Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tricking Vista's UAC To Hide Malware

Posted by kdawson on from the protective-coloration dept.

Vista's User Account Control, love it or hate it, represents a barrier against unwanted software getting run on users' computers. A Symantec researcher has found a simple way to spoof UAC and says that it shouldn't be completely trusted. The trick is to disguise the UAC warning dialog in the color associated with alerts generated by Windows itself.

9 of 221 comments (clear)

  1. Importance? by MrNonchalant · · Score: 3, Funny

    "Would the user treat this UAC with the same amount of caution?" His answer: No. Users will, as Microsoft intended when it selected those colors, note the teal border of the spoofed UAC and likely click through without a second thought, he said.
    I've been using Vista for a month. There were color differences?
  2. Better listen up, guys... by Donniedarkness · · Score: 5, Funny

    Better listen up; this is coming from Symantec, the guys that brought us Norton Internet Security. These guys KNOW how to really mess computers up.

    --
    Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
  3. or, get it to look like spam by 192939495969798999 · · Score: 4, Funny

    Just get it to vibrate around like those horrible "you're the 99999th visitor!" pop-ups, and anyone would click whatever to get rid of it. Furthermore, you could change it to one of those "are you stupid?" pop-ups, that the "no" button moves around. There are a zillion ways to get someone to click the button you want.

    --
    stuff |
  4. Re:paraphrase by risk+one · · Score: 5, Funny

    Hooray for apathy!
    Meh... it's alright, I guess. I could take it or leave it.
  5. Re:paraphrase by SydBarrett · · Score: 3, Funny

    So, Vista is gonna prevent me from winning Ipods?

    Screw that, if i'm the 999,999th vistor I deserve a prize and I dont care what no washington computer fatcat wants to do with my internet windows.

  6. Re:Anti-Virus makers, make Virus.... same old scar by Knux · · Score: 2, Funny

    Actually, I feel quite secure with my XP SP2 behind a well configured router, without any anti-virus. I don't think I've got any viruses on it, but if I do, it doesn't feel as slow as a computer running Norton.

  7. Doom!!! by Anonymous Coward · · Score: 1, Funny

    Come on, we've all played Doom. Are you honestly going to trust something named UAC?

  8. Re:I didn't think it was that difficult by Strudelkugel · · Score: 2, Funny

      From what I understand, the UAC thing comes up all the time

    It does not.

    I'm rather amazed at the number of posters who criticize Vista without having used it. Many people make good points about the all-or-nothing permission granting of the UAC, but it is better than having people run as Admin. My guess is that the typical user will still run as admin most of the time, since it's convenient. Microsoft should guide people through the simple steps of setting up a user account when the OS first comes up. It's less hassle than typing in the license key. Then again, I don't have a boxed version of Vista, so maybe they say something about that in the retail version.

    --
    Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
  9. Re:Yet another bad car analogy by Anonymous Coward · · Score: 1, Funny

    I don't think it would be that big of deal. Whenever you take your Mercedes in for its biweekly trip to the repair shop, just tell the mechanic to change out the lightbulb while he's fixing whatever alse went wrong with it this time.