Developers claim Vista UAC 'bypass'

Software developers from NeoSmart, a not-for-profit technology-development organisation, claim they have successfully bypassed User Account Control, a security feature in Windows Vista.

The developers suggested on their website over the weekend the feature was "only there to give the impression of security". Critics, however, have said that, by coding around User Account Control (UAC), the developers had simply done what Microsoft had intended them to do.

Vista: all the coverage...

1. Windows Vista SP1 finally a go

2. Microsoft slashes Windows Vista price tag

3. Microsoft: 'These programs won't work after Vista SP1…' 4. Some to get Vista SP1 this week

5. Vista SP1 finally ready for manufacture

6. Do US businesses want Vista at last?

7. Microsoft refreshes Vista SP1

8. Don't put Vista in schools, says education agency

9. Details of Vista SP1 revealed

10. Vista: Piracy rates half the level of XP, says Microsoft

UAC is a controversial feature of Vista designed to stop users from installing or executing arbitrary code. Many see it as a hindrance to performing everyday tasks, as it requests confirmation for many actions where no user confirmation was needed in Vista's predecessor, XP. UAC does not request these confirmations from users with administrator privileges, but, in Vista, users do not have this status by default.

The NeoSmart developers are behind a tool, iReboot, which helps users choose the operating system they would like to reboot into. UAC had stopped the application from running at start-up, but the developers now claim to have bypassed UAC by splitting iReboot into two. One of the parts, running in the background, has privileged access to the operating system without requiring administrator approval each time the machine boots; the other part, running as a client program, interacts with this back-end service.

As the developers were able to grant the back-end part of the program privileges to run without express user approval every time the machine starts up, they claimed Windows Vista's security limitations were "artificial at best, easy to code around, and only there to give the impression of security".

The developers in a blog post: "Any program that UAC blocks from starting up 'for good security reasons' can be coded to work around these limitations with (relative) ease. The 'architectural redesign' of Vista's security framework isn't so much a rebuilt system as much as it is a makeover, intended to give the false impression of a more secure operating system."

However, some individuals posting comments in reply to the blog post disagreed that UAC is an "artificial" security feature. One wrote: "You haven't coded around [UAC blocks]. Your users have granted your application administrator privileges during installation. Game over…Once you've acquired administrator rights, the machine is yours and UAC's role is done."

Another blog post said UAC had been expressly designed to force independent software developers to write code which would work in this way. He wrote: "This is a perfect example of what UAC was actually invented for - to force developers to write software that works for people who aren't logged in as an administrator. Good thing too."

These comments echoed earlier statements by Microsoft product unit manager David Cross, who said in a speech at the RSA Conference in San Francisco earlier this month that UAC was deliberately designed to "annoy users", in order to put pressure on third-party software makers to make their applications more secure.

Microsoft had not responded to a request for comment at the time of writing.

Original article: Coders claim bypass of Vista security feature from ZDNet UK