Earth said:Nikos, are you keeping or ditching UAC now?
PS: I wonder how many don't use UAC due to this fairly old vulnerability.
And both are right. If you take all malware that exists in the world and you count the samples that are able to bypass UAC, the number of UAC bypassing malware will be insignificant compared to the overall number of malware. The problem though is that especially a few of the very wide spread malware families are UAC aware. So a large portion of the malware you encounter today in the wild and that is responsible for the majority of infections is able to bypass UAC. So both statements are true, depending on whether you look at the situation from a statistical or from a more pragmatical point of view.Nikos751 said:Some say that most malware cannot bypass it while other people claim that here is a considerable amount of malware bypassing UAC.
Thanks!! So UAC seems to be a very good malware obstacle if properly used and on highest setting. Yes, I have it on the highest setting, but I have EAM 7 (won it some days ago via giveaway contest) along with it (edit: now only as a manual scanner as it is a bit resource heavy for real time) so there is no problem for me.Fabian Wosar said:And both are right. If you take all malware that exists in the world and you count the samples that are able to bypass UAC, the number of UAC bypassing malware will be insignificant compared to the overall number of malware. The problem though is that especially a few of the very wide spread malware families are UAC aware. So a large portion of the malware you encounter today in the wild and that is responsible for the majority of infections is able to bypass UAC. So both statements are true, depending on whether you look at the situation from a statistical or from a more pragmatical point of view.Nikos751 said:Some say that most malware cannot bypass it while other people claim that here is a considerable amount of malware bypassing UAC.
Keep in mind though that you can fix the most widespread UAC bypasses by just changing the UAC setting to the highest available setting. So if you use UAC, use it on the highest setting or don't bother using it at all.
Well obviously you know that there are some. So what are your sources?Littlebits said:But the changes are there which includes many improvements.
To exactly what they are nobody seems to know but Microsoft.
No need to. The old PoC available here still works. I recorded a demo on a fully updated Windows 8 VM. You can find it here:Littlebits said:Unless someone can provide that malware sample and do their own test of it, I would say it was just an effort to discredit UAC.
Fabian Wosar said:Well obviously you know that there are some. So what are your sources?Littlebits said:But the changes are there which includes many improvements.
To exactly what they are nobody seems to know but Microsoft.
No need to. The old PoC available here still works. I recorded a demo on a fully updated Windows 8 VM. You can find it here:Littlebits said:Unless someone can provide that malware sample and do their own test of it, I would say it was just an effort to discredit UAC.
http://tmp.emsisoft.com/fw/COM_Elevation_on_Windows_8.avi
You will need the VMware codec to play it correctly.
I already gave you the link to it. But just in case you ignored it the same way you ignored my question what your sources for your information regarding UAC are, here it is again:Littlebits said:I'm more interested in the malware sample and test it myself against Windows 8 Final fully updated.
Fabian Wosar said:I already gave you the link to it. But just in case you ignored it the same way you ignored my question what your sources for your information regarding UAC are, here it is again:Littlebits said:I'm more interested in the malware sample and test it myself against Windows 8 Final fully updated.
http://www.pretentiousname.com/misc/win7_uac_whitelist2.html#release
Download it, test it yourself.
Fabian Wosar said:
Fabian Wosar said:And of course if nobody does it for you it will be proof to you that there is no such malware, right? Even though I gave you a link to one location where Gapz has a dedicated thread directly on the first page. All you would have to do is register an account and download the samples.
Well, I think I call it EOD at this point.