Modified UAC in Windows 7 Creates Trouble for Security Experts

With Microsoft's much hyped novel Windows 7 OS (Operating System) getting released on October 22, 2009, security specialists stated that the OS had a remnant (carry-over) component from Vista in the form of UAC (User Account Control). This component is capable of threatening the security of a computer, as reported by Mxlogic on October 22, 2009.

The specialists warned that while corporate IT personnel had reasons to be happy about the novel security features packaged inside Windows 7, consumers actually continued to be in danger of being attacked by malware in spite of modification in the UAC.

Media reports reveal that Vista users complained of being blasted with alerts. Consequently, many users were probably simply overlooking them.

But Windows 7 allows users to set the frequency of alert notifications by default. Moreover, the notification would appear when an intermediate (third party) program is making any modification and when the UAC itself is altered.

Nevertheless, a hacker could insert malware and exploit Windows 7 components that would automatically allow bypassing UAC and gaining complete control over the system, warned the specialists.

Ray Dickenson a security researcher wrote on the Safe Central Blog dated October 15, 2009 that Windows 7 worked as a means for Microsoft to retreat to the UAC feature that enhanced usability to a great extent.

Dickenson said that he personally found Windows 7 much better compared to Vista. This observation appears significant as UAC made Vista usage extremely unpleasant and decelerated the adoption of a more security enhanced OS.

According to a security researcher at Sophos, another problem associating the default UAC configurations relates to malware eluding the system by injecting itself into an authorized application and executing thereof. In fact, some malware did impersonate UAC prompts for acquiring consent towards unimpeded operation, as reported by ZDNet Asia on October 23, 2009.

Eventually, security experts stated that the biggest e-threat continued to be web-based attacks via compromised sites, which exposed end-users to drive-by download assaults and trojans concealed in executable archives that antvirus filters might fail to recognize.

» SPAMfighter News - 11/4/2009