Mr. Arnold said:
I wouldn't use the thing. It's about as bad as Application Control in 3rd
party personal FW(s) or other such nonsense snake-oil solutions. One wants
the mouse click on the accept button when it's malware that was *accepted*
and remembered so that one is not asked about it again.
Yes, one might as well just silently elevate as with UAC turned off.
Allowing UAC to partially function is just lending users a false sense
of security. True, other aspects of UAC still enhance security if this
portion is circumvented, but the false belief that a whitelist won't be
abused by malware is damaging.
I hope I am correct in assuming the whitelist isn't based simply on
filenames, and that there is protection against it being edited by
malware. Even so, what is so bad about being asked if you really
intended to execute a particular program - especially since there
are no complaints about the ubiquitous 'confirm delete'. There is
much more power in *execute* than there is in *delete* especially
if cryptovirology is involved.
It's just below this one. Hey, I turned UAC off, because I have ran this
way for 25 years from Win 9'x as root admin, and I have ran as user/admin
on Win NT 4.0, Win 2k, and XP with full admin rights.
Three cheers for Microsoft for making it more difficult to do this
in Vista. This split (or filtered) token and the default hiding of the
(non-filtered token) admin account makes it much harder for the
malware to entrench itself in the system - and more difficult for the
average user to circumvent this security enhancement.
I am good man. I am so good, computer savvy, and it can't happen to me on
the Internet. Hey, so what if I get some malware that something detected.
I'll wipe out the machine if it happens.
The focus on recovery *only* is misplaced. Recovery should be
risk mitigation in the event of some failure in the primary preventive
measures. Avoidance measures aren't perfect, so recovery is a
necessary aspect - but shouldn't be relied upon. Besides, what
about the data leakage that could happen between infestation and
recovery? What about the harboring of malware that uses their
computer to dDoS others' and/or spread further? Individual users
should have more concern about the community of which they are
a part.
Vista's security by default and the difficulty in circumventing it
is a step in the right direction - and making it easier to circumvent
is a step backward.
But little did I know that a whole boat load of malware has come past my
little security blanket, planted itself deep and can't be detected by my
detection security blanket, and it's been this way for a long time.
Perhaps undetected long enough to poison the backups within their
recovery plans.
I don't even know how to go check things out for myself with other tools
manually and look around and see what is running on the machine from time
to time.
Hey, I am good and my security detection blanket is good too. Everything
is okay-dokey!
In some cases, even tools can be lied to by the system.
I suppose their ignorance is bliss, right up until it kills them.
--end soapbox mode--
)