Basically, Microsoft went ahead and reacted to the public outcry regarding the Vista security confirmations. I think we can all agree that they were really annoying (and most power-users turn UAC off because of how irritating they are). As a result, there are significantly fewer UAC warnings in a default Windows 7 installation -- hooray! The problem is that the new default setting in Windows 7 leads you to falsely believe that you have a secure installation right out of the box. Sadly, this is not the case.

It's no surprise then that 8 out of 10 malware applications defeated the default Windows 7 UAC setting in tests.

So practice safe surfing (duh!) or go and hoik your UAC settings up to the most secure -- and annoying -- setting. Ars Technica has a great guide on patching up your UAC for new Windows 7 users -- or even an experienced user like myself that falsely believed the default setting to be secure.

[via ZDNet]

Since we last brought you news about a UAC vulnerability in Windows 7, Microsoft opened their ears to the beta testers at the time and quickly released a patch that plugged the security hole.

However, another UAC flaw has been discovered in Windows 7. In fact, it's been quietly lurking around in the dark corners of the internet since February. What's different about this one is that not only does Microsoft not intend to fix the exploit, they're saying the functionality is by design, because UAC's primary purpose isn't security, or something like that.

I think.

After all, this whole situation would make a little more sense if Microsoft didn't just mark the popular proof-of-concept for this vulnerability as malware in the beta version of their new Microsoft Security Essentials software, as pictured above. Just to add a little more confusion to the situation, Windows Defender (another Microsoft security tool, which happens to be bundled with Windows 7) doesn't detect the exploit.

The verdict? It looks like the jury is hung on this one.

This vulnerability could be exploited to essentially circumvent UAC on some Windows 7 machines, and that's bad news. We'll keep you up-to-date with any developments on this security flaw.

When Microsoft introduced UAC in Windows Vista, it was pretty much universally slammed for being annoying, intrusive, and unwanted.

So with Windows 7, Microsoft decided to respond to the complaints and ease up on the prompts. Now, there's an uproar because doing this has caused security problems.

The problem: by default, UAC in Windows 7 doesn't notify you if you make changes to Windows settings. Of course, that means that a script that can impersonate you and send keystrokes can make changes and you won't see notifications.

To make things worse, that includes disabling UAC completely. From there, a malicious script could perpetrate all kinds of badness.

In his post, Long Zheng states that the solution could be as simple as forcing a prompt whenever attempts are made to change UAC settings. Also, if you crank up the notifications to always notify, that will solve the problem as well.

Correct me if I'm wrong, but that makes sense, right? I'm not prepared to slam Microsoft over this just yet. Windows 7 is still in Beta, and the changes to UAC were made as a response to outcry from their user base. If you're responsible and keep your machine properly protected, this shouldn't pose a significant risk.

Don't get me wrong - I completely understand the implications and the potential for this to cause trouble. It's just that I don't see this as that big a deal considering the huge number of people still beating the Windows XP drum, and it's even less secure than Windows 7 - even with a "flaw" like this.

One of the most reviled components of Windows Vista is the User Account Control menu. It pops up when you're trying to install software, configure system changes, or make other changes. Sometimes it feels like it pops up if you move your mouse the wrong way. But there's hope. No, not for Windows Vista users, but for anyone interested in the next version of Windows. Microsoft plans to roll out a new and improved version of UAC for Windows 7.

One thing to note is that UAC isn't intrinsically a bad idea. It's designed to prevent users from accidentally granting software access to protected parts of their systems. In other words, it can prevent security breaches, viruses and all sorts of other malware from infecting your Windows machine. But it's heavy handed, and according to anonymous usage statistics, Microsoft says that the UAC prompts showed up during 50% of all user sessions within the first few months after Vista was released. What's more, over 775,000 unique applications caused the UAC prompt to come up because of the way they were written. That number is now down to about 168,000, as software developers have learned to adjust their applications.

But there are still a few major issues to address. First, nobody can understand what the heck the prompts are saying. Microsoft conducted a study and found that just 13% of participants could figure out why they were seeing a prompt. Windows 7 will feature easier to understand warning messages, which should help users figure out whether or not it's really safe to click the Continue button. Right now, most people do click it most of the time, whether they really know it's safe to do so or not.

Another thing Microsoft plans to do is make it easier for users to adjust the range of notifications they receive. While you can currently disable UAC notifications or surpress them, there's no good way to say that you want to receive certain types of notifications but not others. It sounds like Windows 7 will include that feature. Windows 7 will also have fewer duplicated system prompts. For example, right now when you download and run software from the internet using Internet Explorer you'll receive a message from IE7 asking if you really want to run the application and then you may also see a Windows UAC prompt. Eliminating that duplication is also on the agenda.

[via ZDnet]

One of the first things Windows XP users will notice if and when they switch to Vista is the User Account Control, affectionately referred to as UAC or "Why the hell does this window keep popping up!" The UAC prompt is a security feature that will alert you if you are about to make changes to your computer that could technically expose it to some threats.

Some users get around this by disabling or modifying the UAC using programs like TweakUAC. Others insist that Microsoft put it there for a reason, and disabling will result in your computer bursting into a ball of flames. But if you're tired of looking at UAC prompt after UAC prompt, here's something that should give you a little comfort: Microsoft knew all along that the UAC prompt was annoying and designed it to be that way.

Microsoft product manager David Cross says the goal was to make users think twice about making changes to their system willy nilly. It's also designed so that software developers will think of ways to write programs that don't burrow too deeply into your operating system. The less system configuration changes a program makes, the less often you're going to see a UAC prompt.

Cross says that 88% of Vista users have not disabled UAC, and 66% of Windows sessions do not lead to a UAC prompt showing up. And that makes sense if you're someone who just runs the software that came with your computer and a handful of other applications. But if you're constantly looking for cool new programs to add features to your computer -- in other words, a typical Download Squad reader -- we're guessing you see the UAC prompt a lot more often than most users.

Microsoft threw a curve ball to PC users who have spent the last five years getting to know the ins and outs of Windows XP. Windows Vista promised enhanced security, new and improved graphics, and a redesigned start menu and file explorer.

But Vista also suffers from backward compatibility problems and some design changes that seem to value flash over function.

Is it worth upgrading your computer, or are you better off waiting for Service Pack 1, or Vienna, the next version of Windows due out in 2009?

As regular computer user, I don't have much interest in migrating to Vista in the immediate future. I don't think it offers any great leap in usability or functionality over XP. UAC (User Access Control) is definitely much needed and will improve security overall but it can be annoying as hell for average users. Aero Glass UI is nice to look at but does nothing to actually let you work more efficiently. Added to which, there are still doubts on how well Vista performs as a home media center or gaming platform.

On the other hand as a .Net software developer, Vista is both a blessing and a curse. I want every single Windows user migrated to Vista as soon as possible because having the .Net framework included as part of Vista's standard installation is a very big deal. This means that application installers will no longer need to check for the presence of the .Net framework or provide a method to automatically download and install it if absent. This is a huge time and effort savings for the user as the framework is a large download. Also some users are turned off by the mere idea of downloading yet another component in order to run an application in XP. With the framework part of the OS, users will have one less thing to worry about.

Tired of those "A program needs your permission to continue" warnings in Windows Vista? Well, you could turn the User Account Control off through Vista's control panel, but that eliminates some of Vista's oft-touted security enhancements.

Odds are the times you get most frustrated with the pop up warnings are when you're installing and testing new software on your computer, so it'd be nice to turn off UAC temporarily and turn it back on when you're done. But by default, that means rebooting your computer twice, once when you disable UAC, and again when you turn it back on.

TweakUAC is a nifty little freeware application that lets you quickly turn UAC on or off (which requires a reboot), or sets UAC to operate in quiet mode. What's quiet mode? It means that UAC is still running, but it won't display warnings if you're logged in as the administrator. Best of all, no reboot's required, so you can switch to quite mode while you're tweaking your software setup, and switch back to normal mode when you're done.

TweakUAC is an executable, meaning there's nothing to install. But if UAC is running normally on your PC, you will have to deal with a UAC prompt every time you run the program.

[via CyberNotes]

Much has been said about the new User Account Control (UAC) system that will be shipping with WIndows Vista. UAC is supposed to usher in a new era of security for Windows by preventing, for example, unauthorized programs from making changes to system files. Vista beta-testers are finding it to be a bit of a nuisance, however, with UAC prompts popping up for all manner of seemily-innocent operations. Over at ZDNet, Ed Bott explains the reason for these prompts and how to work around them. It's an interesting look at how Microsoft is dealing with security in Vista, and also a preview of some of the trouble less-technical users are going to be having come next year.