Vista's biggest security enhancement is "User Account Protection" (or "User Account Control" ) which pops up and asks for user authentication before software can make any administrative changes to the system. But the TweakVista utility can turn off UAP in one click. Microsoft says this is UAP working as intended, because when a user runs TweakVista they are asked to authenticate.

However, James Bannan at APC Magazine asked Microsoft what's to stop a downloaded "freeware game" requiring user authentication upon installation and then disabling UAP altogether? You'll be surprised by Microsoft's response.

News source: APC Magazine


There are 60 additional comments
Advertisement
(5 replies) Quote this comment Reply to this comment #1 Posted by Kushan on 09 Sep 2006 - 09:12
"James Bannan at APC Magazine asked Microsoft what's to stop a downloaded "freeware game" requiring user authentication upon installation and then disabling UAP altogether?"

The answer is simple - the user.
No amount of system protection is going to help prevent your average dumbass from installing stupid stuff.
Quote this comment #1.1 Posted by Jugalator on 09 Sep 2006 - 13:32
What if the game isn't showing any signs of being "stupid"?

The problem is -- there's no telling you're turning off UAP *itself*, and almost all apps installed need these confirmations.

What's to tell one very serious thing from happening from another?

This can't be blamed on the users as they'll see no difference.

You could blame this on the users if they said "OK, go ahead" to a dialog box saying "Warning! User account protection will be disabled and your computer will be at a much larger security risk!".
Quote this comment #1.2 Posted by Jeremy1 on 09 Sep 2006 - 19:38
Quote - Jugalator said @ #1.1
The problem is -- there's no telling you're turning off UAP *itself*

Wrong. As soon as UAC gets disabled, you get a Windows Security Alert telling you that it's disabled. You can click on it, and then it will bring up the Security Center with a button to turn it back on.
Quote this comment #1.3 Posted by hairbautt on 10 Sep 2006 - 02:45
Quote - Kushan said @ #1
"James Bannan at APC Magazine asked Microsoft what's to stop a downloaded "freeware game" requiring user authentication upon installation and then disabling UAP altogether?"

The answer is simple - the user.
No amount of system protection is going to help prevent your average dumbass from installing stupid stuff.

LMAO Pretty much right if you ask me...
Quote this comment #1.4 Posted by Peter McGrath on 10 Sep 2006 - 06:56
Quote - Jeremy1 said @ #1.2
Quote - Jugalator said @ #1.1
The problem is -- there's no telling you're turning off UAP *itself*

Wrong. As soon as UAC gets disabled, you get a Windows Security Alert telling you that it's disabled. You can click on it, and then it will bring up the Security Center with a button to turn it back on.


Even better still go into the Security Center settings and tell it to stop bugging you that its turned off!
Quote this comment #1.5 Posted by Julius Caro on 10 Sep 2006 - 12:25
Won't windows let the user install a program in his documents, without any prompt?
(9 replies) Quote this comment Reply to this comment #2 Posted by Willdev on 09 Sep 2006 - 09:21
You can already disable it in "msconfig".
Quote this comment #2.1 Posted by Peter McGrath on 09 Sep 2006 - 09:45
Quote - Willdev said @ #2
You can already disable it in "msconfig".


Exactly - nothing newsworthy about this story - this must be a slow news day.

Quote this comment #2.2 Posted by -tom on 09 Sep 2006 - 09:58
You can also disable it in the Control Panel somewhere, I think in the User Accounts area.
Quote this comment #2.3 Posted by Jugalator on 09 Sep 2006 - 13:33
The newsworthy part is that there's no way for a user to tell apart an application needing rights for regular install reasons from needing rights to disable major security systems in the operating system.
Quote this comment #2.4 Posted by QuarterSwede on 09 Sep 2006 - 13:59
Quote - Jugalator said @ #2.3
The newsworthy part is that there's no way for a user to tell apart an application needing rights for regular install reasons from needing rights to disable major security systems in the operating system.
In my opinion, you shouldn't be able to disable UAP. MS should just make it so that it isn't intrusive which should be relatively easy to do.
Quote this comment #2.5 Posted by StarSabers on 09 Sep 2006 - 14:19
No, they should allow you to disable it for X amount of time. It's a stupid clicking 50 times to install 10 programs when it should have only taken 15.
Quote this comment #2.6 Posted by GamblerFEXonlin on 09 Sep 2006 - 18:17
Quote - StarSabers said @ #2.5
No, they should allow you to disable it for X amount of time. It's a stupid clicking 50 times to install 10 programs when it should have only taken 15.


In this case Ubuntus repository system is simple and lightyears ahead of Microsoft. All the programs avaliable in the repositories are thoroughly tested and installs quickly with two simple clicks. It also sorts them in the "Start Menu" for you, OpenOffice links in the Office folder.

http://jooh.no/prog_ubuntu.html

This might be an example of innovation, userfriendly and safety we can get through competition. Too bad Microsoft can still roam free with their bundling, secret API's nobody knows about and co-mingling functionality (polluting the protocols).
Quote this comment #2.7 Posted by superhuman on 09 Sep 2006 - 19:45
Quote - StarSabers said @ #2.5
No, they should allow you to disable it for X amount of time. It's a stupid clicking 50 times to install 10 programs when it should have only taken 15.


Ok, Paul Throtte will blame Microsoft if they add this feature. He will say st like this:

"God damn it! I have disable it ... Please remove it for god sake"
Quote this comment #2.8 Posted by MrCobra on 10 Sep 2006 - 01:52
Quote - QuarterSwede said @ #2.4
In my opinion, you shouldn't be able to disable UAP. MS should just make it so that it isn't intrusive which should be relatively easy to do.


IMO, even just messing with UAC should require admin rights. Applications shouldn't be able to come in and turn anything on or off.
Quote this comment #2.9 Posted by PatriotB on 11 Sep 2006 - 06:07
Quote - MrCobra said @ #2.8
IMO, even just messing with UAC should require admin rights. Applications shouldn't be able to come in and turn anything on or off.


That's how it is. Only admins can mess with UAC. Applications can't turn off UAC unless you run them as an admin.
(5 replies) Quote this comment Reply to this comment #3 Posted by bush on 09 Sep 2006 - 09:33
and the point of the story is...
Quote this comment #3.1 Posted by Munkyman on 09 Sep 2006 - 09:44
I suppose because its Vistas flagship security procedure and it could be disabled for a home user by accident, or by malicious intent.
Quote this comment #3.2 Posted by Peter McGrath on 09 Sep 2006 - 09:46
Quote - Munkyman said @ #3.1
I suppose because its Vistas flagship security procedure and it could be disabled for a home user by accident, or by malicious intent.


Which you can do using the option built into in Vista itself.
Quote this comment #3.3 Posted by advancedboy on 09 Sep 2006 - 12:26
Quote - Peter McGrath said @ #3.2

Which you can do using the option built into in Vista itself.

The average user wouldn't intentionally turn this feature off.
Quote this comment #3.4 Posted by Jugalator on 09 Sep 2006 - 13:34
Quote -
Which you can do using the option built into in Vista itself.

In which case you'd know you were doing that!

Jeez...

But let's say you're installing a regular game and it disables it. What then?
You wouldn't be able to tell it did, and just believe it was the regular permission-to-install dialog.
Quote this comment #3.5 Posted by hoginhaze on 09 Sep 2006 - 18:35
Quote - Jugalator said @ #3.4
But let's say you're installing a regular game and it disables it. What then?
You wouldn't be able to tell it did, and just believe it was the regular permission-to-install dialog.

Then you'll get a red shield in system tray, which says that UAC is disabled. Jeez ... Isn't that enough?
(2 replies) Quote this comment Reply to this comment #4 Posted by InsaneNutter on 09 Sep 2006 - 09:50
Why are people going in to msconfig and using TweakVista to disable UAC when thers an option under user accounts to turn it off?
Quote this comment #4.1 Posted by Peter McGrath on 09 Sep 2006 - 10:12
Quote - InsaneNutter said @ #4
Why are people going in to msconfig and using TweakVista to disable UAC when thers an option under user accounts to turn it off?


Maybe because people just want to get rid of it once!

MS has bowed to a lot of fanatics and gone overboard installing all this security crap which a lot of people just aren't interested in.

Windows popularity was built on its "usabilty" and this is one giant step backwards that does nothing to make the system easy to use. No doubt due to Bill Gates no longer taking an active part in Windows development anymore
Quote this comment #4.2 Posted by QuarterSwede on 09 Sep 2006 - 14:05
Quote - Peter McGrath said @ #4.1
Windows popularity was built on its "usabilty" and this is one giant step backwards that does nothing to make the system easy to use. No doubt due to Bill Gates no longer taking an active part in Windows development anymore

I see the opposite. Possibly because of Gates, Windows wasn't secure and is certainly isn't the easiest OS to use.
(6 replies) Quote this comment Reply to this comment #5 Posted by danwarne on 09 Sep 2006 - 10:30
To me it's pretty simple: disabling UAP should trigger a SPECIAL authentication process. e.g. it shouldn't just be part of having elevated privileges overall -- once a program has been authenticated for administrative privileges, it shouldn't automatically be able to disable UAP. If ANY program tries to do that, then Windows should pop up an alert warning the user that something is trying to disable a critical part of Windows' security.

Re: Peter MgGrath's comments... good point; but Windows' lack of 'front of house' security has been its fundamental weakness from the beginning. If you make it so easy for users to disable the prompts, people are obviously going to do it... because they're annoying. Then viruses are just going to propegate as they always have before.

I must say Mac OS X seems to have the user authentication process right. There is no way of disabling it, but it doesn't have as many alerts as Windows does, so it doesn't get annoying. You really only need to authenticate when changing really important system settings, or installing software. Plus it doesn't go the whole "greyed out screen" thing (that's one of the things I find the most annoying). It just pops up a dialogue.
Quote this comment #5.1 Posted by backdrifter on 09 Sep 2006 - 12:00
I think the attention-seeking greyed mode (secure desktop) is gone in the later builds. Vista too, just pops a dialog now.
sorry, seems like sometimes UAP uses the secure desktop until you respond.

Last edited by backdrifter on 09 Sep 2006 - 12:26
Quote this comment #5.2 Posted by Jugalator on 09 Sep 2006 - 13:35
Quote -
To me it's pretty simple: disabling UAP should trigger a SPECIAL authentication process.

Yes, that's the real problem here that most in this thread don't get.

Last edited by Jugalator on 09 Sep 2006 - 13:42
Quote this comment #5.3 Posted by QuarterSwede on 09 Sep 2006 - 14:08
danwarne, its good to see someone gets it. Good proposal as well. Too bad you don't work for MS.
Quote this comment #5.4 Posted by Daffy_Duck on 09 Sep 2006 - 17:12
It's clear that Windows fans are as clueless about security as Microsoft is. No offense intended but it's true. The story here is that UAP can be disabled by a 3rd party program. This is dangerous. Microsoft does this all the time. There are tons of dangerous settings that can be easily changed by 3rd party programs. There should only be one method of disabling UAP and it should be VERY obvious to the user that it's dangerous to disable it. There should be at least 2 password prompts and it should have to be initiated by the user.

If Microsoft doesn't do something about this I'd say that the added security in Vista is a sham.
Quote this comment #5.5 Posted by theyarecomingforyou on 09 Sep 2006 - 18:43
What a joke. UAP is part of Microsoft's policy to take security seriously and yet they leave such an obvious oversight. It shouldn't be possible to disable it for Home/Ultimate versions, though businesses should have the option of disabling it for a period of time, say 5-10 minutes - that way they can avoid multiple prompts when installing programs of known origin and will be protected again afterwares... it doesn't matter if they forget to turn it back on because it will be automatic. It should also be refined to popup as little as possible, otherwise users will just click "Allow" to everything.

Being so easily disabled defeats its purpose. If their main security feature is so easily disabled I really do worry about the long term security of Vista... if it's 5yrs until the next OS then it will probably be exploited as much as XP; if it's less, like 3 yrs, then the install base will be smaller and the risk reduced, though that still doesn't solve the problem.
Quote this comment #5.6 Posted by superhuman on 09 Sep 2006 - 19:55
That's why MacOS software is hard to write like UNIX. Everything is packaged in one file. If you use a Mac as standard user, you have already known that. You still have to enter password if you want to set up a software that need admin right. Windows is on the other hand. It needs to use existing library and resources of the system to run. That's why it need administrator right regularly.

These are two different models. I think Microsoft tries very hard to get out of the shadow of the UNIX. It could be good and bad at the same time. For example: security is bad.
(3 replies) Quote this comment Reply to this comment #6 Posted by backdrifter on 09 Sep 2006 - 12:03
The idea behind UAP(in personal usage) is to inform users about what's going on in their system. It can't "protect" the user from its own foolness anyway because you can bypass it with a single "allow" button; let alone shutting the whole thing down.
Quote this comment #6.1 Posted by Jugalator on 09 Sep 2006 - 13:37
How can you blame it on foolishness if the application looks perfectly legit and doesn't trigger any special authentication process beyond the regular UAP prompt? It's impossible to tell the two things (requiring permission to create Program Files folder and requiring persmission to wreck your security) apart.

Yes, this is a default response that can be applied to clicking "Yes" on most dialogs, but for the reason I gave, not really in this case. UAP simply needs a special permission dialog to open with a much greater warning, and that's that. You can blame the users if they in that case says "yes" to *that* dialog.
Quote this comment #6.2 Posted by QuarterSwede on 09 Sep 2006 - 14:09
Quote - Jugalator said @ #6.1
How can you blame it on foolishness if the application looks perfectly legit and doesn't trigger any special authentication process beyond the regular UAP prompt? It's impossible to tell the two things (requiring permission to create Program Files folder and requiring persmission to wreck your security) apart.

Yes, this is a default response that can be applied to clicking "Yes" on most dialogs, but for the reason I gave, not really in this case. UAP simply needs a special permission dialog to open with a much greater warning, and that's that. You can blame the users if they in that case says "yes" to *that* dialog.

Plus, people tend to actually think about what its going to do if they have to input their Admin Password and not just blindly and automatically click a "Yes" button.
Quote this comment #6.3 Posted by backdrifter on 09 Sep 2006 - 19:49
I do agree that UAP should present a special dialog, when a program tries to shut it down, but the same user who allowed that program to run at the first place, would likely go ahead and click yes to that second, special dialog too.

If you want a fool-proof operating system, you should leave no serious choices to the user. But we, power users won't like that, so this is what we get, something in between. Can you imagine how much people would flame MS if they didn't include a way to disable UAP easily?
(5 replies) Quote this comment Reply to this comment #7 Posted by danj205 on 09 Sep 2006 - 12:15
Yeah, pretty stupid article. Here's how you turn it off in Vista without a program. Start > Control Panel, in the Search box (already focussed) type 'UAC', and 'lo and behold! "Turn user account control (UAC) on or off" That was difficult.

Next, what sort of program would turn off UAC that isn't a tweaker? A *malicious* one? So, you'd expect that the user to cancel that before it runs. UAC depends on the tried and true method of self-administering. You'd expect that if a random UAC dialog appeared saying "This program wants elevated privileges," the person would recognise that it doesn't have anything to do with a program they ran and would cancel it. Unfortunately, some people won't. But it is entirely up to them.

Attention seeking greyed mode is still in RC1. I don't really care about it that much. It's not like your desktop would randomly grey out with the dialog. If a background program is seeking permission, a taskbar button will light up with the shield. Then you are viewing and focussing on that window, so it doesn't really matter to me what else is happening around it, because I'm going to go Allow or Cancel on a whim, I know what I am running, and what I'm not. It's not like the dialog is going to appear, and then I'm going to think about it for a couple of minutes while I finish off a document. If that was the case, I'll click on the flashing taskbar button when I want to.
Quote this comment #7.1 Posted by Angel Blue01 on 09 Sep 2006 - 12:35
But people aren't aware of the need to self-administer. There needs to be something do make them aware of what's going on before a malitious program runs. So many programs install additional programs (not neccessarily spyware) that they may think any prgram that tries to install when they install a program is legitimate.
Quote this comment #7.2 Posted by danj205 on 09 Sep 2006 - 13:06
Yes I know, there is a problem here, but what are you to do?

This UAC is merely to question a persons motives. Like someone over your shoulder going "What are you doing?"

You will have several types of people:
a) The ones that turn it off.
b) The ones who will consider the permissions of the program (what MS are hoping most do)
c) The ones that Allow anything that runs (fools, but this could tend to be new users who don't know the risk)
d) The ones that when met with the dialog, run (or click Cancel) for fear of what is going to happen.

Unfortunately, I don't think you can avoid them - unless you have some sort of whizzbang alternative.

As I see it, it is just like Ubuntu's "sudo" and gtk-sudo (or whatever), where it'll just ask for your password. The real reason why it does that is to make you think twice about what you are doing. I admit, that UAC does happen on some pretty trivial things (such as adding a folder to the inde but it is better than having nothing and I'm glad to see that Windows is finally doing something about it.
Quote this comment #7.3 Posted by Jugalator on 09 Sep 2006 - 13:39
Quote -
Yeah, pretty stupid article. Here's how you turn it off in Vista without a program. Start > Control Panel, in the Search box (already focussed) type 'UAC', and 'lo and behold! "Turn user account control (UAC) on or off" That was difficult.

But then you're saying you want to turn off UAC, right?
What's your point? Then you already know what's happening.

Here's a the point of this article: you aren't asked for this with the dialog spoken of in the article, because that's just the regular UAC dialog that's presented if you wish to e.g. let it create a folder in Program Files. How are you going to tell the two wildly different things apart as a user?
Quote -
Yes I know, there is a problem here, but what are you to do?

Add a "You're disabling your user account protection" dialog and use that one when something tries to disable that feature.
Quote this comment #7.4 Posted by Daffy_Duck on 09 Sep 2006 - 17:16
Quote -
Next, what sort of program would turn off UAC that isn't a tweaker? A *malicious* one? So, you'd expect that the user to cancel that before it runs.


What if mom is just trying to install a cool new screensaver? It asks her to enter her password and she does so assuming it needs it to be able to install. The program then disables UAC and wreaks all kind of havoc on the system since it has free reign.
Quote this comment #7.5 Posted by random_n on 09 Sep 2006 - 18:23
Quote -

What if mom is just trying to install a cool new screensaver? It asks her to enter her password and she does so assuming it needs it to be able to install. The program then disables UAC and wreaks all kind of havoc on the system since it has free reign.


UAC isn't meant to protect against intentionally malicious programs (that's your antivirus' job), it's to protect known good programs from being compromised while they're running. It's what keeps Internet Explorer in it's little sandbox. If you unknowingly open a malicious Word file and all of a sudden it's asking for administrative privileges, then UAC is doing its job.

The only broken thing here is the whole concept of the installation process for software, and the only OS that has this right is Apple's. Installing trivial software should never require granting it privileges enough to take over the kernel, and yet be it setup.exe, install.msi, or footothebar.rpm, it usually does. Ahh, maybe they'll figure it out in time for Windows Vienna.
Quote this comment Reply to this comment #8 Posted by Angel Blue01 on 09 Sep 2006 - 12:36
I prefer the KDE (Linux?) way of doing things for most features: If you don't enter your admin password you get to see the window of the program that's trying to run but you can't do anything.
Quote this comment Reply to this comment #9 Posted by Avenger 2.0 on 09 Sep 2006 - 14:29
The real problem isn't that malware with administrator rights can turn off UAP, but that it can do anything it wants. It will likely never turn off UAP, because when it does, users will now they got infected with malware. It can just leave UAP on, and silencely embed itself in your windows doing it's malware thing...
(1 reply) Quote this comment Reply to this comment #10 Posted by cheesegoduk on 09 Sep 2006 - 14:46
UAC should just be ripped out of vista now. Its utter crap
Quote this comment #10.1 Posted by John Ericson on 09 Sep 2006 - 16:15
It's good you're not working at MS!
(1 reply) Quote this comment Reply to this comment #11 Posted by thenay on 09 Sep 2006 - 18:08
I honestly think UAC is garbage, I can see many flaws already with it.

At the way Vista is looking it looks like i'm going to wait to use Vista until it hits SP1.
It's going the same way XP did when it went final. I think it's being rushed just to make people happy about its target release date. I see where they're coming from but it's just more problems for us. Oh well, let's see what happens in the next build.
Quote this comment #11.1 Posted by superhuman on 09 Sep 2006 - 20:06
who care when you want to use it! heheehe
Quote this comment Reply to this comment #12 Posted by strekship on 09 Sep 2006 - 18:40
As long as they don't make it so there is no way to kill it, i will be happy.
(1 reply) Quote this comment Reply to this comment #13 Posted by Robin.B on 09 Sep 2006 - 19:55
Are a lot of people here actually using Vista? You cannot criticize something that you don't know exactly what it does.

UAC can't be turned off "by accident" OR by a "malicious program", because there is an immediate dialogue stating that "UAC has been turned off. Click here to fix this problem", and remains there until you turn it back on. With RC1 it isn't very annoying anyway - only popping up once or twice for the whole day.

Quote this comment #13.1 Posted by Daffy_Duck on 10 Sep 2006 - 14:28
"UAC has been turned off."

Do you get that message when UAC is turned off with TweakVista? If not, all bets are off.
(3 replies) Quote this comment Reply to this comment #14 Posted by fpd on 09 Sep 2006 - 22:03
This is the sort of change Windows Defender should be protecting us from.
Quote this comment #14.1 Posted by superhuman on 10 Sep 2006 - 01:17
Yes, people forget Windows Denfender

1st tier - Windows Defender
2nd tier - UAC

What do they complain?? 2 wall to climb if it is malware.
Quote this comment #14.2 Posted by Stunna on 10 Sep 2006 - 05:18
Didnt MS anti spyware do this (had a allow or disable dialog pop up on the system tray when something tried to run on ur system?) did they take that out of windows defender?
Quote this comment #14.3 Posted by superhuman on 10 Sep 2006 - 17:52
Quote - Stunna said @ #14.2
Didnt MS anti spyware do this (had a allow or disable dialog pop up on the system tray when something tried to run on ur system?) did they take that out of windows defender?


Windows Defender is now smarter. It won't ask you that often. It works based on Spyware Definition. But, if the software is unknown and it want to change the system, Defender will prompt you so that you can allow or cancel the action. U can also set to let Defender ask you everytime ask well
Quote this comment Reply to this comment #15 Posted by brianshapiro on 10 Sep 2006 - 02:49
"This isn’t too surprising really. It confirms what we have come to suspect about UAC – it’s very useful for standard users and totally useless for power users/administrators.If you have to grant admin privileges to a setup process to allow installation, and from there it can do whatever it wants, UAC hasn’t actually protected you at all."

Because Microsoft expects power users / administrators to not be as dumb / careless as a standard user. duh. the writer of this article is really dense about the purpose of UAC. Its mostly to prevent carelessness, since malware is usually suspicious in the first place.

If you get a message from the system that UAC has been disabled, that is enough. I think the process to disable it should be a special dialog also, its strange that they allow a third party app to do it. But also put this into perspective as to the use of UAC as a way to child-proof the OS.

Last edited by brianshapiro on 10 Sep 2006 - 02:55
Quote this comment Reply to this comment #16 Posted by Ned on 10 Sep 2006 - 03:42
This Link seems useful.

Configure User Account Control.



Last edited by Ned on 10 Sep 2006 - 04:47
(1 reply) Quote this comment Reply to this comment #17 Posted by war on 10 Sep 2006 - 05:01
removed...prefer not to get sued...

Last edited by war on 10 Sep 2006 - 05:20
Quote this comment #17.1 Posted by Stunna on 10 Sep 2006 - 05:23
damn this sucks
I hope they fix it
I dont want to run anti spyware / anti virus
Quote this comment Reply to this comment #18 Posted by StuRReaL on 11 Sep 2006 - 09:57
Well the last time I looked vista still sets up your user account as an administrator, and then you have to use UAC to do anything useful. So I wonder what the point is as I'm still an admin by default!! why didn't microsoft just copy Ubuntu's / OSX's method of doing it and enforce users to use a strong password, and disable all the hidden accounts by default.
[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.


Scroll to the Top
....
My Preferences
....
Communicating with server
Loading
Please Wait...
....
Loading
 X 
....