Friday, February 6, 2009

Windows 7 UAC Security Issue

Although generally lauded, Windows 7 the next version of Windows due out later this year has a potentially dangerous security flaw built into it. User Account Control (UAC) is a security feature first introduced in Windows Vista that has been a source of complaints from many long time Windows users. UAC in my opinion was a good idea, and does improve security in Vista compared to XP. Unfortunately in the beta version of Window 7 Microsoft has changed the UI in UAC allowing users to use a slide which determines the level of annoyance UAC will operate at. At the bottom of the slide UAC is essentially turned off, at the top of the slide UAC is in "Vista" mode which notifies you anytime you try to change anything about your system. By default Win 7 leaves the setting in a position were changes to Windows does not notify the user. This makes UAC less, "in your face", and is appropriate when you are off line and setting up your new operating system. It is however far less secure than many users think they are, as two independent Windows researchers recently discovered. Rafael Rivera and Long Zheng have found that running a basic script on your computer can turn UAC off without the user knowing it. http://www.withinwindows.com/2009/01/30/malware-can-turn-off-uac-in-windows-7-by-design-says-microsoft/.This would allow the computer to be completely compromised. This seems like the type of flaw beta releases are meant to find, Microsoft feels differently however. Seems this is one of those "it's not a bug, it's a feature" routines and Microsoft feels the feature is finished, locked into the final build, as is. The fix seems obvious, they could make changing the UAC level require administrative permission which would alleviate the problem. The least's they could do is to set the default level at the highest level so unsophisticated users are less likely to be bit by this.

I understand UAC in Vista was the source of many complaints and at least one "I'm a Mac" Apple commercial which cleverly (albeit dishonestly) made fun of the feature in Vista. So Microsoft must feel it can't win on this one. Personally I felt UAC in Vista was a worthwhile and effective security measure, and I'd argue, well worth the minor inconvenience it caused. But many people complained and so in 7, Microsoft tried to allow the user to turn UAC down so people would complain less. So to a certain extent I feel users are getting what they asked for, and you can protect yourself by turning UAC all the way to the highest setting, essentially the same as the default Vista setting.

The good thing is, Microsoft can change this, at least turn the default setting to fully protected. This is what Beta testing is for and it in no way takes away from the otherwise fantastic job the Windows 7 team has done. Windows 7 is fantastic and a ton of great features which I'll no doubt upgrade all my Vista machines because I believe it worthwhile upgrade.

UPDATE

Microsoft has come through and done the right thing. They will be modifying the UAC in 7 to require administrative rights to change UAC settings. Good for them and thanks to the Windows blogging community for holding their feet to the fire on this one.