Windows 7 's quieter UAC a security risk? Of course it is.
So with Windows 7, Microsoft decided to respond to the complaints and ease up on the prompts. Now, there's an uproar because doing this has caused security problems.
The problem: by default, UAC in Windows 7 doesn't notify you if you make changes to Windows settings. Of course, that means that a script that can impersonate you and send keystrokes can make changes and you won't see notifications.
To make things worse, that includes disabling UAC completely. From there, a malicious script could perpetrate all kinds of badness.
In his post, Long Zheng states that the solution could be as simple as forcing a prompt whenever attempts are made to change UAC settings. Also, if you crank up the notifications to always notify, that will solve the problem as well.
Correct me if I'm wrong, but that makes sense, right? I'm not prepared to slam Microsoft over this just yet. Windows 7 is still in Beta, and the changes to UAC were made as a response to outcry from their user base. If you're responsible and keep your machine properly protected, this shouldn't pose a significant risk.
Don't get me wrong - I completely understand the implications and the potential for this to cause trouble. It's just that I don't see this as that big a deal considering the huge number of people still beating the Windows XP drum, and it's even less secure than Windows 7 - even with a "flaw" like this.
