Tool shoves 'annoying' Vista security feature aside

Software developers claim they have created a tool to bypass User Account Control — an "annoying" security feature in Windows Vista, according to Microsoft executives.

The developers from NeoSmart said on their Web site that the UAC feature was "only there to give the impression of security".

UAC is a controversial feature of Vista designed to stop users from installing or executing arbitrary code. Many see it as a hindrance to performing everyday tasks, as it requests confirmation from users without administrator rights for many actions where no user confirmation was needed in Vista's predecessor, XP — in Vista, administrator is not the default setting.

iReboot, the tool developed by NeoSmart, helps users choose which operating system to reboot into. UAC had stopped the application from running at start-up, but the developers now claim to have bypassed UAC by splitting iReboot into two. One of the parts, running in the background, has privileged access to the operating system without requiring administrator approval each time the machine boots; the other part, running as a client program, interacts with this back-end service.

As the developers were able to grant the back-end part of the program privileges to run without express user approval every time the machine starts up, they claimed that Windows Vista's security limitations are "artificial at best, easy to code around, and only there to give the impression of security".

"Any program that UAC blocks from starting up 'for good security reasons' can be coded to work around these limitations with (relative) ease," wrote the developers in a blog post. "The 'architectural redesign' of Vista's security framework isn't so much a rebuilt system as much as it is a makeover, intended to give the false impression of a more secure operating system."

Earlier this month Microsoft product unit manager David Cross, said that UAC was deliberately designed to "annoy users", in order to put pressure on third-party software makers to make their applications more secure.

Microsoft had not responded to a request for comment at the time of writing.

• Related stories

• Alerts

Add your opinion

1. The main purpose of UAC is increasing the security Anonymous -- 29/04/08

   The main purpose of UAC is increasing the security, becuase UAC reduces the privileges of all users allowing them to work with "the least of privileges" paradigma and elevating them only when needed via UAC's prompt.
   The secondary purpose is to force developers to write programs which don't require administrative privileges i.e. developer have to rewrite own code if they want survive in Vista system

   • Reply to comment
   • Reply to story
   • Report offensive content

   1. UAC Anonymous -- 30/04/08

      You can turn UAC of permantently by running
      msconfig in the run command or by turning it off via the control panel
      The best way is to to switch it off is via msdiag as it disable the start up process of uac completeley
      For details go to: http://www.compuforums.org/windows/4447-how-turn-uac-vista.html#post28609

      • Reply to comment
      • Report offensive content

2. Ummm SomeGuy -- 29/04/08

   ..if you don't want it, turn it off in control panel... it's really not that hard... what a dumb **** non story....

   • Reply to comment
   • Reply to story
   • Abuse reported

3. Do not turn off UAC! Anonymous -- 30/04/08

   I just cannot understand some people. The whole concept of using the lowest security context for users has been common practice for unix, linux for years and "recently" for OSX.
   
   Microsoft was being beaten to a plup for not doing the same with XP and causing the bulk of the worlds "security issues" (spam, bots, trojans, etc).
   
   Microsoft has been telling people not to use administrative user accounts for years, since Windows 2000 time actually, but no one really listened.
   
   Microsoft was not able to force this with XP, so when they made Vista, they forced it... and people then complained!?
   
   I am not a Microsoft apologist but I commend them for finally making a change to their OS and forcing this utterly required core change.
   
   Anyone that turns off UAC, is plain and simple, being stupid. Properly and securely written code will NOT generate any UAC prompts.
   
   NO program should write files to the CORE OS folders.
   
   NO program should make modifications or additions to the CORE areas of the registry.
   
   NO program should ever invisibly make changes to the CORE OS.
   
   These three areas are just part of what UAC are protecting YOU from.
   
   If you are seeing UAC prompts "often" then YOU are making CORE OS changes - YOU need to ask yourself WHY YOU are doing this!

   • Reply to comment
   • Reply to story
   • Report offensive content

   1. UAC & previous Weak Design, interfere with admin. Thomas W -- 04/05/08

      I'm a highly experienced & competent user. During my trial of Vista I deliberately tried to retain the UAC for several days.. before giving up on it.
      
      Setting up the machine & installing/ customizing software required *continuous* *continuous* ongoing UAC prompts. Scores of them.
      
      The final straw, if I recall, was double-prompts when trying to tidyup & organize that abortion of a dumping-ground known as the 'Start Menu'.
      
      Eventually I threw it away and rebuilt the machine on XP. Whereupon I was much happier, and finally, could get some work done.
      
      TIP OF THE YEAR: organize the "Start Menu".
      - Switch the Start Menu to 'classic view', and turn off personalized menus.
      - Then organize the programs you use, into a few top-level folders; a 'palette' if you like.
      - Create "System" and "Misc" folders for all the other junk placed by M$, in your Programs menu.
      - Your most-important menus can even be placed as top-level within the start menu; above "Programs".
      - I create "Dev" and "Docs" folders at the top level. (I'm a software developer). "Docs" is generally useful; users can easily find MS Word, Excel, Office etc here.
      - Replace "Dev" with whatever work-specific category is appropriate for you. "Design" for a graphic designer perhaps, or whatever reflects your work.
      - On servers I create a "Server" category; and create shortcuts to server management & administration tools, eg. services.msc.
      
      Basically what we're looking at here, is a competent & tidy approach to structure (in the Start Menu).
      
      If MS knew what they were doing, they would have taken said competent & smart approach to structure vis a vis. the /WINDOWS/SYSTEM32 folder and other ragbag internals of a ragbag operating machine.
      
      Enabling UAC before they sort their shorts out, just causes users problems.
      
      The idea of 'Personalized Menus' to sort out the fact that they've made the Programs Menu a dumping ground, just epitomises the flawed approach & incompetent logic --
      
      -- of what was once a major software company.

      • Reply to comment
      • Report offensive content

4. They "bypassed" it by designing their program properly Anonymous -- 30/04/08

   If you read the comments that follow NeoSmart's blog post, you see it being pointed out that:
   (a) They don't bypass UAC's security at all. They still require the user to authorise their program at installation. UAC hasn't been bypassed at all - though that was their initial claim.
   (b) The final design they "discovered" was the recommended way to do it. One UAC authorisation at install, and that's it.
   
   Also, the context of a quote, and who is saying it, is important. When a programmer says that something was designed to "annoy" a user, it doesn't necessarily mean that it was done with malicious intent.
   
   Other comments here deal with why UAC is a good thing, and getting many UAC prompts is an indication of something being, most likely, wrong.
   
   The programs I write don't cause UAC prompts because they do things the way they should, not the most lazy/easy way for the programmer.

   • Reply to comment
   • Reply to story
   • Report offensive content

• Just In

• Most Popular

• Most Discussed

Hot Spot - What's Important

Driving Business Growth Through Enterprise IT Management
Dig deeper by clicking here »

Achieve continuous availability with high performance NonStop blade technology

Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.

When chief information officers and other technology managers talk about their priorities, security is always high on the list.

Principles for a successful business

Reader Services

Popular Topics

Essentials