(This post is moved here from the TweakUAC web site, were it appeared first on January 1st, 2007).
I believe I’ve stumbled upon the first bug in Vista UAC (in the final release of Vista, not in a beta version).
It’s very easy to see the bug in action:
- Login to your computer with the Guest account. (You may need to enable the Guest account first, using the Control Panel).
- Download any digitally signed program (such as TweakUAC), save it to the default download folder (C:\Users\Guest\Downloads).
- Now run the file you’ve just downloaded, and take a look at the elevation prompt displayed:
As you can see, UAC cannot recognize that the file contains a valid digital signature, and it warns you that the program is “unidentified”. This is a bug, because you can check that the digital signature of the file is actually valid:
This problem is not limited to the TweakUAC file, any other digitally signed executable (such as the installation utilities of most software packages) will produce the same effect. All you need to do to reproduce this bug is login to Vista with the Guest account and run a digitally signed file from the Guest\Downloads folder. Note that if you copy the executable into the C:\Program Files folder, and run the file from there, its digital signature would magically become recognizable by UAC! Move the file to the root folder C:\, and the file again becomes unidentified to UAC.
Is this bug dangerous? Yes, it is! The whole idea behind UAC is to shift the responsibility of distinguishing the bad programs from the good ones to the end user (you!). The only tool that UAC gives you in this regard is the digital signature information, and it turns out it’s broken! How are you supposed to make the decision whether to trust a certain program or not if UAC does not provide you with the correct information? (Nevermind, it’s a rhetorical question).