A New UAC Bypass Method

Discussion in 'other security issues & news' started by CloneRanger, Feb 14, 2015.

  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Yeah, I wouldn't rely on UAC for real security.
     
  3. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Well UAC is not bulletproof, but it still protects against more then 90% exploits, that is better, that what Windows Defender does, or does not. :rolleyes:
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This method shouldn't work against UAC set to "Always notify".
     
  5. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Sure, another reason to keep UAC setting max.:)
     
  6. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    976
    Location:
    Paris
    UAC even at max (Always Notify) will only notify against malware that requests elevated privilege (Administrator-level privilege). As the vast majority of malware never request such elevation, UAC is not useful against them.

    One should understand that UAC at max will in the majority of cases provide only a false (and inconvenient) feeling of security than providing any real world protection.
     
  7. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    UAC doesn't consist security boundary, nor even security feature. But it brings some security "as a consequence" by encouraging use of LUA for both of dev & user.
    Tho there're many user mode malware, still what they can do are limited compared to kernel mode malware or malware with admin privilege. Also if more devs avoid giving unnecessary privileges for their apps the damage when those apps are exploited will be smaller.

    I saw some people regard UAC as a kind of HIPS, which definitely wrong. You shouldn't solely rely on UAC, it can't be comparable to HIPS nor meant to protect vital areas from alteration by itself. Integrity level itself also doesn't consist security boundary.

    As to inconvenience, on Linux I have to type password when I use sudo, but the difference is Linux can temporary remember it so I don't need to type password every time, but as my setup don't require me to type it 10+ times a day on average so I don't feel any inconvenience so far.
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I agree, but this thread is about a method to bypass UAC, not about malware that never request elevation. And in this case, setting it to max solves the given problem.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    I agree with this, the reason why I mentioned "HIPS vs UAC" in some other thread, was because I felt a certain member was implying that it was a good alternative to HIPS, but that doesn't make any sense.
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  11. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    I've read that if you set UAC to the highest setting (Always Notify), pretty much all malware will be stopped if it tries to auto execute. Does anyone know if that's true?
     
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  13. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Pretty much yes, because most users either use it at default setting or they turn it off. It has been proven to stop various malware over the years.
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,068
    UAC doesn't control execution, only privilege elevation.
     
Loading...