Hello,
For instance by asking for my password. Can't UAC distinguish between my
input as user and what the program tries to do?
Once you've pre-approved an application to run elevated without consent, the
cat is out of the bag. Other programs can run that program and bypass their
privilege restrictions.
Imagine the case where you mark the command prompt as
always-elevated-without-prompt. Other programs could start a command prompt
and then run some payload from that elevated command prompt with full
privileges - without you knowing about it - thus defeating the purpose of uac.
As for your second point, YES Windows can be made to tell whether you are
performing UI - but it CANNOT know what you intend to do with the UI.
To use my command prompt example, Windows could be modified so that a
program could only launch the elevate-without-prompting command prompt when
you say click a button. But, a malicious program could pop up a message box
saying you won a thousand dollars and only offer one button, OK, for the user
to click on to dismiss the dialog - and when the user clicks that button, WAM
the payload would be executed.
Windows CAN tell when you are doing UI ... Windows CANNOT tell what you
intend to accomplish by performing the UI, nor what an application will do
with said UI.
- JB