Windows 7 Beta vulnerability

[Skuzzy]

I know many of you are participating in the Windows 7 Beta program, so I thought I would give a heads-up.

There is a vulnerability in it which is being exploited.  It has to do with UAC.  Here is where you can read about it.

Also note, Microsoft is apparently moving to take Windows 7 directly from the current Beta to a release candidate.  Looks like they will be shipping Windows 7 earlier than most thought.  Probably mid-2009.

[Getback]

I know many of you are participating in the Windows 7 Beta program, so I thought I would give a heads-up.

There is a vulnerability in it which is being exploited.  It has to do with UAC.  Here is where you can read about it.

Also note, Microsoft is apparently moving to take Windows 7 directly from the current Beta to a release candidate.  Looks like they will be shipping Windows 7 earlier than most thought.  Probably mid-2009.

Wow and it's not a flaw! Why is MS allowing this.

[pervert]

Wow and it's not a flaw! Why is MS allowing this.

Just go too their website and try and find anything your looking for, its a baffling confusing quest of page after page only too end up with nothing a bit like windows OS it seems too be some sort of job creation scheme were they fix problems they created. 
Best OS they made IMO was windows 2000.

[Skuzzy]

Wow and it's not a flaw! Why is MS allowing this.

Silly question.  Microsoft knows what is best for your computer, regardless of how you think it should work.

[Wayout]

Wow and it's not a flaw! Why is MS allowing this.

Vista is starting to look better and better.     

[MrRiplEy[H]]

This flaw is not really a big flaw.

First of all, most people disable UAC as a first thing they do - this leaves their system as open as this 'flaw' does by users themselves.

Second this exploit is only possible with relaxed UAC setting where secure desktop function (you know the annoying 'ding' and dark background) is disabled in settings. It's possible to disable this function in Vista registry also btw.

Third, Vista/W7 without UAC is no less secure than XP or W2k.

And fourth, getting this script to run on the computer needs either hacker to have access to users credentials or have the user run the malware themselves. So in this sense its just business as usual as far as windows security goes.

[Masherbrum]

Fifth, Vista, I mean 7 sucks.   

[Skuzzy]

<snip>
First of all, most people disable UAC as a first thing they do - <snip>

I'll disagree with this.  Most people I deal with everyday complain about it, but have no idea they can disable it.  They are the buyers of HP/Compaq systems from Best Buy.  There are a lot of them out there.

I do agree that it is business as usual with Windows though.

However, my concern lies with most people configuring thier Windows systems to be wide open and exposed to malware/spyware programs.  All it takes is one to ruin your day.

[MrRiplEy[H]]

Fifth, Vista, I mean 7 sucks.   

I wouldn't say that. Windows 7 is already much improved from Vista as far as user interface goes. The driver trouble etc. are very sad but the reality is there won't be any XP based products available in the future.

I ran W7 beta on my parallels virtual machine with my macbook pro and it performed flawlessly on 512mb ram. With flawless I mean that the performance in desktop use was as good as it gets using a virtual machine. Gaming won't work with it so I didn't even bother to try.

While performance was good the only thing that truly sucks is UAC and the way it messes up legacy software installed in program files folder.

[MrRiplEy[H]]

I'll disagree with this.  Most people I deal with everyday complain about it, but have no idea they can disable it.  They are the buyers of HP/Compaq systems from Best Buy.  There are a lot of them out there.

I do agree that it is business as usual with Windows though.

However, my concern lies with most people configuring thier Windows systems to be wide open and exposed to malware/spyware programs.  All it takes is one to ruin your day.

If you look at it the other way, people who can't figure out how to disable UAC are the ones who will learn to click 'accept' to every prompt that comes along so they are left out in the open regardless of the fact.

[Skuzzy]

I agree with that as well.

Most people have no idea why that irritating little box is there.  They describe it as a nuisance, and to some degree they are right.  The implementation in Vista really was quite bad.  While improved in Windows 7, it is still popping up when it does not need to.

It is just a bad design.

[MrRiplEy[H]]

I agree with that as well.

Most people have no idea why that irritating little box is there.  They describe it as a nuisance, and to some degree they are right.  The implementation in Vista really was quite bad.  While improved in Windows 7, it is still popping up when it does not need to.

It is just a bad design.

Yep the problem with computers is that most users would actually need some other party as responsible for their hardware and users would run on user level rights only. It's like handing a loaded gun to a child and send the child in the wild in middle of criminals. Someone will politely ask the child to hand over the gun and the child will most likely do it. Rest is history.

[Skuzzy]

The actual problem is Windows was never designed to be secure.  The very foundation of the operating system's design prevents it from being secure.

UNIX is a far more secure platform, but restrictive as to what a user can do.  But even with that, there are those who simply log in as root so they do not have to deal with it.

The bottom line is, when it comes to computers, most end users do not have the discipline to operate them in a secure manner.  Microsoft knows this, so Vista was a first attempt at taking control away from the user so they can be protected from themselves.