Adware program Vonteera blocks security products with simple Windows UAC trick
A well-known adware program is preventing users from installing antivirus products by leveraging a Windows feature that was designed for security.
The program, known as Vonteera, abuses the digital signature check performed by the Windows User Access Control (UAC) for executable files.
UAC prompts users for confirmation whenever a program wants to make a system change that requires administrator-level privileges. It therefore prevents malware from silently gaining full system access if executed from a limited user account.
Depending on whether an executed file is digitally signed by a trusted publisher, the UAC displays confirmation prompts indicating different levels of risk. For example, if the file is unsigned, or is signed with a self-generated certificate that Windows can’t link back to a trusted certificate authority, the UAC prompt will have a yellow exclamation mark.