Microsoft 'neutered' UAC in Windows 7, says researcher

Blocks only 1 out of 8 Trojans from executing, claims Sophos

Microsoft's decision to reduce the number of annoying security messages that Windows 7 delivers when users install software makes the new operating system more vulnerable to malware infection than Vista, a researcher said today.

"UAC was neutered too much by Microsoft," argued Chester Wisniewski, a senior security advisory with Sophos, talking about Windows' Users Account Control (UAC), the security feature Microsoft debuted with Vista.

UAC prompts users for their consent before allowing tasks such as program and device driver installation to take place. In an effect to quash user complaints -- which had condemned the constant intrusions -- Microsoft modified UAC so it appears less frequently in Windows 7.

That wasn't a good idea, said Wisniewski.

"We wanted to know if UAC was going to be effective in Windows 7," he said. "So we grabbed the next 10 [malware] samples that came in and tried them out."

The 10 samples, most of them Trojan horses, were loaded onto a clean Windows 7 PC that lacked antivirus software, simulating payloads that an actual exploit would deposit on a compromised computer. Wisniewski then ran each piece of malware, as if a user had been duped into launching a file attachment or had surfed to a malicious site and been victimized by an drive-by attack and subsequent silent download.

Of the 10 samples, two would not run under Windows 7 -- not surprising since they were likely designed to execute on the far-more-common Windows XP and Vista -- and only one of the remaining eight triggered an UAC prompt, said Wisniewski.

He acknowledged that the test was quick-and-dirty, and didn't accurately portray how secure Windows 7 was overall, or even how well it would withstand attack if protected by antivirus software, even basic programs like Microsoft's free Security Essentials . The point was to see how much Windows 7's reconfigured UAC would help block malware that made it past security software or got by other defensive measures of the operating system, like DEP (Data Execution Protection) and ASLR (Address Space Layout Randomization).

"UAC is really not protecting users properly," Wisniewski said. "Frankly, people should turn it back into the more aggressive mode, like Vista," he said, speaking of the ability to set the feature's prompting frequency. "And if you find it annoying, you might just as well turn it off, because otherwise it's not doing any good."

UAC's effectiveness has been questioned before. Last February, for instance, a developer for a Virginia-based company that sells secure messaging software to the U.S. government and a well-known blogger claimed that a change to UAC 7 could be exploited by attackers to secretly disable the feature. Microsoft first denied that it was a bug, saying instead that it was by design, but then backpedaled and promised to fix the problem .

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftWindows 7

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?