From the Digg article on this:
crimsonblur: More than the info, the real interesting part is the stuff that the article forgot to mention in the description of the "huge vista security flaw that lets an installer install drivers":
1) The reason why the UAC requires the user to give administrator privileges to the installer is because the installers require administrator privileges in order to create folders in the "c:program files" directory and write in the HKLM hive of the registry.
In the future we'll probably see some installers for Vista that won't require administrator privileges, this issue in fact has more to do with the actual installers rather than vista.
2) There's still a UAC dialog that appears when trying to run the setup (it won't automatically run with administrator privileges)
3) Vista has an additional security layer, called TrustedInstaller, that prevents installers to harm critical sections of the registry and critical windows files
4) Windows shows a UAC-like confirm dialog before installing unsigned drivers (the beloved Tetris game can't install drivers without the user confirming the operation)
5) Patchguard prevents rootkits (malicious kernel-mode drivers) to get installed (even if "Tetris" installs a kernel-mode rootkit it will probably be stopped by PatchGuard, unless they find a workaround)
6) Vista x64 doesn't allow unsigned kernel-mode drivers to run (I doubt that the malicious "Tetris" will ship with signed drivers)
7) Windows Defender (that runs in background) could detect the threat in its definitions and also will probably require the user to confirm the weird system changes made by the unsigned installer
Besides which, it is FUD of the highest caliber because it claims this is a "Gaping hole" that doesn't exist on other platforms. As said, over and over again, the UI may be different but the security afforded is identical. The only real issue here is one
EVERYONE has known about since before Vista was launched: because Windows developers have been lax in working in LUA environments for decades now, most programs, installers as well, currently access parts of the OS they shouldn't be and thus we get too many
UAC prompts. This will correct itself with time, and there's nothing MS could do about it in the mean time, short of ditching backwards compatibility which would be even worse.
This "hacker" didn't discover anything that anyone even slightly knowledgeable couldn't have told her. What she found is certainly not a "gaping hole". Exploiting this requires social engineering, not just a technical hack. All other OSes have the exact
Nothing to see here. Move along now.