UAC Whitelist Hole In Windows 7

David Gerard writes "Microsoft tried to make Vista secure with User Access Control (UAC). They relaxed it a bit in Windows 7 because it was such a pain in the backside. Unfortunately, one way they did this (the third way so far found around UAC in Windows 7) was to give certain Microsoft files the power to just ... bypass UAC. Even more unfortunately, one of the DLLs they whitelisted was RUNDLL32.EXE. The exploit is simply to copy (or inject) part of its own code into the memory of another running process and then telling that target process to run the code, using standard, non-privileged APIs such as WriteProcessMemory and CreateRemoteThread. Ars Technica writes up the issue, proclaiming Windows 7 UAC 'a broken mess; mend it or end it.'"

OSX

[dna_(c)(tm)(r)]

The whole sudo thing is what he means by "admin account." [...]the point is that OS X has a flawed implementation that allows anyway who can sudo to write to the Applications directory without sudoing.

The sudo 'implementation' has nothing to do with it.

The /Applications directory has rwx for owner and (admin) group. The subdirectories belonging to applications (e.g./Applications/OpenOffice.org.app) belong to the admin user that installed them. A normal user has only rx, and can not delete/move apps. Every admin can without using sudo.

In Ubuntu the /usr/bin directory belongs to root:root and in order to move/remove apps you have to elevate your privileges. Most Linux disttributions come with a software management application (apt-get, yast,...) that requires you to sudo. I think it's more a question about how well thought through the software management is. It's better in Debian/Ubuntu than in OSX which in turn is far better than XP/Vista/Win7.

Of course, that's just an opinion.