bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 26th Nov 2010, 11:05   #1
CardJoe
Freelance Journalist
bit-tech Staff
 
CardJoe's Avatar
 
Join Date: Apr 2007
Posts: 11,339
CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.
Windows zero-day flaw bypasses UAC

http://www.bit-tech.net/news/bits/20...bypasses-uac/1
__________________
----------------

I was Bit-tech's Games Editor. Now I'm freelance. Find me at:

www.joemartinwords.com

@joethreepwood on Twitter
CardJoe is offline   Reply With Quote
Old 26th Nov 2010, 11:10   #2
Jamie
ex-Bit-Tech code junkie
 
Jamie's Avatar
 
Join Date: Mar 2001
Location: Oxford, UK
Posts: 8,179
Jamie has yet to learn the way of the DremelJamie has yet to learn the way of the DremelJamie has yet to learn the way of the DremelJamie has yet to learn the way of the DremelJamie has yet to learn the way of the DremelJamie has yet to learn the way of the DremelJamie has yet to learn the way of the Dremel
So all vista users have been bugged by UAC for absolutely no reason? I loled
__________________
Jamie is offline   Reply With Quote
Old 26th Nov 2010, 11:19   #3
Shichibukai
Resident Nitpicker
 
Join Date: Sep 2009
Posts: 137
Shichibukai can run CrysisShichibukai can run CrysisShichibukai can run CrysisShichibukai can run CrysisShichibukai can run CrysisShichibukai can run CrysisShichibukai can run CrysisShichibukai can run CrysisShichibukai can run Crysis
Bahahaha...since i first saw UAC i knew it was useless, if they just discovered it only God knows how long coders have been using it >.>
Shichibukai is offline   Reply With Quote
Old 26th Nov 2010, 11:22   #4
WarrenJ
Mod Master
 
Join Date: Oct 2009
Location: Staffs, Just Outside Mordor.
Posts: 2,409
WarrenJ is the Cheesecake. Relix smiles down upon them.WarrenJ is the Cheesecake. Relix smiles down upon them.WarrenJ is the Cheesecake. Relix smiles down upon them.WarrenJ is the Cheesecake. Relix smiles down upon them.WarrenJ is the Cheesecake. Relix smiles down upon them.WarrenJ is the Cheesecake. Relix smiles down upon them.WarrenJ is the Cheesecake. Relix smiles down upon them.WarrenJ is the Cheesecake. Relix smiles down upon them.WarrenJ is the Cheesecake. Relix smiles down upon them.WarrenJ is the Cheesecake. Relix smiles down upon them.WarrenJ is the Cheesecake. Relix smiles down upon them.
it was only time i guess, looks like MS needs to get a patch out quick smart.
__________________
Quote:
Originally Posted by Evolutionsic View Post
"Trust no one"
WarrenJ is offline   Reply With Quote
Old 26th Nov 2010, 11:23   #5
tom_hargreaves
Comfy shoe wearer
 
tom_hargreaves's Avatar
 
Join Date: Mar 2010
Location: Lancashire
Posts: 49
tom_hargreaves has yet to learn the way of the Dremel
The first thing I do with a new install of VIsta/W7 is turn that UAC crap completely off.

It's quite possibly more annoying than the viruses and adware.
tom_hargreaves is offline   Reply With Quote
Old 26th Nov 2010, 11:28   #6
Fizzban
Man of Many Typos
 
Fizzban's Avatar
 
Join Date: Mar 2010
Location: Standing Here Beside Myself
Posts: 3,051
Fizzban is definitely a rep cheat.Fizzban is definitely a rep cheat.Fizzban is definitely a rep cheat.Fizzban is definitely a rep cheat.Fizzban is definitely a rep cheat.Fizzban is definitely a rep cheat.Fizzban is definitely a rep cheat.Fizzban is definitely a rep cheat.Fizzban is definitely a rep cheat.Fizzban is definitely a rep cheat.Fizzban is definitely a rep cheat.
I turned UAC off the same day I first installed Windows 7. I'd be pretty surprised if most people didn't.
__________________
-Banana in disc drive error-

To win the battle, is to be prepared to die - Miyamoto Musashi

Quote:
Originally Posted by RedFlames View Post
Asking to pick between the main parties is like asking which testicle you want to be kicked in, you're gonna get kicked the nuts whoever you pick... Just have to hope whoever you pick aren't wearing steelies...
Fizzban is offline   Reply With Quote
Old 26th Nov 2010, 11:41   #7
r4tch3t
hmmmm....
 
r4tch3t's Avatar
 
Join Date: Aug 2005
Location: New Zealand
Posts: 3,153
r4tch3t is a hoopy frood who really knows where their towel is.r4tch3t is a hoopy frood who really knows where their towel is.r4tch3t is a hoopy frood who really knows where their towel is.r4tch3t is a hoopy frood who really knows where their towel is.r4tch3t is a hoopy frood who really knows where their towel is.r4tch3t is a hoopy frood who really knows where their towel is.r4tch3t is a hoopy frood who really knows where their towel is.r4tch3t is a hoopy frood who really knows where their towel is.r4tch3t is a hoopy frood who really knows where their towel is.r4tch3t is a hoopy frood who really knows where their towel is.r4tch3t is a hoopy frood who really knows where their towel is.
I have yet to be bothered by UAC on Windows 7 apart from the installation. It s much better than it was in Vista. I don't see why people turn it off in 7.
And I am sure Microsoft will patch it soon. People have been using UAC for no reason? Nope, it works, and this is the first one to bypass it in how many years?
__________________
France just seems small, because it's so easy to conquer
r4tch3t is offline   Reply With Quote
Old 26th Nov 2010, 12:00   #8
[USRF]Obiwan
I *am* a Dremel
 
Join Date: Apr 2003
Location: Netherlands
Posts: 1,703
[USRF]Obiwan is the Cheesecake. Relix smiles down upon them.[USRF]Obiwan is the Cheesecake. Relix smiles down upon them.[USRF]Obiwan is the Cheesecake. Relix smiles down upon them.[USRF]Obiwan is the Cheesecake. Relix smiles down upon them.[USRF]Obiwan is the Cheesecake. Relix smiles down upon them.[USRF]Obiwan is the Cheesecake. Relix smiles down upon them.[USRF]Obiwan is the Cheesecake. Relix smiles down upon them.[USRF]Obiwan is the Cheesecake. Relix smiles down upon them.[USRF]Obiwan is the Cheesecake. Relix smiles down upon them.[USRF]Obiwan is the Cheesecake. Relix smiles down upon them.[USRF]Obiwan is the Cheesecake. Relix smiles down upon them.
This is very serious indeed. It could bring total control to attacker and lock all other users from using anything.

Only remedy is to shutdown the PC now and never start it again or unplug Ethernet/wifi until patch is made available now...

All joking aside, this could produce mall-ware that even surpasses the incredibly hard to remove "fake anti virus" mall-ware.
__________________
Mascleta: "The most accurate simulation of thunder, humans can simulate..."
The answer is 42, so... whats the question again?
If you know what 'Peek' and 'Poke' represents, then you are probably as old as me.
In 1982 I was addicted to Lady Bug and played it in the local arcade (every day) And yes i'm proud I did that!
[USRF]Obiwan is offline   Reply With Quote
Old 26th Nov 2010, 12:03   #9
bogie170
Supermodder
 
Join Date: Aug 2008
Location: Southampton, UK
Posts: 340
bogie170 has yet to learn the way of the Dremel
Well so long as your Anti-Virus recognises the trojan and blocks it you should be safe.

Might be worth checking which AV softwares recognises it and which don't.
bogie170 is offline   Reply With Quote
Old 26th Nov 2010, 12:03   #10
tristanperry
Hypermodder
 
tristanperry's Avatar
 
Join Date: May 2010
Location: Cardiff, UK
Posts: 833
tristanperry is the Cheesecake. Relix smiles down upon them.tristanperry is the Cheesecake. Relix smiles down upon them.tristanperry is the Cheesecake. Relix smiles down upon them.tristanperry is the Cheesecake. Relix smiles down upon them.tristanperry is the Cheesecake. Relix smiles down upon them.tristanperry is the Cheesecake. Relix smiles down upon them.tristanperry is the Cheesecake. Relix smiles down upon them.tristanperry is the Cheesecake. Relix smiles down upon them.tristanperry is the Cheesecake. Relix smiles down upon them.tristanperry is the Cheesecake. Relix smiles down upon them.tristanperry is the Cheesecake. Relix smiles down upon them.
LOL at Jamie's post!

I agree though - UAC is annoying as heck and I also turn it straight off once (re)installing Windows.

I'd imagine it'll be fixed by Microsoft fairly quickly, anywhoo.
__________________
Antec 300 | Gigabyte GA-P55M-UD2 | Core i5 750 @ 3.6ghz | Corsair XMS3 4GB 1,600Mhz | XFX HD5850 | 120 GB Corsair Series Force 3 SSD | 2x 1TB Samsung F3 | Titan Fenrir | BenQ G2220HD 21.5" Widescreen | Corsair VX550W
tristanperry is offline   Reply With Quote
Old 26th Nov 2010, 12:09   #11
bogie170
Supermodder
 
Join Date: Aug 2008
Location: Southampton, UK
Posts: 340
bogie170 has yet to learn the way of the Dremel
Sry double post accident.
bogie170 is offline   Reply With Quote
Old 26th Nov 2010, 12:22   #12
mrbens
Supermodder
 
mrbens's Avatar
 
Join Date: Aug 2009
Posts: 511
mrbens has yet to learn the way of the Dremel
Quote:
Originally Posted by Fizzban
I turned UAC off the same day I first installed Windows 7. I'd be pretty surprised if most people didn't.
Same here.
__________________
My SilverStone TJ07B PC: Haswell i5 4670K | MSI Z87-G45 Gaming mobo | 8GB Corsair Vengeance Pro Red 8GB DDR3 1600Mhz | MSI GTX 760 Twin Frozr 2GB | Seasonic X-Series 750W PSU | Crucial M4 128GB SSD | Crucial M225 128GB SSD | OCZ Solid 3 120GB SSD
Sound: Epiphany Acoustics' E-DAC & O2 Heahphone Amp | Little Dot MK III Tube Headphone Amp | Beyerdynamic DT880 Premium 600ohm Headphones (music) | Onkyo HT-S3305B AV Receiver + 5.1 speakers (movies)
mrbens is offline   Reply With Quote
Old 26th Nov 2010, 12:57   #13
NethLyn
Hypermodder
 
NethLyn's Avatar
 
Join Date: Apr 2009
Location: London
Posts: 944
NethLyn should be considered for presidentNethLyn should be considered for presidentNethLyn should be considered for presidentNethLyn should be considered for presidentNethLyn should be considered for presidentNethLyn should be considered for presidentNethLyn should be considered for presidentNethLyn should be considered for presidentNethLyn should be considered for presidentNethLyn should be considered for presidentNethLyn should be considered for president
Well they can't leave people sitting around until 14th December to sort this one out. Doesn't mean they won't, MS tends to take its own merry time over things. Always used to turn UAC off but because of reinstalling so often recently, left it on - if it's pointless at the moment, may get back to leaving it off.
__________________
Intel=Fast, AMD=Cheap.
NethLyn is offline   Reply With Quote
Old 26th Nov 2010, 13:09   #14
shanky887614
Multimodder
 
Join Date: May 2009
Posts: 203
shanky887614 has yet to learn the way of the Dremel
windows 7 uac is the most anoying piece of cr@p i have ever had the misfortune to have installed on my pc

viruses included

a decent firewall that asks your permision to allow programs to accses certain programs and files will definatly block this easily

becaue in order to use this it will have to run and when that happen programs like comodo will be all over it


i pitty any fool who thinks uac and an antivirus is enough (most antivirus programs are signiture bassed so they are useless agasint the worst ones)
shanky887614 is offline   Reply With Quote
Old 26th Nov 2010, 13:57   #15
Phil Rhodes
Hypernobber
 
Join Date: Jul 2006
Posts: 1,230
Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.
What, you mean there's a way to get around UAC?

Please, infect me with this virus!
Phil Rhodes is offline   Reply With Quote
Old 26th Nov 2010, 14:17   #16
Pete J
RIP Kidmod
 
Pete J's Avatar
 
Join Date: Sep 2009
Location: Blighty
Posts: 3,865
Pete J is a Super Spamming SaiyanPete J is a Super Spamming SaiyanPete J is a Super Spamming SaiyanPete J is a Super Spamming SaiyanPete J is a Super Spamming SaiyanPete J is a Super Spamming SaiyanPete J is a Super Spamming SaiyanPete J is a Super Spamming SaiyanPete J is a Super Spamming SaiyanPete J is a Super Spamming SaiyanPete J is a Super Spamming Saiyan
Quote:
Originally Posted by tristanperry View Post
I agree though - UAC is annoying as heck and I also turn it straight off once (re)installing Windows.
Standard practice I think!
__________________
Lian Li PC-P80B / EVGA X79 Dark / i7 4930K @ 4.2GHz (no HT) / Corsair H80i / 4x4GB Avexir Core Blue Series @ 2400MHz 10-12-12-31-2T / 3x SLI EVGA 3GB GTX 780 @1075MHz Core 7000MHz Memory / X-Fi Titanium Professional / 2 x 250GB Samsung 840 / 120GB Vertex 2 / 480GB Vertex 2 / 2TB WD Caviar Green / Silverstone Strider 1500W / Asus PQ321QE / Dell 3007WFP-HC / Headphones TBA / Logitech MK710 and MX3200 / Sidewinder Force Feedback 2 / Datacolor Spyder3 / Win 7 Ultimate x64 / Gigabyte P34G V2
Pete J is online now   Reply With Quote
Old 26th Nov 2010, 14:18   #17
eddtox
Homo Interneticus
 
Join Date: Jan 2006
Location: Maidstone, Kent
Posts: 1,296
eddtox has yet to learn the way of the Dremeleddtox has yet to learn the way of the Dremel
I'm not really sure what people have against UAC. I keep it on its default setting and it hardly ever bothers me. Sure, it won't stop this particular exploit, but I'm sure it offers some degree of protection (if you don't blindly accept everything)
__________________
Check out my big clearout sale - Now with added Kindle
eddtox is offline   Reply With Quote
Old 26th Nov 2010, 15:08   #18
Phil Rhodes
Hypernobber
 
Join Date: Jul 2006
Posts: 1,230
Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.Phil Rhodes is a hoopy frood who really knows where their towel is.
Quote:
I'm not really sure what people have against UAC.
It breaks a lot of scripts, or at least makes it impossible to run them without just OKing a huge number of requesters, thus defeating the object of scripting. You can make the argument that "scripts shouldn't need admin rights" but unfortunately back in the real world, outside a computer science exam, the reality is that they often do. UAC in this scenario seems like Windows adopting absolutely the worst characteristics of Linux, which insists on behaving like everyone's desktop computer is a VAX mainframe from the early 80s and is an absolute disaster.

And on Windows you can't even fix it by typing "sudo bash" when you open a new command window.
Phil Rhodes is offline   Reply With Quote
Old 26th Nov 2010, 16:45   #19
schmidtbag
Hypermodder
 
Join Date: Jul 2010
Location: MA, USA
Posts: 812
schmidtbag - may the hammer of Bindi be bestowed on youschmidtbag - may the hammer of Bindi be bestowed on youschmidtbag - may the hammer of Bindi be bestowed on youschmidtbag - may the hammer of Bindi be bestowed on youschmidtbag - may the hammer of Bindi be bestowed on youschmidtbag - may the hammer of Bindi be bestowed on youschmidtbag - may the hammer of Bindi be bestowed on youschmidtbag - may the hammer of Bindi be bestowed on youschmidtbag - may the hammer of Bindi be bestowed on youschmidtbag - may the hammer of Bindi be bestowed on youschmidtbag - may the hammer of Bindi be bestowed on you
i'm glad i'm a linux user, where it protects you better than UAC would without actually running anything. remember everyone - windows' popularity is a FACTOR why it gets so much malware, but it isn't the only reason. UAC does what unix based OSes do but its more intrusive (in a bad way) and its an actual program, and a good OS will run as few processes as possible to do whatever the user wants. uac has proved to make windows extremely safe to use, but relatively its still just not good enough, even before this incident.
__________________
4.4GHz FX-6300 (on an AM3 board) with C'n'Q on, 8GB of RAM, 2x ATI HD5750, ADATA SP900 64GB SSD, Arch Linux 64 bit.
schmidtbag is offline   Reply With Quote
Old 26th Nov 2010, 16:55   #20
eddtox
Homo Interneticus
 
Join Date: Jan 2006
Location: Maidstone, Kent
Posts: 1,296
eddtox has yet to learn the way of the Dremeleddtox has yet to learn the way of the Dremel
Quote:
Originally Posted by Phil Rhodes View Post
It breaks a lot of scripts, or at least makes it impossible to run them without just OKing a huge number of requesters, thus defeating the object of scripting. You can make the argument that "scripts shouldn't need admin rights" but unfortunately back in the real world, outside a computer science exam, the reality is that they often do. UAC in this scenario seems like Windows adopting absolutely the worst characteristics of Linux, which insists on behaving like everyone's desktop computer is a VAX mainframe from the early 80s and is an absolute disaster.

And on Windows you can't even fix it by typing "sudo bash" when you open a new command window.
Is PowerShell affected by that?
__________________
Check out my big clearout sale - Now with added Kindle
eddtox is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 13:36.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.