A Microsoft Corp. security tool that has been criticized for being too intrusive can be turned off by the very malware it was designed to fight.

Microsoft's User Account Control feature, which it introduced as part of Windows Vista, prompts users for approval before installing new software. This is meant to prevent malicious programs, such as the kind that steal bank passwords, from covertly installing themselves onto users' computers.

But some bugs can disable the feature entirely, Computerworld reported Friday. Malicious software can do this by either tricking Windows into granting it administrative rights or by tricking the user into approving the installation.

"Apparently, neither are difficult," the article said. One piece of malware, called "Rorpian," uses a four-year-old vulnerability to disable the User Account Control feature.