- Oct 17, 2008
- Reaction score
The IStartedSomething blog reports that there is a flaw with the current UAC security, which they are able to disable with a simple script:
Read the blog post here.Now for a bit of background information on the changes to UAC in Windows 7. By default, Windows 7’s UAC setting is set to “Notify me only when programs try to make changes to my computer” and “Don’t notify me when I make changes to Windows settings”. How it distinguishes between a (third party) program and Windows settings is with a security certificate. The applications/applets which manage Windows settings are signed with a special Microsoft Windows 7 certificate. As such, control panel items are signed with this certificate so they don’t prompt UAC if you change any system settings.
The Achilles’ heel of this system is that changing UAC is also considered a “change to Windows settings”, coupled with the new default UAC security level, would not prompt you if changed. Even to disable UAC entirely.