A New UAC Bypass Method

Discussion in 'other security issues & news' started by CloneRanger, Feb 14, 2015.

  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yeah, I wouldn't rely on UAC for real security.
     
  3. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    Well UAC is not bulletproof, but it still protects against more then 90% exploits, that is better, that what Windows Defender does, or does not. :rolleyes:
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    This method shouldn't work against UAC set to "Always notify".
     
  5. 142395

    142395 Guest

    Sure, another reason to keep UAC setting max.:)
     
  6. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    UAC even at max (Always Notify) will only notify against malware that requests elevated privilege (Administrator-level privilege). As the vast majority of malware never request such elevation, UAC is not useful against them.

    One should understand that UAC at max will in the majority of cases provide only a false (and inconvenient) feeling of security than providing any real world protection.
     
  7. 142395

    142395 Guest

    UAC doesn't consist security boundary, nor even security feature. But it brings some security "as a consequence" by encouraging use of LUA for both of dev & user.
    Tho there're many user mode malware, still what they can do are limited compared to kernel mode malware or malware with admin privilege. Also if more devs avoid giving unnecessary privileges for their apps the damage when those apps are exploited will be smaller.

    I saw some people regard UAC as a kind of HIPS, which definitely wrong. You shouldn't solely rely on UAC, it can't be comparable to HIPS nor meant to protect vital areas from alteration by itself. Integrity level itself also doesn't consist security boundary.

    As to inconvenience, on Linux I have to type password when I use sudo, but the difference is Linux can temporary remember it so I don't need to type password every time, but as my setup don't require me to type it 10+ times a day on average so I don't feel any inconvenience so far.
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,635
    Location:
    European Union
    I agree, but this thread is about a method to bypass UAC, not about malware that never request elevation. And in this case, setting it to max solves the given problem.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I agree with this, the reason why I mentioned "HIPS vs UAC" in some other thread, was because I felt a certain member was implying that it was a good alternative to HIPS, but that doesn't make any sense.
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  11. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    340
    Location:
    Colorado Springs
    I've read that if you set UAC to the highest setting (Always Notify), pretty much all malware will be stopped if it tries to auto execute. Does anyone know if that's true?
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
  13. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    Pretty much yes, because most users either use it at default setting or they turn it off. It has been proven to stop various malware over the years.
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    UAC doesn't control execution, only privilege elevation.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.