None of my malware scans have ever turned up anything more than tracking cookies. In the other, I put my hard drive in my friend's PC to copy some files, and his system had CIH on it (to give you an idea how long ago that incident was). In one case, I had a brainfart and double-clicked on a known-bad file instead of right-clicking on it. Despite frequenting seedier websites in the past, I have found viruses on my system exactly twice.
SANDBOXIE KEYGEN INSTALL
I generally install an anti-malware app about once a year to scan just in case.
Personally, I believe the best defense is still not doing dumb things. However, I would consider UAC a safety net to catch something I missed, rather than a complete defense against malicious programs. There are also a number of mentions of a low-rights process being able to monitor for higher-rights processes and inject code into them, due to the way the desktop is shared.Īgain, I'm all for anything to help improve security. To quote the hacker chick publicizing this, "Why should a Tetris installer be allowed to load kernel drivers?" Apparently if the fancy UAC engine detects something as a setup program, your only options are to run it with full admin privileges or not run it at all. This one is specifically a Vista issue and well over two years old. Again not necessarily a vuln in the pipe directly, but the pipe system is creating a huge vuln in your house. The reality is that regardless of how safe the pipe itself is, anyone and everyone can simply walk in through that pipe. It's like putting a 6' diameter pipe through the wall of your house and leaving it open and unmonitored because you know the pipe is safe.
By default, MS is whitelisting a program that can be used to run any arbitrary code. It may not directly be a vulnerability due to bad code in the executable file that runs UAC, but it is a vulnerability in the whole "UAC system". It's a vulnerability in Microsoft's implementation of UAC.