http://www.tgdaily.com/content/view/41263/108/ Trev

Yep, I've already made a fuss about this.In my opinion, all changes to the UAC prompting level should be treated as a special case, such that ANY change to the level, regardless of the current level or the account type, should generate a full UAC prompt (with password field).This will be a trivial nuisance. Most people will just leave it at its default. The vast majority of those who want to change it will do so only once, and then leave it.Somebody in Microsoft has argued that UAC isn't a "security boundary". The point is, MS has a very specific definition for that, and it's true that UAC doesn't come under that banner. However, it most assuredly IS a security FEATURE, and unfortunately it has now been rendered effectively useless.I urge you to use the Send Feedback facility to raise the profile of this.

I think the UAC feature is indeed a security tool. I like the idea of being notified if a change to my computer is about to be made. I like it alot !!I have mine set to it's highest level, as I do want to be notified if somehow my computer is being hacked.I can always turn it down while I'm installing programs, if I want. The UAC feature in Vista was a big selling point for me. It makes sense, and is very effective.

I agree with Thack...this is indeed a security FLAW, and needs to be resoved. Allowing ANYTHING to automatically reduce the level of UAC without requiring user intervention is a security hole. Now that its common knowledge thanks to all the raving bloggers on the net, it will definitely be a problem once Windows 7 hits the main stream. Malware, virii, and trojan authors will exploit this to the extreme because the mechanism of how has been thouroughly broadcast to every malicious freak out there. Regardless of whether the UAC settings in Win7 are by design or not...it is now a flaw simply because an exploit has been identified, exploited by an example, and shared to the entire world.Regardless of how Microsoft wants to play this from a PR perspective, they NEED to suck it up andlisten to their users on this. The solution to the problem is extremely simple, as dozens of people on blogs all over the net have stated: Keep the setting the same and don't notify of changes to settings, EXCEPT when UAC is changed. You don't even need to be notified every time UAC is changed...if the security level is elevated by a script, then harm can't be done. Only notify us when the UAC level is reduced...always, regardless of the method of how it was reduced. It might even be prudent to have a special UAC popup that FORCES the user to notice, so they don't simply click past it like many users do for all other UAC popups. That would solve the problem quite nicely...keeping annoyance to a minimum, but plugging the now gaping security hole that (while it may not have "existed" a few days ago since no one knew about it, definitely exists today).

They have listened to their users. All the ones that complained about UAC.

If listening to users means creating a flawed implementation with a gaping security hole, then Microsoft deserves whats coming to them. It this is the attitude Microsoft has about Windows 7, their saving grace will quickly become another flop, just like Vista. Windows 7 has tremendous potential...do they not realize this one thing can completely and totally destroy the image they are trying to create for Windows 7? They can still solve the problems that made people ____ about UAC in Vista, without leaving a security flaw in Windows 7, if they CONTINUE to listen to their users. I already explained the solution in my previous post...its not mutually exclusive with solving the problems from Vista.

Trevor dunne said: http://www.tgdaily.com/content/view/41263/108/ Trev I would be more woried how a script was running on my system applying send keys - by the time UAC could flag this you system would be riddeled with malware...now this runddl32issue if correct isa flaw and a major one..http://www.theregister.co.uk/2009/02/04/windows_uac_flaw/Edit: Apparantly the piggy backing code has been fixed in internal builds..