Vista UAC: Faux Security or What?
I came across this article via slashdot.
If you are a sysadmin or have just fought to get Vista installed because of it’s much-vaunted security model based around UAC, read this and weep.
… Perhaps most importantly though, is the fact that Windows Vista’s newly-implemented security limitations are artificial at best, easy to code around, and only there to give the impression of security. Any program that UAC blocks from starting up “for good security reasons” can be coded to work around these limitations with (relative) ease. The “architectural redesign” of Vista’s security framework isn’t so much a rebuilt system as much as it is a makeover, intended to give the false impression of a more secure OS.
Basically, it seems, by writing a two part application and an inter-process API – any hacker can circumvent UAC with relative ease.
It’s just as we always thought – Vista is just XP wearing an imitation fur coat.
Now where did I put that Ubuntu 8.04 CD?