When I was checking out my RSS feeds I happened to see that Paul Thurrott also blogged about this
on his WinSuperSite.
In the comments were links provided by a Chinese Windows researcher by the name of Asuka. He referred to two posts that provides some background on what Norton's appears to be doing to fuzz the UAC system.
I'm linking to the Google-Translate version pages. However it still leaves a bit of the technicals "lost in translation" if you will.
Norton UAC Tool theory analysis - Asuka's Blog
Vampire in mind: an in-depth realization of the principle Norton UAC Tool - Smallfrog's Technical Blog.
There is enough there to get the gist of it, and possibly one could replicate their results to figure it out on your own.
I'm no coder, but do use ProcessMonitor/ProcessExplorer heavily in my sysadmin work dealing with malware and buggy applications so I was impressed with their findings.
I personally have UAC engaged in "quiet mode" with the
TweakUAC utility and actually like the blend of flexibility/protection it provides. I'm not sure how I feel about this Norton's one. I like it in theory, but am a bit more hesitant to deploy on my system. Maybe as its method gets picked apart more by the security and coding community I might be more open to it.
It leaves me wondering now if Norton's can pull off this method of UAC interaction, what else could.
Certainly curious stuff.
Thought the "DonationCoder" community would find those deeper looks into the program's function interesting.
--Cheers!
Logged
- carpe noctem
