New to Windows 7 is the ability to fine tune User Account Control (UAC), the infamously chatty feature introduced in Windows Vista to improve security.
As the Windows operating system cannot differentiate between a user clicking a button and a program clicking a button, UAC was initially implemented to always prompt the user via a dialog shown in the Secure Desktop, similar to the login screen.
Windows 7, however, now ships with UAC configured to hide prompts when users change Windows settings. While this mode still ensures normal applications can’t overwrite your entire registry hive, Microsoft made a boo-boo in allowing users to change any Windows setting without any prompts. Yes, you can even change UAC settings, allow applications free reign in elevated mode (after the required restart).
I’m not alone in scratching my head here – According to an envelope of Post-It notes received by Long Zheng, there have been multiple submissions of this very issue on Microsoft’s beta portal, Connect. Guess what happened. They were all closed -- “by design”.
To quickly demonstrate how easy it is to automate the disabling of UAC, I wrote some sloppy VBScript code (rename to .vbs), the kind you see in malware on P2P networks, using a combination of the SendKeys, Sleep and Run methods to automate the remote control of the UAC control panel applet and reboot of the system. A more enterprising piece of malware could, of course, move the UAC dialog off-screen, and/or install malware into the startup folder.
An obvious fix for this “issue” would be to force the adjustment of UAC parameters to be confirmed by a human. Until Microsoft addresses this “issue”, you can set UAC to its highest mode to kill any concerns you may have… but you’re not using this in a production environment anyway – right?