longzheng said:Charles said:*snip*
Charles, security boundaries and security features aside, do you agree with this definition of a vulnerabillity from Wikipedia?
"vulnerability is applied to a weakness in a system which allows an attacker to violate the integrity of that system"
If so, would you consider this application of code-injection scenario in Windows 7 a vulnerability?
If not, how would you define vulnerabilities?
Well, my position is simple. YOU are in control of what is allowed to execute on your system. If you choose to run arbitrary unsigned binaries, that's your decision. On Windows 7, you run as standard user by default. How many attacks have their been that exploit the UAC vulnerability you are touting? I've yet to hear about a single instance. If UAC is so flawed, then why haven't hackers used it as an attack vector? Win 7 UAC has been in the wild for quite some time to date. Lots and lots of folks are running Win7 RC. Can you elaborate on the vulnerability?