14 DAY TRIAL // The question whether the Windows Vista security model is a big joke was put forward by Joanna Rutkowska, a computer security researcher that has performed a malware code injection with the Blue Pill rootkit in 64-bit Windows Vista after bypassing PatchGuard. Rutkowska has recently published an extended analysis of the User Account Control in Windows Vista.
Her analysis revealed that the Windows Vista UAC implementation contains bugs that allow for a low integrity process to hijack a high integrity level command prompt, rendering the UAC useless. Mark Russinovich, a Technical Fellow in Microsoft's Platform and Services Division, in an attempt to clarify the issue, said that the bug is not a security vulnerability.
"Because elevations and Integrity Levels don't define a security boundary, potential avenues of attack, regardless of ease or scope, are not security bugs. So if you aren't guaranteed that your elevated processes aren't susceptible to compromise by those running at a lower IL, why did Windows Vista go to the trouble of introducing elevations and ILs? To get us to a world where everyone runs as standard user by default and all software is written with that assumption," Russinovich explained.
Rutkowska then replied: "Is this supposed be a joke? We all remember all those Microsoft's statements about how serious Microsoft is about security in Vista and how all those new cool security features like UAC or Protected Mode IE will improve the world's security. And now we hear what? That this flagship security technology (UAC) is in fact? not a security technology!"
Rutkowska emphasized the UAC design which assumes that all executables should be run elevated and the bugs inherent to the UAC implementation, that are in fact security flaws.