Friday, January 30, 2009

WinPatrol to Plug UAC Security Flaw In Windows 7

One of my favorite features of Windows Vista and also the feature most loudly complained about in the press is UAC (User Account Control). In response to the outcry, Microsoft introduced changes to UAC in Windows 7, providing four levels of UAC.

"Always notify me," described below in the list of Windows 7 UAC Settings, is the default setting. As Long Zheng explains,
"By default, Windows 7’s UAC setting is set to “Notify me only when programs try to make changes to my computer” and “Don’t notify me when I make changes to Windows settings”. How it distinguishes between a (third party) program and Windows settings is with a security certificate. The applications/applets which manage Windows settings are signed with a special Microsoft Windows 7 certificate. As such, control panel items are signed with this certificate so they don’t prompt UAC if you change any system settings.

The Achilles’ heel of this system is that changing UAC is also considered a “change to Windows settings”, coupled with the new default UAC security level, would not prompt you if changed. Even to disable UAC entirely."
As Long points out, until or unless Microsoft fixes this flaw, the current work-around is to change the default UAC policy to “Always Notify”. This will force Windows 7 to notify you even if UAC settings change.

Enter my hero:

Bill Pytlovany, the developer of WinPatrol, rides to the rescue with Scotty the Windows Watchdog, protecting Windows users from Windows 95 through Windows 7. Watch for a new release of WinPatrol v16:
"WinPatrol v16 will include a feature that lets you know if your UAC settings have changed."
Update: See WinPatrol v16 Monitors Changes to UAC

Windows 7 UAC Settings
:
  1. Always notify me and dim my desktop until I respond -- This is the most secure setting.

    The Secure Desktop (dimming) will be employed providing notification before programs make changes to your computer or Windows settings that require the permissions of an administrator.

  2. Always notify me -- This is a medium level of security setting.

    According to Microsoft there is a small security risk using this setting if you already have a malicious program running on your computer. You will be notified before programs make changes to your computer or Windows settings that require the permissions of an administrator. The UAC dialog box is not on the Secure Desktop with this setting. As a result, other programs might be able to interfere with the dialog's visual appearance.

  3. Notify me only when programs try to make changes to my computer -- This setting has a medium level of security.

    You will be notified before programs make changes to your computer that require the permissions of an administrator. You will not be notified if you try to make changes to Windows settings that require the permissions of an administrator. You will be notified if a program outside of Windows tries to make changes to a Windows setting.

  4. Turn off UAC -- This is the least secure setting.

    You will not be notified before any changes are made to your computer. If you are logged on as an administrator, programs can make changes to your computer without you knowing about it. If you are logged on as a standard user, any changes that require the permissions on an administrator will automatically be denied.

References:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: