Joanna Rutkowska has always been a big supporter of the Windows Vista security model. Until she stumbled upon a "very severe hole" in the design of UAC (User Account Control) and found out ? from Microsoft officials ? that the default no-admin setting isn't even a security mechanism anymore.
Rutkowska, a hacker with a track record of defeating Vista's security mechanisms, believes UAC has a major flaw in the way it automatically assumes that all setup programs (application installers) should be run with administrator privileges. Read on at ZdNet

« Deploying Windows Vista · Hacker, Microsoft duke it out over Vista design flaw · Google e-mail service ready for all »