Larry Osterman said:
Sven Groot said:
*snip*

You keep on saying that there's some difference between Vista and Win7 in this regard.  There isn't. 

There are ways to get around the security prompts in Vista just like there are ways of getting around the security prompts in Win7.  That's why UAC+IL isn't a security boundary.  If there were no way of getting past the security prompts, it would be a security boundary.

UAC+IL is a DiD feature like ASLR and DEP, but unlike ASLR and DEP it's a "break once, break forever" feature - once it's broken, cookbook solutions will come out for malware and they'll all start auto-elevating.

 

Hi, Larry! Hate to break it to you and Mr. Torre, etc., but the original UAC team with the original UAC blog would like to disagree with your assessment that UAC isn't a security feature.

http://www.aeroxp.org/2009/06/uac-in-7-exponential-silent-attack-vector-multiplier-redux/

Sorry to be a thorn in your side, pal, but I like hearing it straight from the team which designed it. They obviously know a bit more Smiley

(By the way, this little fact is one of those tidbits which can't be contested without making you guys look hypocritical and downright foolish in the eyes of those watching. If the original team said it's a security feature, you guys can't just backtrack when you feel like it. Game, set, and match.)