Get the best tech support and pay the lowest price on any Web hosting package with Avantex. Click here for more information.

SureMail™ is the most reliable email service there is. Get less spam and less email virusses. Unlimited autoresponders. Learn more by clicking here.
Get a free domain name when you host your site with Sun Hosting. Your choice of Linux or Windows. Click here.

Save thousands of dollars by building your own Web site. No programming skills necessary. No software to download or install. Learn more by clicking here.

A simple VBScript can disable UAC in Windows 7

Add to     Digg this story Digg this

January 31, 2009

With only a very simple VBScript, a user can now completely disable UAC (User Account Control) in Windows 7.

Here's what Microsoft has to say about this:

"This is not a security vulnerability (!) The intent of the default configuration of UAC is that users don't get prompted when making changes to Windows settings (A-Ha!) This includes changing the UAC prompting level."

For those that can remember this, when Windows Vista was originally first released in December 2006, the operating system came with UAC (User Account Control).

At that time, some industry observers interpreted UAC as a necessary tool to fix developers' attitudes towards writing applications for Windows.

So when it came to developing Windows 7's UAC, Microsoft decided to implement a 'slider control' where you could set which events would trigger a UAC prompt.

This is a blatant case of sacrificing security for the sake of perceived usability!

The default setting in Windows 7 is "Notify the user only when programs try to make changes to this computer" and "Don't notify us if we make changes to Windows settings".

Obviously, since changing a Windows setting doesn't trigger the UAC, just changing the UAC settings doesn't trigger the UAC either. (Catch 22?)

Stated differently, users can completely disable the UAC without them ever having to give any consent! If someone places a couple of keyboard shortcuts in a small and very simple VBScript, the UAC will be disabled completely!

Interestingly, there is an easy way to repair this potential security hole. Simply enable to the full-blown, Vista UAC in Windows 7, in other words, move the slider all the way up and that will do it, believe it or not!

That setting will verify that if a user tries to change the UAC settings, they would see a UAC dialog.

So the conclusion to all of this could simply be resumed in one sentence: having the UAC on at the policy (as it is currently implemented in Windows 7) is as good as not having it on at all... (!)

While this exposes the strange and insecure implementation of the UAC's settings adjustements in Windows 7, it also has its foundation in utterly sacrificing data and network security simply to please its users and to prevent them from being annoyed with endless dialog boxes.

Some security experts are now saying that it isn't recommended to disable UAC in the first place or to attempt to jeopardize it simply because Windows users don't like dialog boxess.

Source: The Web Hosting Tech Support Forum.

Add to     Digg this story Digg this

Get rid of email spam and email viruses. Click here for more details.

home | news archives | advertise with us | contact

Copyright © OS Today.   

All logos or service marks on this website are the property of their respective companies.