Windows 7 security feature knocked by experts
Thursday, October 22, 2009
With the arrival today of Microsoft's much-hyped new operating system Windows 7 on retail shelves and online stores, security experts said the OS contains a carry-over from Vista in the form of User Account Control (UAC) that could pose security risks.
UAC's default setting in Windows 7 alerts users with a pop-up when a change is being made to the OS by third-party applications, an improvement over the feature in Vista, which issued pop-up warnings for any change to the system, which impacted usability.
But security experts have warned that the UAC default settings could be exploited by malware that is designed to turn off UAC, while security researchers have seen malware that attempts to spoof UAC notifications to get users to elevate privileges, CNET News reported.
Security researcher Ray Dickenson explained on the SafeCentral Blog that changes to UAC in Windows 7 make it easier for a Trojan malware that infiltrates the PC to turn off the UAC notification.
Researchers said the greatest malware threat remains cyber attacks from the web - through compromised websites that leave users open to "browse-and-get owned" drive-by attacks and Trojans hidden in executable files. Anti-virus filters can't always recognize those attacks.
Related News:
UK cops arrest two in Zbot Trojan case - 11.19.2009
The British Metropolitan Police took two suspected cyber criminals into custody earlier this month in connection with an investigation into the Zbot banking Trojan.
Facebook shakes up privacy policy in response to criticism - 11.19.2009
After a week-long comment period in which 7,000 Facebook users voiced their opinions, the giant social media network announced that it would overhaul and simplify its privacy policy.
Domain registrar VeriSign will receive "major security update" by 2011 - 11.19.2009
A well-known security vulnerability in the way .com and .net websites process DNS values - the way alphanumeric website names are translated into numeric web addresses - will be fixed, but not until 2011, according to a report from tech news website ZDNet.
Malware attack targeting fans of Twilight series - 11.18.2009
As with many recent hot news trends, the upcoming release of the second movie based on Stephenie Meyer's Twilight books has attracted the attention not just of the vampire wannabes, but of actual cyber criminals as well.
Giant black-hat SEO campaign funnels victims to scareware sites - 11.18.2009
Security researchers say that cyber criminals have conducted a large-scale campaign to influence Google results, pushing malware-spreading sites higher on the list and dropping legitimate results to the bottom.
|
