Charles said:longzheng said:*snip*
With this logic in mind, one could also very easily construct a sound argument that UAC enabling users to choose "Yes, elevate" when prompted is a vulnerability inherent to UAC. Or do you think human user behavior plays no role in maintaining the integrity of the system?
So, you can get around UAC if you run malicious code. This is understood.
I need to get some sleep now. Keep on caring. Keep on keeping us real.
Thank you, Niners!!
I would say when you present a choice to the user, then responsibility has shifted from the system to a user. As a result of this, security dialogs in general are not considered vulnerabilities.