Some days it seems like Microsoft (MSFT) just can’t win. Windows XP was generally well-liked for its user interface, but was criticised for being highly vulnerable to malware, viruses, and other cyberattacks. Microsoft responded by making Vista the most secure — and most annoying — Windows ever, with the problems that plagued XP solved with constant security pop-ups.
Now it looks like the pendulum may have swung the other way with Windows 7. While 7 has been praised for being less intrusive than Vista in managing system security, it also might be far less effective at keeping malware out.
Two Windows enthusiast bloggers, Long Zheng and Rafael Rivera, have now discovered not one, but two, seemingly severe exploit channels in the UAC setting that is currently set as the default for Windows 7. The first exploit they publicized (after talking to Microsoft privately about it) allows malware to turn off UAC; the other allows malware to auto-elevate without notifying the user. To date, Microsoft’s response is that the new UAC default is set the way it is “by design” and isn’t problematic.
I asked Microsoft again on February 3 if it was still standing by its statement that the UAC default setting for Windows 7 is fine as is. Microsoft declined to let me speak to anyone directly and instead provided this statement (in the form of these bullet points):
- “This is not a vulnerability. The intent of the default configuration of UAC is that users don’t get prompted when making changes to Windows settings. This includes changing the UAC prompting level.
- Microsoft has received a great deal of usability feedback on UAC prompting behaviour in UAC, and has made changes in accordance with user feedback.
- UAC is a feature designed to enable users to run software at user (non-admin) rights, something we refer to as Standard User. Running software as standard user improves security reduces TCO.
- The only way this could be changed without the user’s knowledge is by malicious code already running on the box.
- In order for malicious code to have gotten on to the box, something else has already been breached (or the user has explicitly consented)”
We’re not Windows security experts, but when respected leaders in the field say there’s a problem, and Microsoft responds “this is not a vulnerability,” we get nervous.
Microsoft needs to do a much better job of reassuring people Windows 7 is secure, and quick. Because it’s bad news if Microsoft has to crank the annoying “allow / deny” UAC prompts back up, it’s bad news if Windows 7 is perceived as less secure than Vista, and it’s bad news if Microsoft has to go back to the drawing board on security and delays Windows 7 until 2010.