Contrite Microsoft to beef up Windows 7 security

 

Gallery

By Stuart Turton

Posted on 6 Feb 2009 at 09:27

Microsoft will change the way User Account Control works in Windows 7, as it attempts to calm fears over a possible security flaw.

After a barrage of criticism regarding the way UAC was implemented in Vista, Microsoft decided to tone down the level of nagging in Windows 7's UAC.

However, security experts have argued that Microsoft has now gone too far and opened up the operating system to malware. They claim that because of the lack of prompts, malicious software could turn off UAC completely and the user would be none the wiser.

Microsoft initially denied the reports, claiming the lack of prompts did not represent a "security flaw". This failed to quell the dissent, and it has now responded with an apology and a simple modification to the way UAC works in Windows 7.

"When we started the blog we were both excited and also a bit uneasy," write Steven Sinofsky and Jon DeVaan, Windows 7's chief engineers, on the Microsoft blog. "The excitement is obvious. The unease is because at some point we knew we would mess up."

"We weren't sure if we would mess up because we were blogging about a poorly designed feature or mess up because we were blogging poorly about a well-designed feature. To some it appears as though with the topic of UAC we've managed to do both."

The candid blog post continues with Sinofsky explaining the community has persuaded it to make a simple change to the way UAC is handled in Windows 7.

"With this feedback and a lot more we are going to deliver two changes to the Release Candidate that we'll all see," the pair wrote.

"First, the UAC control panel will run in a high-integrity process, which requires elevation. That was already in the works before this discussion...Second, changing the level of the UAC will also prompt for confirmation."

Microsoft has announced there will be no further betas of Windows 7, with a Release Candidate expected as early as the end of this month.