Well, if I understand how Comodo Firewall Pro works, any program that tried
to access the internet had to do so *exactly* as it was at the time you
allowed it and asked to remember it.
So, if someone injects code into its memory space, Comodo will detect that
and stop the access and re-ask you for the access.. explaining why too. This
happens also for tons of reasons..
- Different parent (caller of application.. if it's not me, then it would
let me know),
- dll was hooked to app, it will detect that as well and ask
- etc etc.
To me, those seem to be the necessary security features that UAC could use
as well (with preferred/trusted app if that was included). This way, *noone
else* could start an app.. (different parent). If the app gets modified *in
any way*, it'd get blocked as well... etc
Thinking on this while I'm writing this, what if an app gets changed by a
virus while I'm using XP and then when I'm back to Vista, using the same app,
AND being the original user that ask it to start, I'd get the same UAC popup
and I'd tend to say -- ok continue -- without thinking twice about it... but
with the Comodo way, it would *know* that the program was modified in some
way and would tell me so.
Somethings to think about
"Ronnie Vernon MVP" wrote:
> If this were possible, it would make UAC useless. This would open a
> vulnerability path that could be used to compromise the system since any
> malicious program would be able to piggyback on the program that is
> automatically granted system wide privileges.
> Ronnie Vernon
> Microsoft MVP
> Windows Shell/User
> "Rej" <Rej@discussions.microsoft.com> wrote in message
> > Is there a way to have UAC remember a program I trust so that it won't
> > popup
> > the UAC consent window everytime I start it?
> > I'm trying to load on startup 'Process Explorer' but I can since it
> > requires
> > permission.
> > If the procedure to have a program load on startup is different than not
> > having the UAC window popup, I'd like to know for the popup as well since
> > there are other software that I would allow without question (unless they
> > change of course).
> > Thx in advance
> > --
> > Rej