(Update: official statement appended to the end of the post)

I’m going to open this post by kindly asking you, the user, to go into the Windows 7 Action Center (Control Panel, System and Security, Action Center), clicking “Change User Account Control settings” and setting it to the maximum setting (“Always notify me when…”).

The reason for why I’m asking you to do this shouldn’t be a surprise. You may have seen the UAC posts by Rafael Rivera and Long Zheng (I’m giving more of the credit to Rafael since he actually brewed the proof of concept code). People saw their posts and immediately assumed that this issue is only relevant for users who download malware. Thus, you hear lots of users saying out loud with no apparent fear of embarrassment:

“La di da, so long as I’m not stupid with what I download, I should be fine!”

Right. Well, Microsoft basically recommends for users to install an antivirus because they don’t actually consider User Account Control to be a security feature. Anyone who knows the purpose of privilege management knows that any system which actively manages privileges is a security feature.

With this in mind, let’s take a look at why the UAC security flaw actually is a security flaw.

Update 2: Steven and Jon posted a second post about UAC today specifically addressing this flaw. Catch their response below the break.

(more…)

Slashdot readers, thanks for visiting. Feel free to chime in here or on the forums.

Mike Nash, former Security Guru and current Client Guru over at Microsoft, has just announced on the Windows Vista Blog that the new name for Windows “7” will be:

Windows 6.1 7

…which makes me wonder why it’s going to be NT 6.1.

It also means that Windows Strata will likely be the codename for the new Cloud OS discussed by Ballmer earlier this month. We’ll carry more about all of this from PDC in two weeks.

Update: Brandon followed up with me on twitter saying it’s the 7th release of Windows, which is ridiculous:

1. Windows
2. Windows 2
3. Windows 3.0
4. Windows NT (NT 4)
5. Windows 2000 (NT 5)
6. Windows XP (NT 5.1)
7. Windows Vista (NT 6)

That’s 7 releases right there, including XP. If XP isn’t counted because it’s Kernel 5.1 (which would bring the total with Windows 7 back down to seven), then why is Windows 7 being counted as the “seventh” release if it’s kernel 6.1? I hope I’m not the only one seeing the naming problem here.

Kernel increments are used mostly for application compatibility purposes, but still, the logic is lost upon us as most people would count XP as a semi-major release in comparison to 2000. I hope the guys at the Blog have an update, because this is weird.

More potential views of how this could have worked (Update 2: as well as Mike’s clarification) after the break.

(more…)