A New UAC Bypass Method

Discussion in 'other security issues & news' started by CloneRanger, Feb 14, 2015.

  1. CloneRanger

    CloneRanger Registered Member

  2. Rasheed187

    Rasheed187 Registered Member

    Yeah, I wouldn't rely on UAC for real security.
     
  3. TairikuOkami

    TairikuOkami Registered Member

    Well UAC is not bulletproof, but it still protects against more then 90% exploits, that is better, that what Windows Defender does, or does not. :rolleyes:
     
  4. Nebulus

    Nebulus Registered Member

    This method shouldn't work against UAC set to "Always notify".
     
  5. 142395

    142395 Guest

    Sure, another reason to keep UAC setting max.:)
     
  6. cruelsister

    cruelsister Registered Member

    UAC even at max (Always Notify) will only notify against malware that requests elevated privilege (Administrator-level privilege). As the vast majority of malware never request such elevation, UAC is not useful against them.

    One should understand that UAC at max will in the majority of cases provide only a false (and inconvenient) feeling of security than providing any real world protection.
     
  7. 142395

    142395 Guest

    UAC doesn't consist security boundary, nor even security feature. But it brings some security "as a consequence" by encouraging use of LUA for both of dev & user.
    Tho there're many user mode malware, still what they can do are limited compared to kernel mode malware or malware with admin privilege. Also if more devs avoid giving unnecessary privileges for their apps the damage when those apps are exploited will be smaller.

    I saw some people regard UAC as a kind of HIPS, which definitely wrong. You shouldn't solely rely on UAC, it can't be comparable to HIPS nor meant to protect vital areas from alteration by itself. Integrity level itself also doesn't consist security boundary.

    As to inconvenience, on Linux I have to type password when I use sudo, but the difference is Linux can temporary remember it so I don't need to type password every time, but as my setup don't require me to type it 10+ times a day on average so I don't feel any inconvenience so far.
     
  8. Nebulus

    Nebulus Registered Member

    I agree, but this thread is about a method to bypass UAC, not about malware that never request elevation. And in this case, setting it to max solves the given problem.
     
  9. Rasheed187

    Rasheed187 Registered Member

    I agree with this, the reason why I mentioned "HIPS vs UAC" in some other thread, was because I felt a certain member was implying that it was a good alternative to HIPS, but that doesn't make any sense.
     
  10. MrBrian

    MrBrian Registered Member

  11. Drew99GT

    Drew99GT Registered Member

    I've read that if you set UAC to the highest setting (Always Notify), pretty much all malware will be stopped if it tries to auto execute. Does anyone know if that's true?
     
  12. J_L

    J_L Registered Member

  13. TairikuOkami

    TairikuOkami Registered Member

    Pretty much yes, because most users either use it at default setting or they turn it off. It has been proven to stop various malware over the years.
     
  14. Minimalist

    Minimalist Registered Member

    UAC doesn't control execution, only privilege elevation.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice