On Tuesday, 24 May 2016 at 09:46:28 UTC, wobbles wrote:
The fact the 'security' feature is done on the name of a file and therefore so easily circumvented means it's not a 'security' feature at all, and only an annoyance!
Elevation heuristics is not a security feature indeed, it only improves security UX. If an installer runs nonelevated, it will fail halfway through, which is bad UX, the solution is to run it elevated from the beginning, the system detects the need for elevation when the process starts. A proper way to do it is to inform the system whether the process needs elevation, it's done in a manifest, but old installers don't have manifest, so they are detected heuristically.
