Microsoft is changing their minds on just how Windows 7 UAC will function. In a blog post over at ‘Engineering Windows 7’ it now appears that some changes will be made. I am no security expert but it is good to see that the Redmond giant is going to take a new approach after several bloggers posted what they deemed were several security flaws in how UAC functioned in Windows 7.
In the blog statement from Microsoft it states that:
The first issue to untangle is about the difference between malware making it onto a PC and being run, versus what it can do once it is running. There has been no report of a way for malware to make it onto a PC without consent. All of the feedback so far concerns the behavior of UAC once malware has found its way onto the PC and is running. Microsoft’s position that the reports about UAC do not constitute a vulnerability is because the reports have not shown a way for malware to get onto the machine in the first place without express consent. Some people have taken the, “it’s not a vulnerability” position to mean we aren’t taking the other parts of the issue seriously. Please know we take all of the feedback we receive seriously.
The word “vulnerability” has a very specific meaning in the security area. Microsoft has one of the leading security agencies in the world in the Microsoft Security Response Center ([email protected]) which monitors the greater ecosystem for security threats and manages the response to any threat or vulnerability related to Microsoft products. By any definition that is generally accepted across the world wide security community, the recent feedback does not represent a vulnerability since it does not allow the malicious software to reach the computer in the first place.
It further states that:
Much of the recent feedback has failed to take into account the ways that Windows 7 is better than Windows Vista at preventing malware from reaching the PC in the first place. In Windows 7 we have continued to focus on improving the ability to stop malware before it is installed or running on a PC.
I believe there in is the real issue. Will Windows 7 be more secure that Windows Vista? According to the folks at Microsoft it will be. But less face it. Microsoft has been talking about a secure system for a decade. Will Windows ever be 100% secure? I doubt it.