A lot of hay has been made over the new UAC feature in Vista. Apple has gotten a lot of mileage by poking fun at it. Users have all said how annoying the feature is by constantly forcing them to click OK to run programs. Some of the comments seem to be based in fact, others in hysteria or ignorance.
One of the latest misstatements I’ve found about Vista’s UAC comes directly from The Register. They recently published an article online claiming that you can bypass UAC while installing a piece of software by simply renaming an executable’s file name.
When I read the article, I was a bit stunned by such an obvious oversight. Surely it didn’t really work that way. I checked the date of the article: April 23rd, not April 1st. So, I next checked with some TechRepublic staff, Bill Detwiler and Mark Kaelin, and neither of them have heard of this either.
So naturally, I fired up a copy of Vista to confirm or deny it myself. I downloaded three different programs off of the Internet and ran their basic setup routines. Sure enough UAC caught them every time. Following the article’s instructions, I renamed the install routine of the first program to Fred.exe. For good measure, I named the others Barney.exe and Dino.exe. When I ran all three, UAC caught them all.
The programs, in case you were wondering, were AIM, YM, and WinZip. All were pre-Vista versions that I downloaded from OldVersion.com. The exact same thing happened when I downloaded the demo version of OneCare from Microsoft’s Vista Web site. UAC caught it even after I renamed it to Wilma.exe.
In every case, whether Vista recognized the publisher of the application, as it did with OneCare, AIM, and YM, and when it didn’t, as with WinZip, UAC challenged the installation of the program and prompted for an administrator password.
So what’s going on here? An innocent oversight? Microsoft bashing? Journalistic laziness? It’s hard to tell. All I know, is that it took just a few minutes of testing to determine that this ‘security warning’ was a bunch of hogwash.
The last quote in the article says:
“”This is a little bit silly: just name the installer something else, and Vista lets it through.., Chess said. He added that although the feature is imperfect and inconvenient, it’s “better than nothing””
To me, it’s a little silly when someone starts writing articles about something as important as security without doing a little bit of fact-checking. It’s worse than nothing.