Here is an interesting piece on the Reg that is worth a read.

The User Account Control (UAC) security functionality of Windows Vista is designed to address this problem by obliging users to run their Vista PCs via a normal user account by default. Users are asked to switch modes and enter login credentials when they request a task requiring admin credentials.

White hat hacker Joanna Rutkowska discovered that users attempting to run an installation file need to do so in admin mode. That means users are confronted with the all-or-nothing choice of granting an installed program complete system privileges or abandoning an installation altogether.

Ow, the fire in my brain hurts.

Article Link

Rutkowska’s article

Mark Russinovich’s response

[tags]Joanna Rutkowska, Vista, User Account Control[/tags]

Leave a Reply

Your email address will not be published. Required fields are marked *