Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Vista's Account Protection is Flawed Before Arrival

  • Subject: Re: Vista's Account Protection is Flawed Before Arrival
  • From: "Larry Qualig" <lqualig@xxxxxxxxx>
  • Date: 15 Sep 2006 08:52:29 -0700
  • Complaints-to: groups-abuse@google.com
  • In-reply-to: <MPzOg.5374$KA6.1820@clgrps12>
  • Injection-info: p79g2000cwp.googlegroups.com; posting-host=12.170.48.219; posting-account=I0FyeA0AAABAUAjJ9vi7laKRssUBoQA3
  • Newsgroups: comp.os.linux.advocacy
  • Organization: http://groups.google.com
  • References: <1712292.nA2KWsfeXV@schestowitz.com><MPzOg.5374$KA6.1820@clgrps12>
  • User-agent: G2/1.0
  • Xref: news.mcc.ac.uk comp.os.linux.advocacy:1155039
Oliver Wong wrote:
> "Roy Schestowitz" <newsgroups@xxxxxxxxxxxxxxx> wrote in message
> news:1712292.nA2KWsfeXV@xxxxxxxxxxxxxxxxxx
> > 'Vista's Account Protection: One Click and It's Gone'
> >
> > ,----[ Quote ]
> > | One of Vista's big security features is 'User Account Protection'
> > | (or 'User Account Control') which pops up and asks for user
> > | authentication before software can make any administrative changes to
> > | the system. But the TweakVista utility can turn off UAP in one click...
> > `----
> >
> > http://securitydot.net/news/exploits/vulnerabilities/articles/2661/news.html
>
>     Sorry for the late reply; I've been reading this group less frequently
> recently.
>
> <quote>
> Microsoft says this is UAP working as intended, because when a user runs
> TweakVista they are asked to authenticate. However, James Bannan at APC
> Magazine asked Microsoft what's to stop a downloaded 'freeware game'
> requiring user authentication upon installation and then disabling UAP
> altogether?
> </quote>
>
>     Isn't this "vulnerability" also present in most *NIX systems? A Linux
> user downloads a "freeware game", and the game asks the user to enter the
> root password so it can sudo and do stuff. The user types in the password,
> and the "game" now has root access and thus can do any changes it wants to
> the system, which includes eliminating the sudo infrastructure alltogether,
> or changing sudo so that it accepts any password and always grants root,
> right?
>
>     To me, this is more of a user-education issue.
>

Of course this is the *exact* same problem for *nix machines. Do you
really expect an honest response or admission of this?

It's been proven time and time again that the weakest link in any
security system is the human behavior. As long as humans use computers
and are in-the-loop then computer vulnerabilities will exist. But only
expect to see "News" headlines describing how Windows is vulnerable to
this. But as you point out, the exact same thing can be done to a *nix
machine but you'll never see this admitted here in COLA where little
things like FACTS never get in the way of good anti-Microsoft
propoganda.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index