Sven Groot said:Larry Osterman said:*snip*
Fortunately, with Windows 7 it's no longer necessary to get write access to a process with higher priority. All you need to do is inject code into a process that can auto-elevate running at the same integrity level, and there's nothing blocking you from doing that.
Which means that in effect the difference between medium and high integrity no longer exists, and the prompts have lost all semblence of purpose. You can argue that it's not a security issue, but fact remains that this change essentially makes UAC prompts for Administrator accounts completely useless, so I ask again (and it'll get ignored again): why are they still there at all? What is their purpose in Windows 7?
You keep on saying that there's some difference between Vista and Win7 in this regard. There isn't.
There are ways to get around the security prompts in Vista just like there are ways of getting around the security prompts in Win7. That's why UAC+IL isn't a security boundary. If there were no way of getting past the security prompts, it would be a security boundary.
UAC+IL is a DiD feature like ASLR and DEP, but unlike ASLR and DEP it's a "break once, break forever" feature - once it's broken, cookbook solutions will come out for malware and they'll all start auto-elevating.