neowin.net

I have moved these threads to this post so the debate can continue. Let's keep the debate civil. Anyone flaming, flame baiting or trolling will be dealt with.

Thanks,

Frank



Just because a previous version of the OS doesn't have a security feature doesn't mean you should blindly turn it off. New security features are generally put in for a damned good reason: They make the system more secure.

Giving every running process Administrative privileges has probably been the single greatest security problem that Windows has ever had. UAC fixes this.


Anyway, you shouldn't be encountering UAC that often beyond the initial period where you're installing all your software and stuff. Which programs are giving you trouble?

This post has been edited by bmaher: Jan 19 2008, 19:36

BTW, I've also disabled UAC on my Vista systems. It's a personal choice and one which should not cause problems as long as you use some degree of common sense.

I like uac. IT lets me know what the programs are doing. IF program developers got off their butts and made the programs right in the first place then it wouldnt even make uac pop up.

I leave my UAC on. Doesn't bug me one bit. If there is a program I use that always needs Run as Admin, then I do "Right Click on EXE then properties-> Compatibility Tab -> Check "Run this program as an administrator"->Apply-> OK. "

Over all I would have say alot of these UAC pops really do need to be addressed at the developer level...

Have they updated UAC?
Last time I used Vista it was more like Just say yes once and what happens next is not under your control.

UAC is just a band-aid. Proper solution would be isolating OS from everything else as well as possible.
Wanna install game? -> Admin rights -> possible deletion of data or rootkit and UAC does nothing.

When does Microslo... sorry, Microsoft move away from current installing scheme where security and portability of programs is a nightmare?

How does installing a game end up to a rootkit or data loss ? If you had it enabled you would not have to deal with the problem of that crap screwing up your computer. UAC does something, it stops potentially dangerous programs from running with administrator privlieges so they cannot cause havoc.

^ You seem like the person who cannot wait to give bashing to Microsoft.

As a personal experience to UAC, once you get over the intial stage of installing all your software and games I rarely see it.

Have you ever downloaded&installed anything from the internet?
I'm sure you have. Can you say 100% certainly that there hasn't been anything harmful in that code you gave full privileges to do whatever it wants?
No.

The problem is that there's no point giving some simple install unneeded privileges but currently you have to.
You can do installs without risking anything important but not without third party applications.
It's not that UAC is annoying, it's the lack of security even though it's continuously praised here.

Are you talking about those dodgy warez releases that you can never trust or trusted applications ? Applications I got from the internet are Windows Office 2007 (www.theultimatesteal.co.uk), Opera, Firefox, Intype, ApHeMo, W.A.M.P. , etc ... You get the idea of that. I am certain reputable companies are not going to go out their way to put malicous code into their applications. Of course the rare opportunity might arrise where a hacker will exploit it. <- Which is where UAC will stop the attack.


That is a developers problem so until they change their coding habits, it wont change.

Carefull guys, a few people on the forums will flame you and go right out on a moan about it if you tell people to disable UAC, even if you are correct in what you are saying.

I know this because i said i disabled it before and people went crazy!

Like I always say, if the UAC elevation prompts p*ss you off, grab TweakUAC and switch UAC to quiet mode.

Well, I have had UAC disabled for some time now, but not primarily because I found it annoying after initially installing Vista. Rather, some things I simply couldn't get to run correctly. For example, the Task Manager replacement from Sysinternals can not be used as a task manager replacement with UAC enabled. Period. I've tried many ways to make it so and it just doesn't work.

I also get prompts running WinRAR with UAC enabled, since it has to be run with Admin Privileges.

I'm one of those kind of guys who likes to keep my Start Menu > Programs list neat and tidy. But in the "All Users" group, trying to create a new folder and move other Program group folders to it results in repeated UAC prompts. For making folders! I have a Router Firewall, Defender, and Windows Firewall running. I don't download warez or download questionable software; and I have never had any problems without UAC.

Are you talking about the task manager replacement in Process Explorer? It's working fine here on my system with UAC enabled.





What version of WinRAR are you using? I'm going to take a guess and say it's an old version, because Vista compatibility was added in version 3.70.






The clue is in "All Users"; you're making a system-wide change, and that's why you're getting a UAC prompt.

I have always had UAC enabled and have NEVER gotten a prompt from winrar. There is something wrong if you are, winrar shouldn't need admin privileges, I've never seen it prompt on any computer.

You seem to be confused about what UAC is there to protect you against. UAC is not designed to stop you from downloading and installing malware that horks up your machine. That's the job of Windows Defender and anti-virus software (and the warnings from the browser, to some extent).

UAC is there as a mitigation of attacks against everyday applications, like Outlook / AIM / Firefox / whatever. The goal of UAC is that if such an application is hijacked by any kind of remote code execution exploit, the damage the attacker can do is constrained based on the privilege level of the application.

In the case of IE, UAC means that IE can't even read from or write to the disk outside of specific locations. So it really can't do anything to hurt your system if someone takes it over. That's why every attack against IE in Vista so far has been a non-issue. Other apps that run with "normal" privileges (Firefox, Outlook, whatever) can still do damage to your personal files if hijacked, but at least they can't affect other users on the system or damage the system itself.

It's pretty frustrating when people like you advise others to disable UAC when you don't even understand how it works, or what it's for.

I'm hoping future versions will not have an option to disable UAC, any insider info on that possibility?