Wednesday, April 6, 2011

Windows 7: A playground for hackers ?

Microsoft says windows 7 is safer, better looking and faster than Vista. But some security loopholes that have existed right from the beta phase have still not been completely dealt with. The main problem lies with the revamped User Account Control System (UAC) which has been toned down since users found the Vista version too intrusive. Ever since Vista, the user runs with only limited rights. If he wants to make system related changes, a UAC warning message is displayed and admin rights must be proven. However, the annoying pop-ups used to appear even for very small updates.


The new UAC from Windows 7 was designed to let the user control how alarms are raised, but the default low setting allowed hackers to run a simple script that let them later run any progrm with admin rights. Attackers can turn off the UAC through DLL injection even in the release candidate. Thus, every program gets admin rightd with just a click of the mouse. Even worse: Internet Exploer's Protected Mode can be disabled without the user being aware.