NOW READ THIS
("Security Advisory")
Go Back
Submitted by: Bill Hickey
NCVA List Master
NRT-0073 VISTA's Security Messages Vulnerable to Spoofing:
A security "feature" in Microsoft's new Windows VISTA operating system designed to give IT administrators more control over workers' desktops can be easily fooled by malware because it is effectively "color blind" according to research performed by Symantec. The User Account Control (UAC) feature in Windows VISTA is designed to prevent individuals from making system changes that are not authorized by their IT departments (obviously, this feature impacts primarily businesses and networks) - for example, to prevent misguided workers from installing software that could present a threat to their corporate networks. A user who attempts such a change is greeted with an error message bordered in bright red informing them that the move is not authorized. Notifications for supposedly innocuous changes not requiring administrator approval - such as activating a driver or other component that is a built-in part of Windows - are presented within a friendly, light-green border. The trouble, according to Symantec, is that malicious code can "trick" Windows VISTA into generating the green notification when it should be holding up the stop sign. The user is presented with a UAC prompt that falsely claims that Microsoft Windows needs to elevate permissions ... not a third-party application." The problem can occur when users try to activate a part of Windows VISTA RunLegacyCPLElevated*dot*exe that's supposed to make VISTA compatible with older Windows Control Panel plug-ins. Files associated with that executable program can act as Trojan horses for malware that can get written to unprotected areas of a user's hard drive after he or she gets the bogus green light. Microsoft, in a best practices guide, concedes that VISTA's color-coded warnings are NOT a failsafe security measure. "The UAC prompts aren't a direct security boundary - they don't offer protection" says Microsoft. They do offer you a chance to verify an action before it happens.
(http://www.informationweek.com 28FEB07)
Last Modified: Tuesday, 13-Mar-2007 18:38:58 EST