See my argument about remote code execution vulnerabilities. I don't decide to run the code that comes in through an exploit, yet with Win 7's UAC it can silently elevate.
As for there having been no attacks yet, that's a stupid argument. It advocates a purely reactionary approach to security, which is the exact opposite of "secure by default". In addition, 7's market penetration is still too low to make it a large target
for attacks, and because it is still pre-release software, most people who are running it are technically proficient and therefore not likely to be prone to common attack strategies.
Look. I want to be clear. I do not represent Microsoft's official position. I had nothing to do with the advent and evolution of UAC. Though my position represents stupity, it is most likely due to the fact that I don't think about this problem. I have nothing
to to with UAC design and development. I have experienced 0 issues with UAC on Win 7. It prompts me when I install applications, change certain system settings. You know, the things I expect it to do. If it is vulnerable to attack, then I'd imagine the WIndows
team will fix the exploit. If it's vulnerable by attack only if you have a currently executing process that can silently elevate, well, you have a currently executing malicious binary. How did it get on your machine? Silently? How does that work, exactly?
I'm fine with being stupid. Please do increase my understanding.