Microsoft: UAC Can Be Hijacked by Social Engineering

Microsoft’s UAC in its Vista operating system release was meant to signify that finally, the company has gotten serious about securing Windows by limiting a user’s rights during day-to-day computer usage.

It’s come to signify something much less than security or trust in the minds of some security experts, though. Security expert Joanna Rutkowska kicked off the dissection of UAC in her blog, and the latest salvo against User Account Control was heaved by Symantec Research Scientist Ollie Whitehouse with a Feb. 20 posting titled An Example of Why UAC Prompts in Vista Can’t Always Be Trusted.

The upshot: Microsoft has admitted that yes, UAC is liable to social engineering.

The idea behind User Account Control is to limit user privileges as much as possible for most of a user’s interaction with the desktop.

User rights are elevated only when necessary for administrative tasks, at which point a dialog box prompts the user to OK the escalation. Limiting normal permissions is a good thing, given that it reveals less operating system surface for an attacker to latch onto.

The problem, according to Whitehouse, is the level of trust granted to UAC prompts—a level of trust that he thinks is undeserved.

Read the full story on eWEEK.com: Microsoft: UAC Can Be Hijacked by Social Engineering

Neuroscientist reveals a new way to manifest more financial abundance

Breakthrough Columbia study confirms the brain region is 250 million years old, the size of a walnut and accessible inside your brain right now.

Learn More

Picture of Lisa Vaas

Lisa Vaas

TRENDING AROUND THE WEB

If a man displays these 8 behaviors, he has very low self-esteem

If a man displays these 8 behaviors, he has very low self-esteem

Small Business Bonfire

If you want to practice self-care but don’t know where to start, say goodbye to these 8 habits

If you want to practice self-care but don’t know where to start, say goodbye to these 8 habits

Personal Branding Blog

8 things you should never reveal about yourself if you want people to respect you

8 things you should never reveal about yourself if you want people to respect you

Global English Editing

7 mistakes men with low self-esteem make in a relationship

7 mistakes men with low self-esteem make in a relationship

Small Business Bonfire

If you do these 9 things, you’re definitely an introvert

If you do these 9 things, you’re definitely an introvert

Personal Branding Blog

8 morning habits of lazy people who are still successful in life, according to psychology

8 morning habits of lazy people who are still successful in life, according to psychology

Small Business Bonfire