CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 5th, 2009

Windows 7 Default UAC Bypassed By 8 Out Of 10 Malware Samples

A recently conducted test by malware researchers reveals that eight out of ten malware samples used in the test, successfully bypassed Windows 7’s default UAC (user access control) settings. The findings were also confirmed by a separate test done by another company, with an emphasis on how one of the most popular scareware variants bypassed the UAC’s default settings as well.

On October 22nd, researchers settled in at SophosLabs and loaded a full release copy of Windows 7 on a clean machine. They configured it to follow the system defaults for User Account Control (UAC) and did not load any anti-virus software. They grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up. Unfortunately, despite Microsoft’s claims, Windows 7 disappointed just like earlier versions of Windows. The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7.

The findings are in fact not surprising, since the main problem with Windows 7’s UAC lies in the over-expectation of the average end user. Just like free antivirus software relying entirely on signatures based scanning only, the over-expectation of Windows 7’s UAC may in fact fool a large number of users that third-party security software is not a necessity.

Just like end users, enterprises already migrating to Windows 7 face the same security issues. In response to feedback that users were forced to respond to too many prompts in Windows Vista, the new operating system introduces a new approach to User Account Control (UAC), providing a four-position “slider” feature to control how often UAC pop-ups occur. While these changes to Windows 7’s UAC benefit the home user market, enterprises must recognize that the new slider feature can only be applied to users logged in as administrators and may increase security risks.

Further, Windows 7 introduces no new features to solve the application compatibility issues experienced by standard users in previous versions of the operating system. “The most secure configuration option for enterprises that deploy Windows 7 remains running end-users as standard users, with administrator rights removed,” said Eric Voskuil, CTO, BeyondTrust.

Credit: ZDNet.com Security Blogs

Share this item with others:

More on CyberInsecure:
  • ASF Files Are Used To Execute Malicious Scripts in Windows Media Player
  • Microsoft Word Unspecified Remote Code Execution Vulnerability
  • 0-day Vulnerability In Internet Explorer 6, 7 And 8 Exploited In Recent Chinese Attack
  • Tibetan Communities Under Targeted Attacks
  • Fake iPhone Unlocking App Changes DNS And Hijacks Internet Connection

    • Posted in Microsoft, Software, Trojans & Worms, Vulnerabilities, Windows | Print This Post Print This Post

    This entry was posted on Thursday, November 5th, 2009 at 10:20 pm and is filed under Microsoft, Software, Trojans & Worms, Vulnerabilities, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Windows 7 Default UAC Bypassed By 8 Out Of 10 Malware Samples

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »