Guest James R. Gentile Posted September 17, 2008 Posted September 17, 2008 Does anyone know, why MS does not consider UAC to be a security boundary? And what are the trade-offs involved with making it one? Is it not possible to make it a security boundary? It seems kinda anti-customer to say "if we find a security exploit in our code (in UAC) we won't fix it," doesn't it? I wish this would be fixed in Windows 7, but I admit I don't understand all the issues involved, so any help would be nice. Quote
Guest FromTheRafters Posted September 17, 2008 Posted September 17, 2008 http://www.microsoft.com/technet/technetma...AC/default.aspx Right near the bottom. "James R. Gentile" <no1@nowhere.net> wrote in message news:bK2dnfIw_fEv_k3VnZ2dnUVZ_judnZ2d@comcast.com...<span style="color:blue"> > Does anyone know, why MS does not consider UAC to be a security boundary? > And what are the trade-offs involved with making it one? Is it not > possible to make it a security boundary? It seems kinda anti-customer to > say "if we find a security exploit in our code (in UAC) we won't fix it," > doesn't it? I wish this would be fixed in Windows 7, but I admit I don't > understand all the issues involved, so any help would be nice. </span> Quote
Guest Victor Constantinescu Posted September 20, 2008 Posted September 20, 2008 Hi, Mark Russinovich explains it best in his presentation "Windows Security Boundaries". You can view it on technet spotlight here: http://www.microsoft.com/emea/spotlight/se...spx?videoid=993 -- Victor Constantinescu aka YounGun Security MVP http://victor-youngun.blogspot.com/ "James R. Gentile" <no1@nowhere.net> wrote in message news:bK2dnfIw_fEv_k3VnZ2dnUVZ_judnZ2d@comcast.com...<span style="color:blue"> > Does anyone know, why MS does not consider UAC to be a security boundary? > And what are the trade-offs involved with making it one? Is it not > possible to make it a security boundary? It seems kinda anti-customer to > say "if we find a security exploit in our code (in UAC) we won't fix it," > doesn't it? I wish this would be fixed in Windows 7, but I admit I don't > understand all the issues involved, so any help would be nice. </span> Quote
Guest James R. Gentile Posted September 25, 2008 Posted September 25, 2008 Good article, and good video, thanks to both of you. "James R. Gentile" <no1@nowhere.net> wrote in message news:bK2dnfIw_fEv_k3VnZ2dnUVZ_judnZ2d@comcast.com...<span style="color:blue"> > Does anyone know, why MS does not consider UAC to be a security boundary? > And what are the trade-offs involved with making it one? Is it not > possible to make it a security boundary? It seems kinda anti-customer to > say "if we find a security exploit in our code (in UAC) we won't fix it," > doesn't it? I wish this would be fixed in Windows 7, but I admit I don't > understand all the issues involved, so any help would be nice. </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.