"Always notify me," described below in the list of Windows 7 UAC Settings, is the default setting. As Long Zheng explains,
"By default, Windows 7’s UAC setting is set to “Notify me only when programs try to make changes to my computer” and “Don’t notify me when I make changes to Windows settings”. How it distinguishes between a (third party) program and Windows settings is with a security certificate. The applications/applets which manage Windows settings are signed with a special Microsoft Windows 7 certificate. As such, control panel items are signed with this certificate so they don’t prompt UAC if you change any system settings.As Long points out, until or unless Microsoft fixes this flaw, the current work-around is to change the default UAC policy to “Always Notify”. This will force Windows 7 to notify you even if UAC settings change.
The Achilles’ heel of this system is that changing UAC is also considered a “change to Windows settings”, coupled with the new default UAC security level, would not prompt you if changed. Even to disable UAC entirely."
Enter my hero:
Bill Pytlovany, the developer of WinPatrol, rides to the rescue with Scotty the Windows Watchdog, protecting Windows users from Windows 95 through Windows 7. Watch for a new release of WinPatrol v16:
"WinPatrol v16 will include a feature that lets you know if your UAC settings have changed."Update: See WinPatrol v16 Monitors Changes to UAC
Windows 7 UAC Settings:
- Always notify me and dim my desktop until I respond -- This is the most secure setting.
The Secure Desktop (dimming) will be employed providing notification before programs make changes to your computer or Windows settings that require the permissions of an administrator.
- Always notify me -- This is a medium level of security setting.
According to Microsoft there is a small security risk using this setting if you already have a malicious program running on your computer. You will be notified before programs make changes to your computer or Windows settings that require the permissions of an administrator. The UAC dialog box is not on the Secure Desktop with this setting. As a result, other programs might be able to interfere with the dialog's visual appearance.
- Notify me only when programs try to make changes to my computer -- This setting has a medium level of security.
You will be notified before programs make changes to your computer that require the permissions of an administrator. You will not be notified if you try to make changes to Windows settings that require the permissions of an administrator. You will be notified if a program outside of Windows tries to make changes to a Windows setting.
- Turn off UAC -- This is the least secure setting.
You will not be notified before any changes are made to your computer. If you are logged on as an administrator, programs can make changes to your computer without you knowing about it. If you are logged on as a standard user, any changes that require the permissions on an administrator will automatically be denied.
References:
- Massive Security Hole In Windows 7
- Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code)
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment