Coffeehouse Post

Single Post Permalink

View Thread: UAC controversy - the last episode!
  • User profile image

    longzheng said:
    AndyC said:

    I am not implying UAC is a security boundary. I'm over the whole "boundary", "feature" terminology.

    I draw upon Wikipedia's definition of an vulnerability, "a weakness in a system which allows an attacker to violate the integrity of that system", which in this case appears to fit very well. Even if we assume UAC is not a security feature, which Larry now confirms it is, a "convenience feature" can still have a vulnerability.

    Long, I know where you're coming from. However if you say "X has a vulnerabilty" to a security architect and your "vulnerabilty" doesn't cross a security boundary, it'll be dismissed as incorrect. Avoiding the word vulnerability takes the focus off a strict technical definition and focuses more on what is or isn't the right behaviour.