Microsoft: Malware turns off Windows’ UAC

Microsoft is recommending that users to check to see if their User Account Control (UAC) is turned on, as new malware surfaces and disables the security tool. UAC is the feature that debuted in Windows Vista and revised in Windows 7. It prompts users to approve certain actions, such as software installation.

Microsoft’s Malware Protection Center stated that malware was increasingly turning off UAC as a means to disguise its presence on infected computers. The malware needs to explot a bug that allows the hacker to gain admin rights in order to disable the UAC. Microsoft calls this type of exploit a “privilege elevation vulnerability.”

According to Microsoft’s data, users were complaining and became irritated when they faced more than two prompts in a Windows 7 session. Microsoft ended up downplaying the UAC in Windows 7.

“From a usability standpoint, no one was happy. And from a security standpoint, no one was happy either, because we knew that people get ‘click fatigue,’” said John Pescatore of Gartner. Many users attributed the UAC to Vista’s lack of success. Well, one can sacrifice convenience for security, especially when we have exploits running rampant out there.

One worm, called Rorpian, exploited a four year old Windows vulnerability to disable UAC.

Microsoft’s Malware Protection Center gives examples of common threats that have the ability to turn off UAC. Sality virus family, Alureon rootkits, the Bancos banking Trojan, and fake antivirus software are among the common threats.

Microsoft even reports that 23% of computers that reported malware detection to Microsoft had UAC turned off. This is a result of either the malware turning it off, or the user themselves turning it off.

To check to see if UAC is on/off in Windows 7: Control Panel > User Accounts > Change User Account Control Settings