longzheng said:AndyC said:*snip*
I am not implying UAC is a security boundary. I'm over the whole "boundary", "feature" terminology.
I draw upon Wikipedia's definition of an vulnerability, "a weakness in a system which allows an attacker to violate the integrity of that system", which in this case appears to fit very well. Even if we assume UAC is not a security feature, which Larry now confirms it is, a "convenience feature" can still have a vulnerability.
With this logic in mind, one could also very easily construct a sound argument that UAC enabling users to choose "Yes, elevate" when prompted is a vulnerability inherent to UAC. Or do you think human user behavior plays no role in maintaining the integrity of the system?
So, you can get around UAC if you run malicious code. This is understood.
I need to get some sleep now. Keep on caring. Keep on keeping us real.
Thank you, Niners!!