Main Area and Open Discussion > General Software Discussion

WINDOWS 7 THREAD (ongoing)

<< < (46/54) > >>

Lashiec:
Em, after reading the comments in Slashdot, I think it would be wise to wait until there's a real analysis, and not just a random guy commenting its findings without providing real evidence. For example, the "Win7 allows programs like Photoshop to stealthily insert themselves in your firewall exception list" is OLD, µTorrent has been doing this for years in XP.

Lashiec:
During the brief FUD debacle, development of Windows 7 towards the first Release Candidate has continued, including some minor tweaks to the OS behaviour and features. Nothing groundbreaking, but some of them are more than welcome, like #2

f0dder:
Sounds like a good amount of polishing changes :Thmbsup:

I just wish they would allow custom themes that aren't signed by MS... and of course also focus on performance, memory footprint, etc :)

Lashiec:
Around a month ago, blogger Long Zheng and developer Rafael Rivera demonstrated how to exploit two security flaws in Windows 7 UAC: one to disable the same UAC sending mere keystrokes, and the second one to autoelevate (giving administrator rights to a program without UAC prompts) any given program using rundll32 (part of Windows, which allows DLLs to run). After some confusing statements by Microsoft, the flaws were acknowledged, and somewhat fixed (I understand the second flaw can still be exploited).

Turns out that at the same time those flaws were made public and discussed in the Internet, another developer, Leo Davidson, found another flaw in UAC which essentially makes the whole system useless. Using ordinary methods built into Windows, Leo was able to inject arbitrary code into a 'trusted' process and break all kind of havoc in the system.

Peter Bright published a concise summary of the research just hours ago at Ars Technica, for those who wish to avoid the most complex technical details. The discovery does not only affect UAC but also Microsoft credibility as it seems Microsoft apps can happily bypass UAC prompts while 3rd parties had to either make users deal with the prompts or redesign their apps so they require the prompts as less as possible.

The outcome of this for now is that all the usability improvements Microsoft made for UAC in Windows 7 were for nothing, and the only way to stay secure is to raise that lever in the configuration and go back to Vista's behaviour.

f0dder:
The outcome of this for now is that all the usability improvements Microsoft made for UAC in Windows 7 were for nothing, and the only way to stay secure is to raise that lever in the configuration and go back to Vista's behaviour.-Lashiec (March 05, 2009, 09:02 AM)
--- End quote ---
Let's hope they get this fixed. Win7 is after all still in Beta mode...

Navigation

[0] Message Index

[#] Next page

[*] Previous page