Windows 7 Beta UAC “improvements”

In the Windows 7 Beta 1, there is a new “feature” in UAC (User Account Control). This new feature seems to help reduce UAC-Dialogs in specific situations, by selecting one of the follwing settings:

  • Always notify on every system change (seems to be the Vista-Style
  • Notify me only when programs try to make changes to my computer.
  • Notify me only when programs try to make changes to my computer, without using the Secure Desktop.
  • Never notify.

This sound really great!
But after looking at this, I thought: How the hell did they implement this? Will there be a list of APIs which are “safe-to-call” in one of the settings?

But after reading this answer from an MS guy in the kernel newsgroup, I could not laugh anymore…
This solution only accepts changed from MS applications!
This solution is one of the the worsts solution and might lead to some work for lawyers… but I hope that this is only a beta feature and will either be removed or opened for other (signed) apps.

I will wait and see…

3 thoughts on “Windows 7 Beta UAC “improvements”

  1. Koro

    Actually, it makes sense.

    No other binaries than those shipped with Windows can really be trusted, because “Windows knows Windows” and it knows those binaries are really what they say they are.

    Adding a mechanism for other apps to be added to this list is just asking malware and every “I’m more important than the user’s preferences” application to add themselves there, therefore completly defeating the point of UAC.

  2. jkalmbach Post author

    IMHO, it makes no sense…
    One solution would be to restrict the apps to “signed” apps, like the x64-drivers must be signed. Then MS can always identify the apps. Maybe the current implememntation is already on this base (but I don’t know;have not looked at it too deeply).

  3. Günter Prossliner

    I’ve also read (and contributed) the newsnet thread.

    It’s really funny. Not only that it’s very hard for tool vendors to tell their customers why the product XYZ still needs an UAC prompt.

    It’s also about how this “only allow MS Stuff” is implemented behind the scenes. If there is only a filename / path checking this would basically disable all the protection that UAC provides. And I do not think that such an change would make it into the product. So there MUST be a kind of Authenticode Signature Checking anyway.

    So MS could provide a kind of Logo Program (as for x64 Drivers) which apps have to pass, until they recieve a Certificate from the MS CA. Apps which are signed by such a Certificate will be handled like MS internal binaries.

    LG, Günter Prossliner

Comments are closed.