1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Adware program Vonteera blocks security products with simple Windows UAC trick

Discussion in 'CSO' started by RSS, Nov 23, 2015.

  1. RSS

    RSS New Member Member

    A well-known adware program is preventing users from installing antivirus products by leveraging a Windows feature that was designed for security.

    The program, known as Vonteera, abuses the digital signature check performed by the Windows User Access Control (UAC) for executable files.

    UAC prompts users for confirmation whenever a program wants to make a system change that requires administrator-level privileges. It therefore prevents malware from silently gaining full system access if executed from a limited user account.

    MORE ON CSO: How to spot a phishing email

    Depending on whether an executed file is digitally signed by a trusted publisher, the UAC displays confirmation prompts indicating different levels of risk. For example, if the file is unsigned, or is signed with a self-generated certificate that Windows can't link back to a trusted certificate authority, the UAC prompt will have a yellow exclamation mark.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page