Microsoft tightens Windows 7 security at behest of bloggers |
Connect with TechFlash on our Facebook page for all the latest technology news headlines and commentary, plus information and access to special events, photos from events, promotions and more.
Today On Techflash
- Startup of the Week: LocalBonus aims at 'buy local' movement
- Seattle webcomic The Oatmeal generates Tesla-Edison controversy
- Amazon falls on world's most valuable brand list; Microsoft at No. 5
- Former Yahoo CEO Scott Thompson resigns from F5 board
- 350 million Windows 7 devices to be sold this year: Microsoft
- Microsoft rolls out facial recognition for Windows Kinect
Mass High Tech
- Microsoft Build: Windows 8 preview a hit, but are investors unhappy?
- Build an app in a day at Mobile App Hackathon
- Beefed-up Skype for Windows; Indie author joins Amazon's 'Kindle Million Club'
- Only solution to Xbox 360 update error is new console
- Ballmer: Windows Phone update 'Mango' has over 500 new features
Microsoft tightens Windows 7 security at behest of bloggers
Microsoft's top Windows engineers today promised to make a pair of changes to shore up Windows 7 security -- showing that it's possible for a pair of tech-savvy bloggers in their 20s to put a giant company on the right course, even if it initially balks.
In a post this afternoon on the Engineering Windows 7 blog, Microsoft's Steven Sinofsky and Jon DeVaan said the company would make changes in Windows 7's User Account Control (UAC) feature to address problems pointed out by Windows enthusiast blogger Long Zheng and his "developer sidekick" Rafael Rivera.
UAC prompts users when changes are made to their computer, helping to keep malicious programs from operating undetected. It was dialed back in Windows 7 after users complained about excessive prompts in Windows Vista. However, Zheng and Rivera found that the changes went too far, allowing a third-party program to disable UAC without the user knowing.
The problem was that the Windows 7 default notifies users when a change is made by a third-party program, but not when the user makes a change to the Windows settings. UAC itself is considered a Windows setting. Zheng and Rivera discovered that a third-party program could emulate keyboard shortcuts to switch off UAC, without the user's knowledge, opening the door to malicious programs.
Initially, Microsoft defended its approach, pointing out that user consent would still be required to install the third-party program in the first place. In a post yesterday, DeVaan outlined the company's stance without promising changes. However, in a follow-up today, he and Sinofsky said two changes will be made in the release candidate of Windows 7:
With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation.
Via IM, I asked Zheng if the changes address his concerns. "Absolutely," he replied.
If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.
TechFlash Team
Recent Sponsor Posts
Follow, like, and connect to a broader audience for your company!
The Puget Sound Business Journal announces Social Madness: A Corporate Social Media Challenge, presented by Capital One Spark Business. This a local and national challenge that will spotlight the best social media programs of companies in 43 cities. The local challenge begins (following the nomination period) on June 1, 2012. The promotion will culminate in a national bracket challenge that will crown Social Madness champions in 3 categories based on company size. To see the official rules, visit http://www.socialmadness.com/rules.
For more information on how your company can participate, visit the nomination page here. Nominations are due May 15th.
BizDev Seminar Series - Leadership: Rallying People to a Brighter Future
Join us for this one-of-a-kind seminar series where you hear directly from the experts about hot topics to grow your business.
The skills to be effective as a leader can be learned. What are the skills and attributes needed to be effective top leaders? How do you tell what level your people are at, and what development skills each person needs? Workshop attendees will learn the answers to these questions and more.
Tuesday, May 17, 2012
8:30am - 10:30am
The Harbor Club, Seattle
Register here.
