Naive Vista Security Based on Program Name

Oh, you’ve got to be kidding me. About the only upside to this story is that changing names changes the required privileges, it does nothing in terms of actually granting escalated privileges. Still, it seems like an intensely naive assumption, even with negligible actual security impact.

The article mentions that savvy malware authors will simply rename their installers to bypass the check, though this means foregoing administrative privileges. I worry that with the callous most Windows’ users develop when it comes to the privilege nagging, that a sly author will actually work the situation the other way.

Imagine a benign looking program that presents itself as an installer, updater or uninstaller but contains a vicious trojan. The naive user clicks OK to suppress the incessant system nags and in so doing lets a bit of malware get explicit elevated privileges, not through an exploit but by gaming a silly tact for flagging what needs which rights. Not really very far fetched and may already be happening.

Technorati Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *