Trick allows malware to execute with administrator rights on Windows

vbimport

#1

We’ve just posted the following news: Trick allows malware to execute with administrator rights on Windows[newsimage]http://static.myce.com//images_posts/2015/05/regedit-uac-prompt-95x75.png[/newsimage]

Unless users properly read the User Access Control (UAC) in Windows, there’s no guarantee that malware isn’t executed with administrator rights. Researchers have developed malware that can trick users into manually providing administrator rights to malware.

            Read the full article here: [http://www.myce.com/news/trick-allows-malware-to-execute-with-administrator-rights-on-windows-76133/](http://www.myce.com/news/trick-allows-malware-to-execute-with-administrator-rights-on-windows-76133/)

            Please note that the reactions from the complete site will be synched below.

#2

The attack has to be tailored to the process the user starts. The researchers have created two examples for Windows processes, a command line tool and software that edits the registry, but according to the researchers also other processes can be abused.

This is why you password protect the Admin account on Windows Vista, 7, 8/8.1 and make a Standard User account and use that so you will avoid all this pitfall. This will more or less top malware installation and stop registration editing if they aren’t Admin user. This is something Windows user should know by now and if not then they deserve to get hit by the malware infection…

Users can defend themselves by properly inspecting the UAC warning and by clicking on more information to see for what permission is asked.

They don’t need advance knowledge …

  1. Make Admin account password protected this will prevent authorized install without the password to confirm
  2. Make Standard user account that way if something wants to install it will require the Admin Password to install and that will block it.

It not that hard…IT have been telling computers user already DON’T use the ADMIN as your primary account or else you will get malware and this seems to fall on death ears. Even my families laptop I make two acccounts the ADMIN password protected and the Standard user-this way no installs or update can happen unless the ADMIN knows what it is.


#3

@Coolcolors … this malware triggers when a user is opening a program that requires ADMIN rights … and the user is expecting the admin request for the program they opened …Â

Extreme diligence is required,


#4

[QUOTE=debro;2754441]@Coolcolors … this malware triggers when a user is opening a program that requires ADMIN rights … and the user is expecting the admin request for the program they opened …

Extreme diligence is required,[/QUOTE]

Exactly this is why with ADMIN password protected as I said they will have to think about what is being installed and if they aren’t the ADMIN user like their parents computer then they will not be able to install malware or another spouse doesn’t have the ADMIN password that further protects install not permitted. Programs like that can’t install unless they give it the password and for those not password protecting their ADMIN account deserves to get malware infected. How users these day and age do not see all the news report and think oh maybe I should update my security to protect my computer-it’s out there the help and how to do it it’s do they take the time to learn about it or have others show them to do it the right way to protect their computers. This is a choice they will have to make and malwares will love them for it if they don’t listen/learn about their system protection. But as with anything if you don’t want to take the time to secure it like your HOME or Car then you can expect the worse to come forward. A little education on computer can go along way to help you understand it more.


#5

I hate to use the word “deserve” when talking about mistakes computer users make, even if most others know better. After all, weren’t we all newbs at one point? To say that someone deserves an infection for a simple lack of knowledge means we all deserve malware.

However, I do agree with the fact that people should be paying attention to actual news (as opposed to meaningless, often celebrity-oriented news) to lean more about the issues that they might face, both as individuals and as a society. But, in many cases getting malware infections won’t teach them to do so. Rather, it could teach them to believe the fake tech-support scams that happen to target them.