Thanks so very, very much for your kind help. My wife is thrilled. Needless to say, so am I. And our thanks to CyberTechHelp for such a great and generous service - sher07 
Vista's UAC security is colour blind
Posted by: Tweaker
Date added: 22:14, 22nd February 2007 GMT
Source: Tech World
Windows Vista's User Account Control (UAC), a system that Microsoft says makes the new operating system safer from attack, can be spoofed and shouldn't be completely trusted, said a Symantec researcher.
Ollie Whitehouse, an architect at Symantec's advanced threats research team, first used a blog entry to point out how a hacker could use a file included with Vista to disguise the UAC warning dialog in a colour associated with alerts generated by Windows itself.
The process to spoof a UAC dialog is roundabout, but doable, said Whitehouse. It would start with a user falling for any one of the current hacker tricks. "The most likely scenario is that a user gets compromised by malicious code, from a Trojan or a vulnerability in a third-party application like Office or a browser," he said in an interview.
Next, the malicious code would drop a malformed .dll file onto a part of the hard drive that the user, who would presumably be running as a restricted Standard User, was allowed to write to. Because the user has rights to write to the disk, a UAC wouldn't pop up at that point.
Tools: Post a comment | Link to this news item | Send to a friend | Submit News
Error: You are not logged in.
In order to leave comments to news articles you must be a Cyber Tech Help Member.
Registration is completely free! 
Register to become a member
Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.
