AutoHotkey Community
It is currently May 27th, 2012, 8:16 am

View unanswered posts | View active topics


Board index » General » Offtopic

All times are UTC [ DST ]



Post new topic Reply to topic  Page 2 of 2
  [ 19 posts ]  Go to page Previous  1, 2
  Print view | E-mail friend Previous topic | Next topic 

If you are using Windows 7, what's your User Account Control (UAC) level?
1. from the top (always notify)
2. from the top (default level)
3. from the top
4. from the top (never notify)
You may select 1 option
View results
Author Message
nimda
 Post subject:
PostPosted: January 19th, 2012, 1:12 pm 
Offline

Joined: December 26th, 2010, 7:40 pm
Posts: 4172
Location: Awesometown, USA
@fragman:
No, but I know that when a certain keylogger hit my system, it replaced some .dll's in the System32 folder without showing a dialogue...
These were then injected into running processes to make the files undeleteable...
Using Process Monitor I was able to discover both .dll's and the .exe that were in use, then I booted from what I had at hand (an Ubuntu flash drive) and deletd them.

@#: definitely number 3, unless there's a way to modify System32 without admin rights? UAC was on at the time.


I did go for a happy several (4?) months without infection before turning off UAc

_________________
Autofire, AutoClick, Toggle, SpamWindow Control Tools
Recommended: AutoHotkey_L


Report this post
Top
 Profile  
Reply with quote  
fragman
 Post subject:
PostPosted: January 19th, 2012, 1:17 pm 
Offline

Joined: October 13th, 2009, 10:09 pm
Posts: 1389
nimda wrote:
No, but I know that when a certain keylogger hit my system, it replaced some .dll's in the System32 folder without showing a dialogue...
These were then injected into running processes to make the files undeleteable...
Using Process Monitor I was able to discover both .dll's and the .exe that were in use, then I booted from what I had at hand (an Ubuntu flash drive) and deletd them.


That would be using an exploit then. This is nothing that UAC could have helped with.
If you have UAC turned off all programs will run as admin and will be able to do the things you mentioned without using exploits though.


Report this post
Top
 Profile  
Reply with quote  
nimda
 Post subject:
PostPosted: January 19th, 2012, 1:38 pm 
Offline

Joined: December 26th, 2010, 7:40 pm
Posts: 4172
Location: Awesometown, USA
fragman, I'm afraid I don't understand.
Your comment to me sounds like "It was an exploit. Therefore, it's not UAC's fault."
So there are exploits around UAC, which render it absolutely useless. I don't see how it's not UAC's fault for failing to protect the System32 folder...

_________________
Autofire, AutoClick, Toggle, SpamWindow Control Tools
Recommended: AutoHotkey_L


Report this post
Top
 Profile  
Reply with quote  
fragman
 Post subject:
PostPosted: January 19th, 2012, 4:13 pm 
Offline

Joined: October 13th, 2009, 10:09 pm
Posts: 1389
That's not an exploit around UAC but around the user management of windows.

UAC is mainly a mechanism that runs all processes as normal user (non-elevated) by default and provides a means for processes to request elevation.


Report this post
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 2 of 2
  [ 19 posts ]  Go to page Previous  1, 2

Board index » General » Offtopic

All times are UTC [ DST ]

Who is online

Users browsing this forum: tomoe_uehara and 6 guests

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Group