A Trojan Disabling UAC? Are you sure that is possible? Please do quote source. I want to read on this flaw. (Earnestly, if this happens, UAC is better off being not existent)

DEP can't block Trojans that doesn't attack the computer via Memory Buffer Overflow or anything of that sort. DEP protects the computer from being destabilized or crashing (Which is not often the case with BSODs of XP either )

Cheers!

Extracted from the Integrated Help feature of MS. Read on and Cheers!

Yes it is possible, but I can't quote a source because it is not something I read and I've seen the possibility of it myself in the "msconfig.msc" section of Vista.

In the msconfig of Vista, under "Tools" section where you have the option to disable UAC.
When you select that, you can see the command line that will modify the registry entry to disable UAC on the next reboot in the text box right on the bottom.





However, I have seen a trojan "hamster huey and the gooey kablooie" firewall that can instantly disable and replace Vista's firewall immediately after clicking the "INNOCENT.EXE" trojan file.

It will spoof the firewall functions, and you think your Vista's firewall is active...until you click the double arrow to expand the firewall status in the Security Center and greeted by "Hamster Huey and the Gooey Kablooie firewall" while Vista's original firewall is disabled and set to the second priority selection.

And your point is? Does this mean that if you made a malicious script for Linux Kernel or UnixMac OS X, it won't make those OS a goner too? And i thought you need at least Admin AND sandbox mode to disable UAC, even tho it's in the registery, which is why the PC needs to be restarted for UAC's termination to take place.

---

Added on April 26, 2007, 11:51 pmBasically this is the same with any OS that has been infected with a malware or worm, and it don't need to be Vista. If a user stupid enough not to install an antivirus and a script blocker, he's not bright enough to use a PC and get mad when it's infected IMO. it's his own doing

The UAC will alert the user of everything that can be run - which is good at first and bad in the long run.

It will become annoying and then, there will come a time where the user will just unconciously ignore the warning and will keep clicking on the "Allow" button without a second thought.

You can see the warning - but your mind will no longer process it and you will straight away click "Allow" on impulse, and when it happens on a malicious script - Boom, your Vista is unprotected or fell back to XP's security level.
It is true that Vista is more secure than XP, but users must not be fooled into a false sense of security to think that Vista security feature is so bulletproof that malware cannot get through without the user knowing it.

wait a minute, whats this UAC thingy? i have installed vista on my comp for so long and still no UAC notification popup?

anyway regarding the mallicious scripts, if we install a good anti virus on it, wouldnt it disable the .exe automatically?

vista security is not flawless, but if we get other 3rd party anti virus to help protect it more then it will be ok

UAC = User Administration Control. (Either this or something of that sort)

Now, now. Cool down chaps.

First, thanks to Hattori for the info on the UAC Disabling Code. Now I understand why you said that UAC can be disabled just like that.

If I am NOT mistaken, you can still Alter Registry Data in the HKLM section without being an Admin. Correct me if I am wrong.

The restart-only-take-effect Issue has been there all along. If not for it, we can't use KillBox, MoveIt and other Tools. (Note: If you want to know, Google : PendingFileRenameOperations) So, it is a double-edged sword. Many malware also uses this method to make sure they are still alive AND for legitimate programs to run.

And IF I am NOT mistaken, There is NO Registry for Linux and MacOS. Thus, they are "safe" from registry based attacks. Correct me if I am wrong too.

Agree with linkinstreet on the Stupidity of users. If user stupid, Safest OS becomes the worst one. (It has been quoted over and over again, The Biggest Flaw of Microsoft is The USER Themselves).

Agree with Hattori on the "Accept" issue. In fact, it has been criticised over and over again elsewhere.

Cheers!