Littlebits said:
But the changes are there which includes many improvements.
To exactly what they are nobody seems to know but Microsoft.
Well obviously you know that there are some. So what are your sources?
To clear up a few things both statements can not be backed up by facts, since Microsoft doesn't release detailed changelogs.
Fabian Wosar has the same right to his opinion as so do I.
There is no info that can be found that Microsoft didn't make any improvements to UAC on Windows 8 or what improvements all were made except for other user opinions. To myself it wouldn't appear logical that Microsoft would release a new OS and do nothing at all to improve UAC.
Since there really isn't any facts to backup the claim either way, it is up to the user to believe what they want to.
The facts:
Does UAC on Windows still have vulnerabilities?
Yes it does, every component of Windows and other OS, software, etc. has vulnerabilities whether it is known or not. Just because a vulnerability is known doesn't mean it will be exploited by malware. Many past vulnerabilities in OS components, software, etc. were never exploited.
Most software developers like Microsoft will patch the vulnerabilities that have been known to be exploited first and worry about the others later.
Has vulnerabilities in UAC been exploited by malware?
There is no info or malware samples been known to do this yet. Possibly as malware evolves it could happen. Most malware now uses fake alert websites and other methods to fool users into manual downloading and executing malicious files. This method is very successful it doesn't require malware writers to have to use complex methods like exploits to infect systems. Users will simply ignore UAC warnings and approve the malicious processes.
Many reports and tests on the web misleads users into believing that Windows 8 default security is no good.
Also many reports and test mislead users into believing that just because there is a known vulnerability it is automatically exploited by malicious activities which is not always true.
I hope that explains a little more.
Thanks.