LG is one of the leading manufacturers of televisions and monitors. In a company this big you would expect high standards when it comes to security. LG split screen, a software designed for their ultra-wide monitors seems to have a major security issue. The software disables UAC during installation, making the computer vulnerable to a wide variety of threats that could have at least been partially blocked by this Microsoft security feature.
Security glitch gives administrator privileges to all applications
User Account Control or UAC is a Microsoft security feature which only allows certain user approved applications to have administrator privileges on the system. By default, all applications have limited privileges but when an application requires elevated privileges to execute, Windows asks the user to authorize the action. However, with UAC disabled, all applications get full administrator privileges. These permissions when acquired by a malicious application can lead to a lot of damage.
As reported at Developer’s couch, Split Screen automatically disables UAC. The user is greeted by the following message after installing the software:
UAC automatically disabled after restart
Before installing Split Screen:
Default run window
All applications are granted admin privileges after installing Split Screen:
Run window after UAC has been disabled
A bad idea or just laziness?
Windows strongly recommends having UAC enabled at all times. No legitimate application should disable UAC automatically, as it greatly reduces the security of the system. It seems that a bit of laziness and poor planning is what created the issue in this case. The Split Screen software probably requires administrator privileges to run, but instead of going through the usual workarounds like using task scheduler to start applications in admin mode when logging in, LG decided to just disable UAC altogether to make their task easier. It is surprising that the developers of the software decided it was okay to turn off one the major security features of Windows just to avoid a bit of effort.
While we wait for a fix from LG, the only solution seems to be re-enabling UAC and uninstalling the Split Screen application. This issue is a clear example of why all kinds of software vendors need to take the matter of security much more seriously.
Have a nice (secure) day!
Related Posts:
- SMS Trojan Podec bypasses CAPTCHA on Android phones
- Google publishes Microsoft Windows vulnerability after 90…
- Installer hijack vulnerability threatens almost half of all…
- Emsisoft Malware Library
- Linux Rescue CD: a help or a hinderance?
LG Split Screen software disables UAC
No comments:
Post a Comment