually providing any true protection from malware authors.

Perhaps most importantly though, is the fact that Windows Vista's newly-implemented security limitations are artificial at best, easy to code around, and only there to give the impression of security. Any program that UAC blocks from starting up "for good security reasons" can be coded to work around these limitations with (relative) ease. The "architectural redesign" of Vista's security framework isn't so much a rebuilt system as much as it is a makeover, intended to give the false impression of a more secure OS.

"
Link to Original Source

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.