No, the UAC prompt may not happen. UAC prompting only happens for specific programs that are recognized as needing elevation. It does NOT happen for every API call that might fail if not elevated.
Yes, the malware writers could make their malware smart enough to cause the UAC prompt and gain elevation, but that's not my point. My point is that plenty of malware that succeeds for admin users under XP will fail for admin users under Vista/7 because UAC is enabled, and the user will not be prompted to override that protection. Carl -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, October 08, 2010 5:17 PM To: NT System Admin Issues Subject: Re: Interesting run-down on Stuxnet from F-Secure On Fri, Oct 8, 2010 at 4:51 PM, Carl Houseman <c.house...@gmail.com> wrote: > UAC prompting isn't the major benefit of UAC. The major benefit is that, for > admins, programs that aren't admin-by-nature run without admin rights. If > the admin user runs a malware executable that tries to write something to a > protected file/registry area, it will fail (unless it also exploits a > privilege escalation bug). The "privilege escalation bug" in this case would be the user clicking "Allow", is my point. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
