"Gumby" <gumby@is.cool> wrote in message
news:GLV_j.298201$pM4.162330@pd7urf1no...
> Han <nobody@nospam.not> wrote in
> news:Xns9AAA4B3444533ikkezelf@130.81.64.196:
>
>>In such cases, even UAC does nothing to protect you.
>
> Wrong.
>
> http://www.hardocp.com/news.html?new...VzaWFzdCwsLDE=
>
> Looks like Vista’s much-maligned User Access Control or UAC has one
> benefit
> for a savvy user: it can detect rootkits before they install. AV-Test.org
> conducted a test of popular antivirus programs to see how well they
> detected rootkits and the tester had to turn off UAC on the Vista test
> systems because it detected every rootkit used in the test.


UAC does not stop rootkits. Running as a standard user stops some rootkit
installers. UAC allows older applications not designed to run as a standard
user to run as a standard user. It's a subtle point but an important one.
UAC didn't detect the rootkits. It detected that a process was trying to
change a protected system area. Unprotect the system area and UAC would have
happily allowed the process to do whatever it wanted. UAC is not really a
security feature. It is a method to allow unsecure programs to run in a more
secure environment than they expect.

--
Kerry Brown