[PCWorld]

Post your comments for Two-step Windows Vista UAC Hack Published here

[jhaks]

Instead of spinning this information you should try to point out how this "attack" really works. The problem with this is that the attack does require UAC elevation. (the recent vulnerability really was a security hole because it was able to subvert UAC without direct elevation)"By authorizing the higher-level program the user also authorizes the malicious code."UAC lets the user decide what gets to access critical parts of the system. For example, a pacman game should never need elevation. If pacman requests admin privileges then there is a problem. If the user is stupid enough to grant pacman system wide access there is an even bigger problem.UAC catches these elevations and lets the user decide. UAC doesn't make the system impervious and it isn't a boundary that is impenetrable; in the end the user makes the final decision.

[CredulousDolt]

where to begin? first of all, the install will prompt the uac to intervene, even for pacman. even when running in standard user mode, it's a clear path to elevated permissions; and people are, in fact, stupid; and uac is so pervasive and intrusive that users are rendered more stupid: they dismiss the thing just to dismiss the thing and be done with it, for now. so, the entirety of your point rests on two indefensible assertions: no one will ever write an installer that piggy-backs anything malicious on anything innocuous; people will always be sensible, even when the os itself compels unwise behavior. If, as you write, "UAC lets the user decide what gets to access critical parts of the system," then it is indeed not any kind of security measure at all. Microsoft's own marketing likes to blur the picture for consumers, suggesting that it will, in fact, make their computers more secure; and it is, in some of its manifold incarnations, a consumer os. naughty, naughty.