0
images/news/windows7.jpgThe media might be heralding Windows 7 as the Windows release which will erase all the bad Vista memories, but there's still this nagging security flaw in Windows 7's User Account Control which Microsoft refuses to fix, stating that it is not a security flaw at all. Well, Microsoft, if this is not a security flaw - then why does your security software block the tool that demonstrates the flaw?
I'm not going to detail the security flaw yet again, but the general gist is that it's quite easy to bypass the default settings in Windows 7's UAC by piggybacking on processes in the operating system that are on a magic auto-elevate list. This list allows Microsoft to not fix their own code to work with UAC, while still demanding from other developers that they do fix their code.
Microsoft tried to weasel its way out of this situation by consistently claiming that the security flaw was not actually a security flaw, but "by design". Microsoft said that several other security barriers were in place to mitigate the flaw.
This does raise the question: why does Microsoft's Security Essentials beta specifically block the proof-of-concept code from running?
OS News
I'm not going to detail the security flaw yet again, but the general gist is that it's quite easy to bypass the default settings in Windows 7's UAC by piggybacking on processes in the operating system that are on a magic auto-elevate list. This list allows Microsoft to not fix their own code to work with UAC, while still demanding from other developers that they do fix their code.
Microsoft tried to weasel its way out of this situation by consistently claiming that the security flaw was not actually a security flaw, but "by design". Microsoft said that several other security barriers were in place to mitigate the flaw.
This does raise the question: why does Microsoft's Security Essentials beta specifically block the proof-of-concept code from running?
OS News
