ManipUni said:

I think I'm starting to side with Microsoft on this issue. The more I look at UAC the more I realize that the entire thing is a waste of time with or without the whitelist. All the whitelist does is draw attention to a large hole that already exists in the way UAC functions. It *might* make automating escalation slightly easier, but I would say it is a relatively easy thing to do either way.

My advice to Windows 7 (and Vista) users now is, don't run as an administrator account. UAC will offer no protection. Run as a user and create an administrator account to login using the UAC prompt. That gives you UAC with real process isolation.

"All the whitelist does is draw attention to a large hole that already exists in the way UAC functions. It *might* make automating escalation slightly easier, but I would say it is a relatively easy thing to do either way."

--------------------------

Is automatic escalation really easy in Vista? OK then, how do you circumvent Vista's UAC prompts? Show me an example.. Because, frankly, I have never seen one. Of course I have seen something that claims it can circumvent it, as example:

http://neosmart.net/blog/2008/ireboot-and-working-around-uac-limitations/

But at the end, it doesn't really circumvent it, quote:

--------------------

"While digging around for possible solutions, it became clear that the only possible fix would be to split iReboot into two parts. One would run in the background as a service, running under the SYSTEM or LOCAL SERVICE accounts and having privileged access to the OS without requiring admin approval or UAC elevation, and with the second half running as an unprivileged userspace client program which interacts with the service backend to get stuff done.

The resulting application has an installer - which requires admin privileges, of course - which installs and launches the background service. The background service has full permission to do what we need to get operating system XXXX to be the default option for the next boot, but - in line with the Windows Service Model - cannot be interacted with by end users."

-------------------

All the examples I have seen _still_ ask for a prompt at some point. Can you show me an .exe, that disables Vista's UAC instantly without any prompts?