Microsoft Urges Windows Users to Keep UAC Enabled
Microsoft, during the 1st-week of August 2011, recommended users that they should keep a security feature of Windows that's frequently criticized enabled, despite its warnings that additional malicious programs are deactivating the tool. ComputerWorld published this on August 5, 2011. MMPC the Microsoft malware Protection Center stated that malicious software kept on disabling UAC in attempts to so camouflage itself that the user wouldn't know it existed on his computer.
Significantly, for disabling UAC, the exploit should abuse a security loophole, which lets the attacker acquire admission into admin privileges -Microsoft names this loophole "privilege elevation" flaws- alternatively so dupe the end-user that he voluntarily hits on the "OK" button an a dialog box from UAC.
Curiously, there aren't any specific numbers that MMPC provides of users who maybe performing this, however, it stated that on a particular day just past it discovered almost 23% of computers that were contaminated with seriously harmful worms and rootkits when on those systems the UAC had been deactivated.
Meanwhile, security researcher Joe Faulhaber of MMPC says that merely 3 methods are into existence beginning with utilizing an attack code for striking a service that bears admin rights via default, a trick, which apparently has worked within an increasing number of instances.
When a malicious program manages doing so much it can disable UAC thereby halting all requests for administrative rights following a restart the user becomes aware of. Another technique is via deceptively getting the end-user to choose "OK" whilst a UAC dialog box surfaces. And the 3rd route involves contaminating a computer on to which the UAC feature had been already deactivated, an action Microsoft perceives is currently going on as some end-users don't wish to have UAC dialog boxes disturbing their computer operations.
All sample of Alureon rootkits, the Sality worm, the Bancos banker Trojan, Autorun worms and the FakePAV scareware deactivated UAC, Faulhaber disclosed. ZDNet published this on August 8, 2011.
Meanwhile, with an ever-increasing use of the technique, security software of Microsoft, particularly the company's Security Essentials AV application is currently monitoring UAC for spotting disruptive acts as those could suggest the presence of malware.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 16-08-2011