Microsoft Relents, Will Change Windows 7 UAC


After some hemming and hawing, Microsoft has decided to change User Account Control in Windows 7 to address security issues raised by Windows 7 beta testers.

In a late Thursday blog post, Jon DeVaan, senior vice president of the Windows Core Operating System division at Microsoft, and Steven Sinofsky, senior vice president for the Windows and Windows Live Engineering Group, said the UAC changes will be included in the Windows 7 Release Candidate, which will follow the Windows 7 beta. Microsoft isn't commenting on the timing of the release.

In the past week, Windows 7 beta testers have discovered two security flaws in Windows 7 UAC: one that disables UAC in Windows 7 without any user interaction, the other that could allow attackers to create malware that piggybacks on Microsoft-signed applications and code that are designed to automatically elevate to administrative level to minimize UAC prompts.

To fix the second flaw, Microsoft will configure the Windows 7 UAC control panel to run in a high-integrity process, which requires elevation. Sinofsky and DeVaan acknowledged this as a bug fix that was already under development, and said Microsoft is aware of "a couple of others similar to that."

But Microsoft still doesn't appear to consider the first UAC flaw a vulnerability. Microsoft will alter Windows 7 UAC so that any changes to UAC's settings will prompt users for confirmation, but that change is simply Microsoft's response to user feedback, Sinofsky and DeVaan said.

Since the UAC flaws surfaced, Microsoft has denied that they qualify as actual security 'vulnerabilities' as defined by the security industry. Microsoft's stance is that malware would have to make its way onto PCs without users' consent in order for attackers to take advantage of the UAC issues, and Microsoft hasn't received any reports of that happening.

Still, Microsoft's decision will help silence critics who've begun to see parallels between its handling of the Windows 7 UAC reports and its handling of Windows Vista complaints. With Vista, Microsoft often attributed user difficulties to the design changes it had made to the OS.

However, there are still plenty of security experts who feel that UAC is a flawed concept that does little to enhance security, and who believe Microsoft needs to overhaul it or scrap it entirely.

Bruce Schneier, British Telecom's chief security technology officer, sees the Windows 7 UAC episode as an example of many PC users' mistaken assumption that security is something that should operate invisibly in the background.

"Security means it's going to be hard to use. If you're annoyed by having to take a key out of your pocket to unlock your door, and you remove the lock, you lose the security," said Schneier.

"Is there a better technological alternative to UAC? Yes, but it's going to cost money, and it's also going to be inconvenient, just in a different way."