Security Flaws in Windows 7 and Potential Loop-Holes for Exploit
Essay by bhrt.22 • July 16, 2016 • Research Paper • 425 Words (2 Pages) • 1,107 Views
Essay Preview: Security Flaws in Windows 7 and Potential Loop-Holes for Exploit
Security Flaws in Windows 7 and potential loop-holes for exploit:
The user-account control (UAC) privileges in Windows 7 has drawn debates for security issues, and why not as it is an extremely sensitive issue. UAC in Windows 7 is a feature which prompts a user for admin privileges for any new app / software that has to be installed. This is not because of the fact that every single app / software (and likewise every single feature in it) would require an admin privilege, but it just makes the job of a developer easy as one single privilege prompt can determine what functionalities that app can perform when on the OS.
A classic example in this case is of Pink Buster which is a game that demands admin privileges only once, i.e. prior to installation for all the functionalities in the game. This exposes to huge level of risk as now the game has complete admin privileges from the user to perform absolutely any functionality. If the game developer deploys a malware or hacking code on the system, then he can run it without any further permissions because the app only prompted for admin privileges for all the features and functionalities only once.
This clearly is huge risk and can be very dangerous from a security standpoint and calls for restructuring of the UAC mechanism. It should be restructured in such a way that the certain features of the app should require admin privileges and certain work under ‘non-admin’ or guest privileges for that particular instance or session.
Scale of sensitivity of the issue:
As this clearly is a very dangerous issue, it seems quite paradoxical as the way Microsoft comes in response for this security flaw. There is always a prompt message displayed before installation of any app / software that it is risky to install third party apps onto the PC, but it seems like this is an easy way out. Perhaps Microsoft should strike balance between the risk this flaw exposes with what it can do to come up with a framework / model that can tackle the level of privileges of UAC with the features.
...
...