Friday, 12 June 2009

UAC considered harmful

I have switched from XP to Windows 7 on my work machine recently. Everything was working fine until this has happened:
A quick research revealed the following (source):

Before a 32-bit process is created, the following attributes are checked to determine whether it is an installer:

  • The file name includes keywords such as "install," "setup," or "update."
This is confirmed by changing the file name of the offending exe:
The executable of course is not an installer of any kind and does not require any extra privileges. It just reads two files and creates a third one. Furthermore, it's a third-party application and I can't just change its file name without breaking things for everyone else. There seems to be some kind of white list of trusted applications, but nobody other than Microsoft can modify it.

Without the ability to take that application out of UAC "protection" the only viable thing to do is to turn the UAC off. Great work! I feel more secure already.

1 comment:

Bodo said...

I hope they change this ugly 'feature' for the final release. But I do not believe it! :-)