05 November 2009 | 10,983 views

Windows 7 UAC (User Access Control) Ineffective Against Malware

Check Your Web Security with Acunetix

There have been a few stories about Windows 7, even one about Windows 7 UAC before and now it’s officially on sale I’d expect there to be many more.

As always malware and mass infections is a numbers game so the bad guys will always target the most popular and prolific operating systems to increase their chances of widespread infections.

For me personally UAC in Windows Vista was simply a pain in the ass, so much so I just turned it off completely as did most people rendering it completely ineffective. They seem to have toned it down in Windows 7 to make it less invasive and perhaps as a byproduct have made it less effective.

A researcher at Sophos reports putting Windows 7’s User Account Control feature to the test and finding the technology failed to block numerous pieces of malware. Microsoft, however, stresses that UAC is only one part of Windows 7’s security.

A researcher at Sophos called the UAC feature in Windows 7 ineffective after numerous pieces of malware snuck by the technology in a test.

Microsoft first introduced User Account Control in Windows Vista to improve security. After some users complained the number of alerts it generated were annoying, the company pledged to cut down on the number of prompts in Windows 7. The move however has raised concerns in the security community, and Sophos Senior Security Adviser Chester Wisniewski said his test proves Microsoft took it a step too far.

Wisniewski wrote on his blog Nov. 3 that seven of the 10 pieces of malware he tested ran with the default AUC enabled in Windows 7 without generating any prompts. As part of the test, no antivirus software was installed on the system. Two of the malware samples did not work in Windows 7; of the remaining eight, only one generated a prompt, and that one still would have been installed had the user clicked yes, Wisniewski told eWEEK.

I’d imagine it only throws an alert if the software being installed tries to modify system files or place itself in system directories (c:/windows etc).

That would make sense to me, and yes it would make it ineffective against malware and even more ineffective when the bad guys work out how it functions and adapt to that.

Nothing much new here though is it, run anything on Windows XP and you’ll get no warnings..so just be vigilant. I’d rather Microsoft try an educate people on good security practice rather than trying to implement half-arsed technical measures to protect against wetware ignorance.

When asked about the test, Microsoft officials pointed to the other features of Windows 7 that have improved security.

“Windows 7 is built upon the security platform of Windows Vista, which included a defense-in-depth approach to help protect customers from malware; this includes features like Security Development Lifecycle (SDL), User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP),” a spokesperson said.

“Windows 7 retains all of the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released,” the spokesperson added. “Coupled with Internet Explorer 8—which includes added malware protection with its SmartScreen Filter—and Microsoft Security Essentials, Windows 7 provides flexible security protection against malware and intrusions.”.

All the above technologies are great and they do help a LOT when it comes to exploitation of vulnerabilities and trying to execute shell-code. But that’s not the biggest threat, the biggest threat is idiot users installing malware ‘by accident‘ on their own computers.

So yes, however obvious it may seem to us – you still need to install Anti-virus software on Windows 7.

Source: eWeek



Recent in Countermeasures:
- Twitter Patents Technique To Detect Mobile Malware
- Passera – Generate A Unique Strong Password For Every Website
- HoneyDrive 3 Released – The Premier Honeypot Bundle Distro

Related Posts:
- Windows Vista & Windows 7 Kernel Bug Can Bypass UAC
- Measuring up the Security Risks for Mac – Are Apple Prepared?
- Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,103 views
- Password Hasher Firefox Extension - 116,994 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,549 views

Low-cost VPS Hosting

5 Responses to “Windows 7 UAC (User Access Control) Ineffective Against Malware”

  1. Kitkat 5 November 2009 at 9:26 am Permalink

    Play safe, work offline and do not plug any removable drives. This will prevent your PC get any virus. :p I personally do not use UAC. For me, a USB vaccine (from Panda usb) and good anti virus (NOD32) is sufficient to keep my PC clean and healthy :)

  2. Hannibal 5 November 2009 at 11:04 am Permalink

    Thanks for the info :)

  3. cbrp1r8 5 November 2009 at 2:43 pm Permalink

    I read the Sophos blog/report yesterday..got a chuckle out of it…score another one up for Winblows… :D

  4. Rashid Azar 6 November 2009 at 11:19 am Permalink

    UAC is just a lollypop in he mouth of noob users. I disabled this permanently.

  5. Morgan Storey 8 November 2009 at 7:15 am Permalink

    I don’t see the difference conceptually between the UAC and sudo (and I love sudo). But the technical differences are interesting; http://en.wikipedia.org/wiki/User_Account_Control#Tasks_that_trigger_a_UAC_prompt
    Realistically it is just another layer, if someone wrote a virus that executed from your home directory in Linux/MacOS no sudo would be needed, it could even make connections out on an arbitrary port, that being said it is a start over windows xp and its predecessors where most 3rd party programs where written to take account of the “everyone runs as admin” theory. Now that UAC are in, it has changed companies are programming stuff to not need write access to c:\windows\temp or c:\program files\