A researcher at the Black Hat security conference showed how to hack the new Vista OS. Admittedly the OS does warn the user about the potential threat, but as long as the user has admin rights to the machine (which most users have to their own personal laptops or desktops) the OS lets them execute the code.
“I just hit accept,” Rutkowska replied to a question from the audience about how she bypassed UAC. Because of the many security pop-ups in Windows, many users will do the same without realizing what they are allowing, she said.
This gets back to my previous post about IE security. Simply warning the user isn’t going to cut it. And too many warnings is going to make the user do stupid things. I hope MS can come up with a better approach.
Read more here.
Post a Comment