Charles said:Sven Groot said:*snip*
Look. I want to be clear. I do not represent Microsoft's official position. I had nothing to do with the advent and evolution of UAC. Though my position represents stupity, it is most likely due to the fact that I don't think about this problem. I have nothing to to with UAC design and development. I have experienced 0 issues with UAC on Win 7. It prompts me when I install applications, change certain system settings. You know, the things I expect it to do. If it is vulnerable to attack, then I'd imagine the WIndows team will fix the exploit. If it's vulnerable by attack only if you have a currently executing process that can silently elevate, well, you have a currently executing malicious binary. How did it get on your machine? Silently? How does that work, exactly?
I'm fine with being stupid. Please do increase my understanding.
I don't find any of this a big deal personally because in my experience its pretty easy to avoid getting viruses, UAC or not. But one of the the aspects of UAC I appreciate is that it lets you know if a program that you didn't intend to run is trying to get permission, such as something that may have been added to your Windows startup process.
Am I wrong to say that the exploit circumvents this feature of UAC?