One of the selling points of Windows Vista is it’s increased security. User Account Control, (UAC), is designed to ensure that unknown programs aren’t launched without the users express permission. The idea is sound, but the actual implementation may be off.
The Register reports that the name of the program has a major bearing on whether or not UAC asks the user to authenticate the installation. If the program is named “install.exe” for example, then Vista will require that the program have admin rights and UAC will prompt the user to cancel or allow installation. However, if the program name does not contain any references to “install”, “update” or “uninstall” then Vista will happily let it run without user intervention, even though it is the exact same program.
Microsoft responded that Vista was designed to automatically detect install, update and uninstall programs. As these types of programs generally need to write to protected areas of the registry and system files, then Vista would prompt for admin rights to be assigned to the program.
While Vista may have been designed to detect these type of programs, it seems that all it is doing is checking the program name, otherwise renaming the program would not allow the program to run without UAC prompting the user. While this type of behaviour may offer a modicum of protection, it can be sidestepped by using an innocuous file name. The big question now is how long will it take for malware authors to use this to bypass UAC and get their programs on to a Vista machine?