NEWS
Microsoft's efforts to make Windows 7 less annoying than Vista may also be making it less secure than its predecessor.
With Windows Vista, the operating system popped up a warning every time a major change was being made to the system, whether by the OS or by a third-party application. With Windows 7, users can choose how often to be notified, with the current default set to notify only when a third-party application is making a change.
Blogger Long Zheng, however, is drawing attention to an apparent shortcoming in that approach. Because changes to the User Account Control setting itself are being made within the OS - and not by a third party - malicious code could turn off such alerts entirely with the user getting little notice that such a change had been made. Zheng said he and fellow blogger Rafael Rivera have come up with a simple proof-of-concept code to show the vulnerability.
Microsoft is trying to thread a difficult needle here. The prompts issued by the User Account Control program, though annoying, help alert users to changes to their system. But if the prompts are so irritating that people turn off the setting - or stick with older operating systems - then this threatens the security.
A Microsoft representative was not immediately available for comment.
