A Trojan Disabling UAC? Are you sure that is possible? Please do quote source. I want to read on this flaw. (Earnestly, if this happens, UAC is better off being not existent)

DEP can't block Trojans that doesn't attack the computer via Memory Buffer Overflow or anything of that sort. DEP protects the computer from being destabilized or crashing (Which is not often the case with BSODs of XP either )

Cheers!

Data Execution Prevention (DEP) helps prevent damage from viruses and other security threats that attack by running (executing) malicious code from memory locations that only Windows and other programs should use. This type of threat causes damage by taking over one or more memory locations in use by a program. Then it spreads and harms other programs, files, and even your e-mail contacts.

Unlike a firewall or antivirus program, DEP does not help prevent harmful programs from being installed on your computer. Instead, it monitors your programs to determine if they use system memory safely. To do this, DEP software works alone or with compatible microprocessors to mark some memory locations as "non-executable". If a program tries to run code-malicious or not-from a protected location, DEP closes the program and notifies you.

DEP can take advantage of software and hardware support. To use DEP, your computer must be running Microsoft Windows XP Service Pack 2 (SP2) or later, or Windows Server 2003 Service Pack 1 or later. DEP software alone helps protect against certain types of malicious code attacks but to take full advantage of the protection that DEP can offer, your processor must support "execution protection". This is a hardware-based technology designed to mark memory locations as non-executable. If your processor does not support hardware-based DEP, it's a good idea to upgrade to a processor that offers execution protection features.

Extracted from the Integrated Help feature of MS. Read on and Cheers!

A Trojan Disabling UAC? Are you sure that is possible? Please do quote source. I want to read on this flaw. (Earnestly, if this happens, UAC is better off being not existent)

Yes it is possible, but I can't quote a source because it is not something I read and I've seen the possibility of it myself in the "msconfig.msc" section of Vista.

In the msconfig of Vista, under "Tools" section where you have the option to disable UAC.
When you select that, you can see the command line that will modify the registry entry to disable UAC on the next reboot in the text box right on the bottom.





However, I have seen a trojan "hamster huey and the gooey kablooie" firewall that can instantly disable and replace Vista's firewall immediately after clicking the "INNOCENT.EXE" trojan file.

It will spoof the firewall functions, and you think your Vista's firewall is active...until you click the double arrow to expand the firewall status in the Security Center and greeted by "Hamster Huey and the Gooey Kablooie firewall" while Vista's original firewall is disabled and set to the second priority selection.

And your point is? Does this mean that if you made a malicious script for Linux Kernel or UnixMac OS X, it won't make those OS a goner too? And i thought you need at least Admin AND sandbox mode to disable UAC, even tho it's in the registery, which is why the PC needs to be restarted for UAC's termination to take place.

---

Added on April 26, 2007, 11:51 pmBasically this is the same with any OS that has been infected with a malware or worm, and it don't need to be Vista. If a user stupid enough not to install an antivirus and a script blocker, he's not bright enough to use a PC and get mad when it's infected IMO. it's his own doing

The UAC will alert the user of everything that can be run - which is good at first and bad in the long run.

It will become annoying and then, there will come a time where the user will just unconciously ignore the warning and will keep clicking on the "Allow" button without a second thought.

You can see the warning - but your mind will no longer process it and you will straight away click "Allow" on impulse, and when it happens on a malicious script - Boom, your Vista is unprotected or fell back to XP's security level.
It is true that Vista is more secure than XP, but users must not be fooled into a false sense of security to think that Vista security feature is so bulletproof that malware cannot get through without the user knowing it.

wait a minute, whats this UAC thingy? i have installed vista on my comp for so long and still no UAC notification popup?

anyway regarding the mallicious scripts, if we install a good anti virus on it, wouldnt it disable the .exe automatically?

vista security is not flawless, but if we get other 3rd party anti virus to help protect it more then it will be ok

UAC = User Administration Control. (Either this or something of that sort)

Now, now. Cool down chaps.

First, thanks to Hattori for the info on the UAC Disabling Code. Now I understand why you said that UAC can be disabled just like that.

If I am NOT mistaken, you can still Alter Registry Data in the HKLM section without being an Admin. Correct me if I am wrong.

The restart-only-take-effect Issue has been there all along. If not for it, we can't use KillBox, MoveIt and other Tools. (Note: If you want to know, Google : PendingFileRenameOperations) So, it is a double-edged sword. Many malware also uses this method to make sure they are still alive AND for legitimate programs to run.

And IF I am NOT mistaken, There is NO Registry for Linux and MacOS. Thus, they are "safe" from registry based attacks. Correct me if I am wrong too.

Agree with linkinstreet on the Stupidity of users. If user stupid, Safest OS becomes the worst one. (It has been quoted over and over again, The Biggest Flaw of Microsoft is The USER Themselves).

Agree with Hattori on the "Accept" issue. In fact, it has been criticised over and over again elsewhere.

Cheers!