Coding Around UAC's Security Limitations
Mariam writes "Free software developers from the non-profit NeoSmart Technologies have published a report detailing their experience with coding around Windows Vista's UAC limitations, including the steps they took to make their software perform system actions without requiring admin approval or UAC elevation. Their conclusion? That Windows Vista's improved security model is nothing more than a series of obstacles that in reality only make it more difficult for honest ISVs to publish working code and not actually providing any true protection from malware authors. Quoting from the post: 'Perhaps most importantly though, is the fact that Windows Vista's newly-implemented security limitations are artificial at best, easy to code around, and only there to give the impression of security. Any program that UAC blocks from starting up "for good security reasons" can be coded to work around these limitations with (relative) ease. The "architectural redesign" of Vista's security framework isn't so much a rebuilt system as much as it is a makeover, intended to give the false impression of a more secure OS.'"
Some clever programmers found a way to force a Vista PC to obey a user with admin rights.
I'm sure there will be a patch to fix this glaring security hole in the next batch of updates.
Help stamp out iliturcy.
Gee, sounds to me like UAC is working exactly the way it should!
Something from MS working like it should... sounds strange, isn't it? And what's more - Slashdot agrees that it works!