ManipUni said:
wastingtimewithforums said:
*snip*

1) You just hide it inside rundll or name it creatively. Or have your entire logic only exist within existing processes, so for example you inject the logic into all the processes on the system, close, and those processes poll the OS for any new processes and pass it on if one exists. The only hard part about that is making sure that you don't inject twice or twice at the same time.

2) If they don't escalate any of the applications then you've lost nothing.

3) The standard account only removes a limited amount of threat. It just means that if processes are launched directly into the admin's session they MIGHT be clean. It can be bypassed and can be broken. But it is harder than UAC on the same account is. A lot of these same techniques work on both but not all of them. Fast user switching or logging out defeats much more however.

1) This is complicated and error prone. OK, it might work, but.. not guaranteed, while the new UAC flaw works absolutely.

2) The attacker lost! He lost the chance to root the system.

3)

"It can be bypassed and can be broken. But it is harder than UAC on the same account is"

By your method it's not really even harder, there is just the additonal password prompt, but if the user wants to elevate the infected process, he will anway. So what? And you wrote the keyword: harder. To make security brearches harder should be the goal of the OS maker. And by all means, Microsoft just made it EASIER to break the system with Win7.

I still don't see the point of the new UAC behaviour in Win7. It opened a serious addtional attack vector and, even worse, creates a false sense of security, since third party applications still get prompts, but, if the applications want to, they can circumvent them with ridiculous ease.