Since Windows Vista, there is a security feature built-in to Windows called User Account Control which is supposed to help prevent potentially harmful programs from making changes to your computer. One example is if you try to open registry editor (regedit) with UAC enabled, a User Account Control window will open asking you “Do you want to allow the following program to make changes to this computer?”
However if there is a program or even a virus that automatically tries to secretly make changes to your registry such as adding a new value to HKLM autorun, then it will be automatically blocked. It will only work if you disable UAC or right click on the program/virus and select Run as administrator. The same thing goes for copying of files. If you manually copy a file to the the root of your C: drive, Program Files, Windows, the action is temporarily denied with a “Destination Folder Access Denied” window saying “You’ll need to provide administrator permission to copy to this folder”. Only after clicking the Continue button will allow the file to be copied. So if a virus tries to hide by copying itself to another location such as Windows, the action is automatically blocked keeping your computer safe.
I recently found out that UAC can be easily bypassed even on the latest Windows 7.
This is what most viruses do. When run, they surely add an auto startup location where it will be activated automatically when Windows is booted up. There are many auto startup locations and one of the best tool to reveal them is Sysinternals Autoruns. Be very careful in using Autoruns because disabling the wrong option can cause Windows to be unbootable. Next the virus copies itself to a deep location on the hard drive to avoid detection. Then probably it does other things such as downloading more viruses and installing on your computer, and disabling access to msconfig, regedit, cmd, task manager and etc…
If you think that the UAC in Windows 7 is able to block all, then you are wrong. Somehow Microsoft has left a few holes in the UAC feature allowing virus/software to add to auto startup and dropping the files somewhere on the hard drive even with UAC enabled. This is probably for the convenience for third party software installations but can be abused.
The registry path below is one of the most common way that a software or malware adds itself to autostartup. Since it is HKCU, the program only starts up on the specific user and not all. HKLM is however blocked when UAC is enabled.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
The “Application Data” or %appdata% folder is mostly used by software to store its data for the logged on user. One of such example is Mozilla Firefox profiles are stored in Application Data folder.
User Account Control in Windows 7 does keep your computer safe in some level but not totally. I personally disable UAC because I prefer not to be bugged by the annoying warning windows every time I access the registry, install software, configure settings and etc. But for not so experienced users, they should definitely keep UAC enabled.
Hey! My friends, If you like my post you can save it using "Save Page as PDF" button below and you can even share them to your friends with social networking buttons provided below this post.
0 comments:
Post a Comment
Drop your Messages and Comments Here!! Comments are welcomed in both Nepali as well as English languages. Please don't spam! Spam messages would be immediately deleted by me. If you have any query I will try to give feedback as soon as possible. Thanks for Visiting My Blog.