Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tricking Vista's UAC To Hide Malware

Posted by kdawson on from the protective-coloration dept.

Vista's User Account Control, love it or hate it, represents a barrier against unwanted software getting run on users' computers. A Symantec researcher has found a simple way to spoof UAC and says that it shouldn't be completely trusted. The trick is to disguise the UAC warning dialog in the color associated with alerts generated by Windows itself.

3 of 221 comments (clear)

  1. C'mon, give MS a break here! by pla · · Score: 5, Insightful

    That pops up a UAC dialog, but because RunLegacyCPLElevated.exe is set to run those Control Panel plug-ins with full administrative privileges, the dialog is bordered by Vista's own greenish color to signify the file is part of the operating system.

    So we make fun of Homeland Security for their meaningless color-coded threat levels, but take the colored borders of confirmation dialogs on Vista as gospel?

    Sorry, this does not constitute a threat. Just one more indication that we need some form of licensure before letting people anywhere near a computer.



    I'll gladly join in on the MS bashing - when appropriate. In this case, any blame rests solidly with users who have no idea what they should or shouldn't let run on their computers.

  2. Better listen up, guys... by Donniedarkness · · Score: 5, Funny

    Better listen up; this is coming from Symantec, the guys that brought us Norton Internet Security. These guys KNOW how to really mess computers up.

    --
    Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
  3. Re:paraphrase by risk+one · · Score: 5, Funny

    Hooray for apathy!
    Meh... it's alright, I guess. I could take it or leave it.