Windows 7 User Account Control UAC has security implications
Source: Internet
Author: User
KeywordsMicrosoft security risks existence
&http://www.aliyun.com/zixun/aggregation/37954.html ">nbsp; UAC (user Account Control) is a new technology introduced by Microsoft in Windows Vista to improve system security, requiring users to perform operations that might affect the operation of the computer or perform changes that affect the settings of other users. Provides a permission or administrator password.
By validating these operations before they start, UAC can help prevent malware and spyware from being installed on your computer or making changes to your computer without permission.
Australian science and technology blogger Long Zheng recently wrote that Microsoft's Windows 7 operating system with user Account Control (UAC) is still a security risk, if Microsoft does not improve, hackers can still be under the Windows 7 users do not know a premise of remote shutdown UAC function, and makes the user machine more vulnerable to various types of network attacks.
Since the launch of the Microsoft Vista operating system, it has received feedback from a large number of users that when the user adjusts some settings, Vista will issue a warning message and ask the user to confirm. In view of this, Microsoft in the Windows 7 development process, decided to reduce the user changes to set the frequency of reminders. Early February this year, Long Zheng and other security experts believe that Microsoft's Windows 7 user Account Control defaults to change the user will be exposed to security risks.
Figure 1 Windows 7
For the above statement, Microsoft said in February this year, after the release of Windows 7 RC, if the user to adjust the UAC default settings, the system will require users to confirm.
Long Zheng recently said that although the Windows 7 RC version was released early this May, this version of UAC still has security implications. In his view, Microsoft had previously published a documentation on the UAC features of Windows 7, which showed that Microsoft did not make significant adjustments to the UAC features in Windows 7, so the operating system still had a greater security risk.
Although the Microsoft Windows 7 UAC documentation mentions the security implications that industry insiders pointed out this February, Microsoft does not believe that a network attacker can remotely turn UAC off, and therefore does not revise the corresponding UAC code.
"As I have pointed out earlier, if Microsoft does not revise the UAC defaults for Windows 7 RC, network attackers can still execute malicious code on the user's machine," Long Zheng wrote in his blog post. All in all, on the default settings for the current UAC in the Windows 7 RC version, it is still possible for a network attacker to gain user machine management. ”
Microsoft response
For long Zheng, Microsoft has not yet made an official response. But a Microsoft spokesman privately told the outside world that Long Zheng actually misunderstood the meaning of Microsoft's UAC feature documentation.
"My personal view is that malware is difficult to automate in the user's machine, as in the current UAC default settings for Windows 7," said a spokesman for the company, who declined to be identified. ”
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.