Windows 7 Default UAC Bypassed By 8 Out Of 10 Malware Samples
A recently conducted test by malware researchers reveals that eight out of ten malware samples used in the test, successfully bypassed Windows 7’s default UAC (user access control) settings. The findings were also confirmed by a separate test done by another company, with an emphasis on how one of the most popular scareware variants bypassed the UAC’s default settings as well.
On October 22nd, researchers settled in at SophosLabs and loaded a full release copy of Windows 7 on a clean machine. They configured it to follow the system defaults for User Account Control (UAC) and did not load any anti-virus software. They grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up. Unfortunately, despite Microsoft’s claims, Windows 7 disappointed just like earlier versions of Windows. The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7.
The findings are in fact not surprising, since the main problem with Windows 7’s UAC lies in the over-expectation of the average end user. Just like free antivirus software relying entirely on signatures based scanning only, the over-expectation of Windows 7’s UAC may in fact fool a large number of users that third-party security software is not a necessity.
Just like end users, enterprises already migrating to Windows 7 face the same security issues. In response to feedback that users were forced to respond to too many prompts in Windows Vista, the new operating system introduces a new approach to User Account Control (UAC), providing a four-position “slider” feature to control how often UAC pop-ups occur. While these changes to Windows 7’s UAC benefit the home user market, enterprises must recognize that the new slider feature can only be applied to users logged in as administrators and may increase security risks.
Further, Windows 7 introduces no new features to solve the application compatibility issues experienced by standard users in previous versions of the operating system. “The most secure configuration option for enterprises that deploy Windows 7 remains running end-users as standard users, with administrator rights removed,” said Eric Voskuil, CTO, BeyondTrust.
Credit: ZDNet.com Security Blogs
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.