Running Internet Explorer 7? Have UAC turned off, or running an administration account on XP? Then you *deserve* to fall victim to the latest security flaw in IE!
The flaw in IE 7 (and apparently, IE 6 too) can cause cracked or maliciously-crafted websites to be able to take control of your computer - or in more technical terms, it enables a remote attacker to execute arbitrary code on your computer.
If you have turned UAC off on Vista, or you are running an Administrator account every day on XP, then you really shouldn’t be complaining about Microsoft’s bad security record. People running Vista with its security system intact will be tipped off by a UAC prompt. In fact, if they are running with UAC they will probably not be affected at all by the flaw as Internet Explorer 7 runs under an ultra-limited user account. If you don’t run with UAC, you’ve just effectively installed backdoors and malware on your machine.
Who have you got to blame? Yourself!
If you have a computer running XP that is capable of Vista, then PLEASE upgrade (or switch to Linux). The security benefits are worth it. And don’t, for god’s sake, turn off UAC or enable a root account!
I don’t have to worry about the Internet Explorer flaw. I use Firefox. Yes, a similar problem could possibly be found with Firefox, but it’s less likely due to the open nature of the code. A similar flaw with Firefox wouldn’t do much on my system anyway - I use Linux, and I don’t bypass its security systems, so nobody could use the flaw to install software on my machine or spy on me. The code being executed would only run under my limited user account so there’s not really a lot that it could do.
Why not try downloading and installing Linux as your main operating system? I recommend the Ubuntu distribution, downloadable from www.ubuntu.com. Be aware that Linux is very different to Windows, but it is no more difficult to use. It is a lot more secure, and very enjoyable to use!
Entries (RSS)
While I agree with the principle of your article, there are a few flaws.
1) UAC sucks. Period.
2)IE7 sucks, as well.
Really the title should be “You get what you deserve for using IE7″, not anything to do with UAC. And the difference between Linux user and admin is a much bolder line than between Windows user and Admin. Technically, I have local admin rights as I write this in XP, but i am not an admin, per se. Now, in Linux you have root as the end all admin to end all admins then the multiple layers of sudo and permissions. While I agree with you that Linux is more secure, I don’t think UAC, how it is in Vista, is worth its weight in salt. UAC doesn’t protect you. I know plenty of people that I left it turned on and all they do now is click confirm without even thinking. That isn’t any more secure than using and unpatched XP box with and unpatched copy of IE6 surfing warez sites.
Oh, and I use Debian on my personal home machine with a Vista hard drive for video games. Vista is extremely secure when you don’t boot into it.
UAC is more than just the prompts. I’d agree that IE 7 sucks. I’d agree that a security problem can exist between the keyboard and chair when UAC is turned on, due to the user just clicking “Confirm” to the prompts.
UAC is a bit more than the prompts, though. Internet Explorer 7 will run with extremely limited permissions with no elevation when UAC is turned on, sorta like running Firefox on Linux with a restrictive AppArmour profile. Anything that requires higher privileges in IE 7 will simply fail, it won’t even prompt.
That’s my understanding of it, anyway. I may be wrong and IE 7 might bring up UAC prompts. Or the website attack might find a way around the limited permissions to start running code in your normal user account and force a UAC prompt. Or, worst-case scenario, it finds a way to run code as administrator without forcing a prompt.
I can’t really comment on how well Vista’s security works in the real world, because I’m not a Windows user, but from what I’ve read it would seem that UAC serves a useful purpose.