Windows 7 UAC A Security Risk, Microsoft Concedes
Microsoft has agreed to tweak the User Account Control (UAC) system in Windows 7 to avoid an inherent security risk.
During the production of Windows 7, Microsoft decided to change the default UAC so that it no longer asks for confirmation when a user adjusts his or her Windows settings. Security experts suggest that these settings include UAC itself, meaning rogue software could turn this protection off completely without the user knowing.
Microsoft argued that this was not a true vulnerability because one can only take advantage by getting the victim to run the rogue software; for example, through disguising it as a legitimate link on a website. They contend that this was much less likely to happen in Windows 7 because of other new and improved security measures.
However, bloggers and people commenting on Microsoft websites didn't accept this argument. There seemed to be a general feeling that, remembering the hostile response to UAC in Vista, the firm was taking an unnecessary security risk for the sake of cutting down user annoyance. (Source: istartedsomething.com)
Microsoft: We Don't Feel Good
The company has now responded and acknowledged the concerns, writing "We don't like where we are in terms of how folks are feeling and we don't feel good." The firm says it will now make a change to the system that has been suggested. This means that in the final version of Windows 7, any change to the UAC security level will require confirmation, even if the system isn't set to notify a user about changes to Windows. (Source: msdn.com)
That being said, Microsoft is insistent that its security priority will always be stopping rogue software from getting onto computers in the first place. The firm argues that if it is successful in doing this, any other security problems will either be minimized or made irrelevant.
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.