UAC Whitelist Hole In Windows 7 496
David Gerard writes "Microsoft tried to make Vista secure with User Access Control (UAC). They relaxed it a bit in Windows 7 because it was such a pain in the backside. Unfortunately, one way they did this (the third way so far found around UAC in Windows 7) was to give certain Microsoft files the power to just ... bypass UAC. Even more unfortunately, one of the DLLs they whitelisted was RUNDLL32.EXE. The exploit is simply to copy (or inject) part of its own code into the memory of another running process and then telling that target process to run the code, using standard, non-privileged APIs such as WriteProcessMemory and CreateRemoteThread. Ars Technica writes up the issue, proclaiming Windows 7 UAC 'a broken mess; mend it or end it.'"
Futurama Analogy (Score:4, Funny)
Mend it or end it. (Score:4, Funny)
"Ending is better than mending. The more stitches, the less riches; the more stitches ..."
Full Featured Windows API (Score:4, Funny)
At first glance I was wondering why Microsoft would supply and API function CreateRemoteThreat().
Even for Windows, that would be a little out there.
Re:It's all a workaround (Score:3, Funny)
And what might they call this... this New Technology?
OWAIT
Re:If it was easy-- (Score:3, Funny)
I agree 100%. I guess I'm in the minority but I love Vista UAC. Fairly often I will carelessly click something, and UAC gives me a second chance to abort before it's too late. UAC is only useful 1 time in 20, but I thank my lucky stars that 1 time.
Your comment reminds me of that a shirt sold by T-shirt hell which said on it "What about the good things Hitler did?".
Re:If it was easy-- (Score:3, Funny)
I want one with "Remember Godwin's Law" on it.
Re:If it was easy-- (Score:5, Funny)
So what should Microsoft be doing?
The one thing that's always worked before. Design a new colour scheme and let the marketing department do the rest.
Re:No Script Bragging -- please stop (Score:1, Funny)
Re:OSX UAC (Score:2, Funny)
Maybe he's talking about MacOS 7.5.3 and the command prompt you can get in classic MacOS if you install Gnu Emacs and do a ' X shell' to get the command prompt.
(yes- a command prompt reachable on MacOS 7)
I have a mind the flips to the opposite automatically. I hear 'finder' and automatically think 'loser' for some reason....