Coffeehouse Post

Single Post Permalink

View Thread: UAC controversy - the last episode!
  • User profile image

    Charles said:
    longzheng said:

    Yes. By infection, I mean vulnerability already on board (like a trusted installed application with, say, a buffer overrun hole). Other applications that you install or run can also self-elevate using this UAC default behavior. This is understood.

    Is UAC supposed to solve the user-initiated-installation-or-download-and-execution-of-malicious-code problem? If Outlook is vulnerable to attack through a memory hole, well, patch Outlook Smiley Seems to me you are asking for a UAC state where auto-elevation under all circumstances is disabled.


    We're asking for UAC to limit the scope of damage that can be caused by either route.