Why doesn't the administrator mode protect Windows from malware?

It is often given as the main reason for Linux' relative safety from malware that only the root account, which is not used for e.g. browsing the web, can make significant changes to the system.

Windows has a similar system since Vista, as indicated by the frequent prompts asking for administrator rights. Why doesn't it have the same effect?

Is it because of users hitting "OK" when they shouldn't, or are there other ways for malware to do damage?

More generally, what are the differences between the Windows and the Linux administrator/root systems that are crucial in making the former less safe?

user144598

Posted 2012-09-11T19:32:58.730

Reputation:

most malware uses vulnerabilities in 3rd party software like Adobe products, or Microsoft Office etc, mostly due to poor OS design by Microsoft as suggested by nycynic. If linux was in use by 80% of users, malware writers would target that OS as MAC has found out lately, none are safe or perfect in design. – Moab – 2012-09-12T21:41:57.183

Answers

UAC won't protect a computer from malware in all cases. For one, it depends on what the malware is targeting. If it's targeting system files, it will provide a blocker towards access, much like Linux does. If it's targeting user files, however, then it doesn't need elevation to do its dirty work.

However, it's good to remember that before UAC, malware was much more prevalent and it was much easier to get it on your computer without your knowledge. Because elevation wasn't necessary at all, they would just install themselves and you wouldn't notice a thing until your computer started behaving wonky. Since Vista, however, these same types of attacks no longer are silent. I've encountered them recently, even, and they do trigger a UAC notification (if you have UAC enabled, of course), where if you deny it access, it will fail to continue.

However, malware attack methods are not static. As they are dealing with a moving target (Windows' security methods), they have to accomodate. Thus, you have exploits that allow malware to silently elevate their priviledges without triggering a UAC notification. These exploits get patched as soon as Microsoft becomes aware of them, but as with all software, it won't be hack-proof. Expect more exploits to be uncovered in the future.

The reason Linux is relatively less prone to similar malware attacks isn't so much a feature of the operating system itself, but the fact that malware is still software and it has to execute on the user's machine. As the people who put these attacks out are going after the largest impact with the least effort (the "shotgun approach", so to speak), most malware will be written to run on Windows systems and won't run on Linux. However, Mac OSX, a UNIX variant (which is related to Linux in a lot of ways), is seeing an increase of malware attacks targeting Mac OSX users, as it gains more and more mindshare and marketshare. And if an attacker wanted to target a specific network of Linux machines, be sure that an exploit will be found to enable him to do so.

Ben Richards

Posted 2012-09-11T19:32:58.730

Reputation: 11 662

Originally there was a huge difference because of the isolation of running programs and protected mode (http://en.wikipedia.org/wiki/Protected_mode) However, now windows does use protected mode.

The main difference now is still the architecture of the operating system. On the outside they are very similar, both run all the processes with different user rights, and each proc is isolated, however that is just at a very high level. When you dig further in to it, you find that there has been a lot more time and effort put in to protecting linux, since it was designed to be a secure multi-user system, where windows has always been designed for single users.

http://lastwatchdog.com/windows-vs-linux-security-strengths-weaknesses/

nycynik

Posted 2012-09-11T19:32:58.730

Reputation: 103