Brandon Live!

Windows Vista’s new User Account Control is already earning its keep!  New attacks were reported this weekend that take advantage of a vulnerability in how Windows handles animated mouse cursors.  A patch is due out tomorrow (apparently it’s been pushed up from an original April 10th release date).  The patch will address the issue on XP and on Vista.  Yes, the vulnerability exists on Vista.  And yet, most Vista users are protected from these attacks already.

That is, assuming they have UAC enabled and are using IE7.  On Windows Vista with UAC enabled, Internet Explorer runs in “Protected Mode” which successfully protects you from all known web-based attacks that use this vulnerability.  How does it do that?  Basically, “Protected Mode” runs IE in a “sandbox” of sorts, and doesn’t allow it to access anything but its own files and registry keys.  If an attacker can successfully inject code into your web browser, and the browser is running in Protected Mode (also known as the “low” UAC integrity level) - that code is prevented from doing any harm.

To all the UAC naysayers - this is certainly only the first of many examples proving its value (especially it’s use in IE’s Protected Mode).

1. Companies that make you call them to cancel something you signed up for online.
   1. Napster - I’m looking at you.  (and MSN, Xbox Live, and anyone else who pulls this trick)
2. Companies with modern products that don’t have 64-bit drivers. 
   1. Netgear, you suck.  And the completely non-sense explanation about what 64-bit is and why you’re too lazy to support it is a total crock.  Dual CPUs?  Give me a break.  Let technical people write your technical articles from now on please.  Making an x64 driver isn’t nearly as hard as they make it sound.  In fact, it’s harder for video drivers but Nvidia, ATI, and Intel have done fine there.  USB network adapter?  Cake.
   2. Vista is out.  x64 adoption is going to go up very, very fast.  Every new machine with 4GB of memory is going to need it, and OEMs are going to be pushing the mid/high-end above 2GB very soon.  There’s no excuse anymore. 
3. Forgetting what number 3 was.