Windows Vista's Color-Coded Security Messages Can Be Spoofed, Symantec Warns - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Windows Vista's Color-Coded Security Messages Can Be Spoofed, Symantec Warns

A Symantec security researcher says malicious code can "trick" Windows Vista into generating a green light when it should be holding up the stop sign.

A security feature in Microsoft's new Windows Vista operating system that's designed to give IT administrators more control over workers' desktops can be easily fooled by malware because it's effectively color blind, according to a researcher at security software vendor Symantec.

The User Account Control feature in Windows Vista is designed to prevent individuals from making system changes that aren't authorized by their IT departments. The feature is supposed to prevent beguiled workers from installing software that could present a threat to their corporate networks.

If a user attempts such a change, he or she is greeted with an error message bordered in bright red informing them that the move isn't authorized. Notifications for supposedly innocuous changes not requiring administrator approval -- such as activating a driver or other component that is a built-in part of Windows -- are presented within a friendly, light-green border.

The trouble, according to Symantec security researcher Ollie Whitehouse, is that malicious code can "trick" Windows Vista into generating the green notification when it should be holding up the stop sign. "The user is presented with a UAC prompt that [falsely] claims that Microsoft Windows needs to elevate permissions ... not a third-party application," writes Whitehouse, on his blog on Symantec's Web site.

Whitehouse says the problem can occur when users try to activate a part of Windows Vista -- RunLegacyCPLElevated.exe -- that's supposed to make Vista compatible with older Windows Control Panel plug-ins. Files associated with RunLegacyCPL.exe can act as Trojan horses for malware that can then get written to unprotected areas of a user's hard drive after he or she gets the bogus green light.

"Microsoft is saying you should only see [the green dialog box] if the application is part of Windows," Whitehouse writes in his blog entry, which appeared earlier this week. "While it's true that RunLegacyCPLElevated.exe is part of Windows, it isn't true that the arbitrary DLL it loads and executes is," Whitehouse says.

Microsoft, in a best practices guide, concedes that Vista's color-coded warnings aren't a fail safe security measure. "The UAC prompts aren't a direct security boundary -- they don't offer direct protection," says Microsoft. "They do offer you a chance to verify an action before it happens."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Commentary
Six Inevitable Technologies and the Milestones They Unlock
Guest Commentary, Guest Commentary,  10/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll