Larry Osterman said:AndyC said:*snip*
"I'm not sure I understand you. UAC is the Integrity Levels technology."
Actually it's not. UAC is the ability to run with a split token (one with the admin rights removed that is active, the other with full admin privileges that isn't) and create processes that either run with the split token or the full admin token. It's basically the equivilant of the old XP "makemeadmin.cmd" (or the "dropmyrights.cmd"). The problem with UAC is that there is nothing preventing an app on the desktop from injecting code in the application running elevated (since they're running as the same base account) and taking over the system. IL is what makes that difficult because it blocks processes running at a lower integrity level from opening processes at a higher integrity level for write access.
IL is what makes that difficult because it blocks processes running at a lower integrity level from opening processes at a higher integrity level for write access.
Fortunately, with Windows 7 it's no longer necessary to get write access to a process with higher priority. All you need to do is inject code into a process that can auto-elevate running at the same integrity level, and there's nothing blocking you from doing that.
Which means that in effect the difference between medium and high integrity no longer exists, and the prompts have lost all semblence of purpose. You can argue that it's not a security issue, but fact remains that this change essentially makes UAC prompts for Administrator accounts completely useless, so I ask again (and it'll get ignored again): why are they still there at all? What is their purpose in Windows 7?