Urges users to check that the regularly-belittled prompt is really on
Microsoft this week urged users to keep an oft-criticized Windows security feature turned on, even as it said that more malware is disabling the tool.
User Account Control (UAC) is the feature that debuted in Vista and revised in Windows 7 that prompts users to approve certain actions, including software installation.
UAC was "universally hated" in Vista, and was a major complaint about the unsuccessful operating system, a Gartner security analyst said more than two years ago.
"From a usability standpoint, no one was happy. And from a security standpoint, no one was happy either, because we knew that people get 'click fatigue,'" said John Pescatore of Gartner in the months before Windows 7's launch.
Microsoft took the complaints to heart, and downplayed UAC in Windows 7 after its data showed users got irritated when they faced more than two such prompts in a session at the computer.
This week, Microsoft's Malware Protection Center (MMPC) said that malware was increasingly turning off UAC as a way to disguise its presence on infected PCs.
To disable UAC, attack code must either exploit a bug that allows the hacker to gain administrative rights -- Microsoft calls those flaws "privilege elevation" vulnerabilities -- or trick the user into clicking "OK" on a UAC prompt.
Apparently, neither are difficult.
Some of the most-common threats now in circulation -- including the Sality virus family, Alureon rootkits, the Bancos banking Trojan and fake antivirus software -- have variants able to switch off UAC, said Joe Faulhaber of the MMPC team in a post to the group's blog.
One worm, dubbed "Rorpian" by Microsoft, is especially enamored with the anti-UAC tactic: In more than 90% of the cases involving Rorpian on a single day, MMPC observed the worm disabling UAC by exploiting a four-year-old Windows vulnerability.
Nearly one-in-four PCs that reported malware detections to Microsoft had UAC switched off, either because of malware antics, or because the user turned it off.
UAC has not been problem-free on the technical side, either. Months before Windows 7's debut, a pair of researchers revealed a bug in the feature that hackers could use to piggyback on preapproved Microsoft code to trick Windows 7 into granting malware full access rights.
Although Microsoft initially dismissed their reports, it later changed UAC.
Turn User Account Control on or off
from Microsoft
User Account Control (UAC) can help you prevent unauthorized changes to your computer. It works by prompting you for permission when a task requires administrative rights, such as installing software or changing settings that affect other users.
We don't recommend turning User Account Control off. If you do turn it off, you should turn it back on as soon as possible.
1. Open User Accounts by clicking the
Start button , clicking
Control Panel, clicking
User Accounts and Family Safety (or clicking
User Accounts, if you are connected to a network domain), and then clicking
User Accounts.
2. Click
Turn User Account Control on or off. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Select the
Use User Account Control (UAC) to help protect your computer check box to turn on UAC, or clear the check box to turn off UAC, and then click
OK.
