Vista's UAC has a security feature that marks it out from any other type of Windows security program -- it can spot rootkits before they install. This is one finding buried in a report published in two German computer magazines some months ago after testing by the respected AV-Test.org, which set out to find out how well antivirus programs fared against known rootkits.The answer: not particularly well ... either for Windows XP, or Vista-oriented products.
Of 30 rootkits thrown at XP anti-malware scanners, none of the seven AV suites found all 30, a similar story to the six web-based scanners assessed. Only four of the 14 specialized anti-rootkit tools managed a perfect score. For Vista, only six rootkits could run on the OS, but the testers had to turn off UAC to get even this far. Vista's UAC itself spotted everything thrown in front of it.
In a period of where Vista has received criticism, Microsoft's programmers can at least point to evidence that UAC is efficient at stopping infections from happening automatically.
View: PCWorld
Which it very well SHOULD.
In fact, Microsoft's UAC warnings are a lot more intelligible than most warnings from other anti-malware products (yes, Symantec; that means you), and a great deal more verbose than those of even Security-Enhanced Linux in Enforcing mode (that says a lot about SELinux, and none of it good). Helping the user spot suspiscious software (or even suspiscious SOURCES of software) is one way to help slow down (if not halt) the spread of malware; even better to do so with newbie users (still the largest single source of rootkit-infected and zombified PCs and networks). Question is: now that it's been proven to be effective, will Microsoft's security mavens get sledged for being too effective compared to their open-source (SELinu
Which it very well SHOULD.
In fact, Microsoft's UAC warnings are a lot more intelligible than most warnings from other anti-malware products (yes, Symantec; that means you), and a great deal more verbose than those of even Security-Enhanced Linux in Enforcing mode (that says a lot about SELinux, and none of it good). Helping the user spot suspiscious software (or even suspiscious SOURCES of software) is one way to help slow down (if not halt) the spread of malware; even better to do so with newbie users (still the largest single source of rootkit-infected and zombified PCs and networks). Question is: now that it's been proven to be effective, will Microsoft's security mavens get sledged for being too effective compared to their open-source (SELinu
I agree that Vista's UAC is good for this, but the popups are far too frequent. This is why people will just keep clicking. End-users need education on security to help prevent such infections without going through 20 popups every time they move their mouse. Vista's UAC as it is now is more annoying than it is useful.
I would rant about how horrible SELinux is to configure depending on what you want to do, but this is about Vista's UAC, not SELinux.
I disagree - once the computer is set up, you don't get much in the way of UAC popups, I've found.
Which it very well SHOULD.
In fact, Microsoft's UAC warnings are a lot more intelligible than most warnings from other anti-malware products (yes, Symantec; that means you), and a great deal more verbose than those of even Security-Enhanced Linux in Enforcing mode (that says a lot about SELinux, and none of it good). Helping the user spot suspiscious software (or even suspiscious SOURCES of software) is one way to help slow down (if not halt) the spread of malware; even better to do so with newbie users (still the largest single source of rootkit-infected and zombified PCs and networks). Question is: now that it's been proven to be effective, will Microsoft's security mavens get sledged for being too effective compared to their open-source (SELinu
I agree that Vista's UAC is good for this, but the popups are far too frequent. This is why people will just keep clicking. End-users need education on security to help prevent such infections without going through 20 popups every time they move their mouse. Vista's UAC as it is now is more annoying than it is useful.
I would rant about how horrible SELinux is to configure depending on what you want to do, but this is about Vista's UAC, not SELinux.
Compared to what?
Better that the user be warned more often (even if the warning has a chance of being false) than to have ONE bad apple get through. (Hindsight is always 20/20.) A good part of UAC's verbosity is about User Education/User Feedback, as one thing Microsoft picked up from the Usability Labs is the impact reinforcement (both positive and negative) has on the user experience. However, the vast majority of the griping about UAC is from those that consider themselves Power Users (and think they know better than Microsoft).
I have never kept UAC turned off on any computer I've owned or worked on (and, at worst, only turned UAC off systemwide under specific unique circumstances for less than five minutes on any system; after that period, it was reactivated). And that is *despite* a computer background that predates the PC (in fact, it goes back to the heyday of IBM's System 360 and 370 mainframes). I usually *don't* have a problem with UAC in typical computer usage, and I've been using Vista since before the Great Code Rewrite, and since that changeover (and the birth of UAC), most of the time it's been my sole operating system. I can pretty much say that I have basically a *Jack-of-all-trades* older PC (it does a little bit of everything; not stellar in any one task), and Vista (UAC and all) lets me get my gamut of stuff done, and with much less in the way of unwelcome interruptions than XP did (on the same hardware). UAC has been given a trial-by-fire (by me), and it has earned its spurs, in my own humble opinion.
Thank you GOD Thank You!!!
-Kneels & Pray-
Run Word or Firefix? Get your facts right - please - for the sake of your own respect get your facts right...
Run Word or Firefix? Get your facts right - please - for the sake of your own respect get your facts right...
keep your troll bait to yourself, please. If this is the best argument you can come up with against... a post of the general improvement in all OS environments... Try again
-1
Run Word or Firefix? Get your facts right - please - for the sake of your own respect get your facts right...
keep your troll bait to yourself, please. If this is the best argument you can come up with against... a post of the general improvement in all OS environments... Try again
-1
-1
which means +1 to the original post.
? i've never seen an uac dialog when opening word or firefox, I don't know what you do with you computer to get that, but really. Don't say bull**** like that
They're completely making it up -- neither application requires administrator priveleges to start.
You do realize that UAC dialogs only show up when installing/removing a program or making system-wide changes... right?
I mean, that's the whole point.
UAC has no effect on running Word or Firefox or other applications. Perhaps you should actually try Vista before you rag on it like that?
Let's say Mr Noob downloads and runs BritneysFlange.avi.exe. The UAC pops up a couple of prompts asking whether they are sure they want to run the file, but of course they're sure they want to see Britneys's flange so they OK past all the prompts, what brilliant protection.
People stupid enough to get infected will ignore the prompts and those not stupid enough just get annoyed by them.
You're quick to complain about UAC, but what is your alternative?
(Worse for you, golly-gee, UAC actually WORKS; in fact, in Vista, it stops rootkits deader than doorknobs.)
Why is it that when faced with solid security actually designed into Windows (which is what a lot of users complained rightfully that XP was sorely lacking) the same complainers want to invalidate it? Is it a case of "Be careful what you wish for; you might actually get it."?
UAC stops things from happening automatically. It puts the user in control. Some users may not know what to make of this newfound control, and will try to go back to their old ways, but for those who'd like more control, UAC is just the trick.
UAC might work in a lab but it doesn't work in the real world because the kind of people stupid enough to be effected by the kind of things it might protect against just ignore the protective prompts.
I don't care if you want to use Vista or any other OS more power to you but don't use bull**** stats like this to justify UAC and dismiss the people that point out the basic flaws.
The basic flaw is the user. The basic flaw will always be the user. NO SECURITY SYSTEM IN THE WORLD CURRENTLY IN PLACE OR EVER WILL EXIST can protect a user or group of users from his/their own stupidity. If it did, the program would be quickly uninstalled , deactivated, or not bought at all, and the user would continue on their own clumsy way.
I don't care what people think, well done Microsoft.
I'm no Microsoft fan boy - I mostly use XP and linux - but sometimes you have to give credit where credits due.
You're quick to complain about UAC, but what is your alternative?
(Worse for you, golly-gee, UAC actually WORKS; in fact, in Vista, it stops rootkits deader than doorknobs.)
Why is it that when faced with solid security actually designed into Windows (which is what a lot of users complained rightfully that XP was sorely lacking) the same complainers want to invalidate it? Is it a case of "Be careful what you wish for; you might actually get it."?
Actually, the point lardboy had was that users need to be educated in secure computing habits. I don't see many dialer programs these days, which also happened to be a masquerade for trojans, but I really don't think porn surfers have any more secure habits than they did way back in Windows 98. UAC is nothing more than an extra few "OK" (or was it "Allow"?) buttons to the average horny person that just wants to see some nudity. That's pretty much all Vista's UAC is - a bloody thorn of the beautiful rosebush that is Vista. I can say it is slow with certain configurations, but I can't deny that it doesn't look good.
You're quick to complain about UAC, but what is your alternative?
There is no way to stop a noob from eventually destroying his/her PC. That is the way of the noob. With "features" like UAC Microsoft annoys the rest of us.
Tell me how I'm going to get a rootkit when I don't download untrusted software? I have never had any trouble with viruses on my PC other than when I was lazy and did something stupid. Even then it wasn't much trouble to remove them because they were unable to download their payloads thanks to my firewall. Besides, as the OP said, UAC isn't going to stop a noob from allowing an infected program to execute since they are purposely trying to install it because they think it's a codec they need or something.
Let's say Mr Noob downloads and runs BritneysFlange.avi.exe. The UAC pops up a couple of prompts asking whether they are sure they want to run the file, but of course they're sure they want to see Britneys's flange so they OK past all the prompts, what brilliant protection.
People stupid enough to get infected will ignore the prompts and those not stupid enough just get annoyed by them.
some people stupid enough to get infected will ignore the prompts, and some other people stupid enough to get infected turned off UAC to begin with and didn't get the prompts.
the SMART people left UAC enabled and denied the prompt when it came up.
How about drive-by-downloads when you visit a website or using an SQL injection technique!!!!
How about drive-by-downloads when you visit a website or using an SQL injection technique!!!!
Sorry, comment was aimed at toadeater.
Let's say Mr Noob downloads and runs BritneysFlange.avi.exe. The UAC pops up a couple of prompts asking whether they are sure they want to run the file, but of course they're sure they want to see Britneys's flange so they OK past all the prompts, what brilliant protection.
People stupid enough to get infected will ignore the prompts and those not stupid enough just get annoyed by them.
You misunderstand the purpose of UAC. UAC is not to stop you from installing malware on your computer. Heck, there's plenty of malware that doesn't even require admin privileges. And as you say, another prompt isn't going to stop that. Although it may, by chance, because UAC is scarier than most prompts.
However, the purpose of UAC is entirely different, and so your point is irrelevant. UAC exists so that when Outlook or Firefox or another application is exploited via a remote code execution vulnerability, the malicious code cannot harm other user accounts or the system itself. Or in the case of Protected Mode IE, it means the malicious code can't really do anything.
The prompts are a very small part of that. Basically, if you clicked on an e-mail message and this triggered a vulnerability in Outlook - instead of your machine being instantly pwned, it would either completely fail silently (because Outlook is running without admin privileges) or at worst you would see a UAC dialog, and have a very good chance of stopping the attack. While users might click "continue" when trying to run BritneysFlange.avi.exe, they are far less like to click "continue" if they have no idea where it came from.
My main concern about UAC is that people will get in a habit of just clicking OK every time the box comes up. But despite that, it's still good that the user is at least given a warning when an application attempts to make a system-wide change.
Last edited by Chugworth on 25 May 2008 - 22:12
My main concern about UAC is that people will get in a habit of just clicking OK every time the box comes up. But despite that, it's still good that the user is at least given a warning when an application attempts to make a system-wide change.
only when you are an administrator ofcourse, normal users have to provide an administrator password
i think all of the current solutions (uac, su, sudo) have their advantages
My main concern about UAC is that people will get in a habit of just clicking OK every time the box comes up. But despite that, it's still good that the user is at least given a warning when an application attempts to make a system-wide change.
Actually, I believe you can configure those programs to have a grace period in Linux. For example, the password I enter at a kdesu or gtksudo password prompt remains active for a bit while I am configuring things (monitor resolution, date/time, etc.) in Fedora 8. sudo does the same thing when I'm using the command line.
A grace period is about the dumbest thing you can do. With a grace period, all malware has to do is sit around and wait for you to do something else that requires administrator priveleges before it can root your box...
My main concern about UAC is that people will get in a habit of just clicking OK every time the box comes up. But despite that, it's still good that the user is at least given a warning when an application attempts to make a system-wide change.
+1
I keep hearing that name pop up everywhere... think I'm gonna give it a try
It's just a trade off on how much annoyance you can take compared to the security benefits of said annoyance.
And that goes for a lot of this day and age's firewall products too.
...
Thank you GOD Thank You!!!
-Kneels & Pray-
First of all, I'm not sure the term Fanboy applies to someone who doesn't like something, but it sure as hell applies to your reaction...a classic, very odd reaction of adoration to something like UAC. Dude, you are a UAC fanboy.
Last edited by EduardValencia on 25 May 2008 - 23:37
UAC's goal is to keep proccesses at the lowest privilege level they need to accomplish their task which is arguably a better defense than some of the others.
Programmers to stop requiring admin priveledges on software
End users by alerting them of anything that could be seen as dangerous
Over time you should expect to see less pop ups - but thats in the long term when people understand...
However, i have disabled UAC, but i do know what i'm doing. UAC is working and most users should use it and pay close attention on what they are doing.
If you understand what UAC is, you're far less likely to turn it off, based on what I've seen. As you seem to think that it is Microsoft holding the user's hands, AND you have turned it off, I'm inclined to believe that you do not.
I thought I'd put a link to the tests here.
If PC World expects any credibility they should link to the page where the test results can be downloaded, instead of just saying "a report published in two German computer magazines some months ago". WTF, are they stupid?
UAC I defiantly agree was done correct this time by Microsoft. Ive got it turned on for my computer and I am the sole user with Admin rights. I have yet to see it pop up for probably 2 weeks now. I dont see how it is so annoying other than when you are first installing your apps and settings.
The biggest argument I am seeing here revolves around the novice computer user and most of us here are not that and I think Microsoft finally started thinking more about them and did this correctly. Yes most users probably get used to seeing the UAC pop up and ignore it and click OK and this is due to poor security and computing habits from the past decade or so because we still have stupid people downloading Trojans etc. However UAC does seem to be helping change all that even if it is annoying which is really what its come down to, to get people to be aware of the malicious stuff out there.
My dad actually came to me the other day saying he downloaded a new anti spyware program from some ad on yahoo, well we all know that thos have nasty side effects, turns out it was some kind of damaging program and because it was an EXE file UAC popped up when he tried to install it, but instead of the usual yellow waring it was the bright red one which steered him away from installing. So I think this is a step forward by Microsoft.
Nope... You're wrong..
See even one negative test overrides EVERY positive article..
Anyway.. we're going to see MS/Vista/any other MS OS bashing till the company is gone..
Well UAC, by design, will block EVERY rootkit attempt, as long as the user does not click OK.
LOL
Vhere is UAC here?
Last edited by CoolBits on 26 May 2008 - 07:43
LOL
Vhere is UAC here?
Interesting what they did there but that's physical access which is totally different. If you have physical access to a machine then pretty much nothing can stop you (well maybe encryption).
UAC will only prompt if something requires administrator privileges, this is educating the software developers too as they shouldn't need these privileges for day to day running of programs.
Bye bye parental controls for example hehe
LOL
Vhere is UAC here?
What can i say. LOLMAO
Anyone with LiveCD can do that. ROLFCOPTER
LOL
Vhere is UAC here?
What can i say. LOLMAO
Anyone with LiveCD can do that. ROLFCOPTER
Welcome to data secure CoolBits:
Rule 1 - if you don't control physical access to your machine, it isn't your machine
Read up the rest yourself. Try CompTIA Security+, Microsoft's recommendations or just common sense.
Whoops - I fed the trolls....
Anyone believing that they have a secure system when there is physical access is, quite simply an idiot. I can't think of a single OS that a competent sysadmin can't pwn with physical access.
Anyone wondered why server rooms and datacentres have locks on server, racks, entrances. Plus CCTV, biometrics, mantraps and sometime physical security guards as well.
Feel free to try it with Ubuntu, Mac OS X, even HP-UX. Unless you have encryption, ripping out a HD will reveal all of it's details. This is NOT a Vista 'hack', it's a well known security problem within IT, which is why the above measures are implemented within datacentres and why things like Vista's BitLocker is useful on enterprise laptops.
Yes, good examples include OS X: Target disk mode, single-user mode, and the password reset utility. All three could be used to compromise the machine, but they also require physical access to the machine.
Anyone believing that they have a secure system when there is physical access is, quite simply an idiot. I can't think of a single OS that a competent sysadmin can't pwn with physical access.
Anyone wondered why server rooms and datacentres have locks on server, racks, entrances. Plus CCTV, biometrics, mantraps and sometime physical security guards as well.
Feel free to try it with Ubuntu, Mac OS X, even HP-UX. Unless you have encryption, ripping out a HD will reveal all of it's details. This is NOT a Vista 'hack', it's a well known security problem within IT, which is why the above measures are implemented within datacentres and why things like Vista's BitLocker is useful on enterprise laptops.
I agree... but on other systems you notice instantly that your password was reseted and machine compromised...
Ok on osx you have single user mode... but still not so easy as this one
How does a legit user notice this hack? You cant...
You dont even need to reset password as you have SYSTEM access that is even higher than admin
Last edited by CoolBits on 27 May 2008 - 05:46
Anyone believing that they have a secure system when there is physical access is, quite simply an idiot. I can't think of a single OS that a competent sysadmin can't pwn with physical access.
Anyone wondered why server rooms and datacentres have locks on server, racks, entrances. Plus CCTV, biometrics, mantraps and sometime physical security guards as well.
Feel free to try it with Ubuntu, Mac OS X, even HP-UX. Unless you have encryption, ripping out a HD will reveal all of it's details. This is NOT a Vista 'hack', it's a well known security problem within IT, which is why the above measures are implemented within datacentres and why things like Vista's BitLocker is useful on enterprise laptops.
I agree... but on other systems you notice instantly that your password was reseted and machine compromised...
Ok on osx you have single user mode... but still not so easy as this one
How does a legit user notice this hack? You cant...
You dont even need to reset password as you have SYSTEM access that is even higher than admin
With Vista at least you will know your password has been reset too. And SYSTEM in Vista has lower privileges than Administrator (not your normal local admin account), while the reverse in XP is true. This hack of your also did not get pass Bitlocker, which will encrypt partitions while in offline mode.
There's only three reasons that UAC should pop up constantly:
a) You are configuring and setting up your computer for the first time.
b) You are doing alot of tweaks to your system's configuration or adding many programs.
c) You are using poorly-coded software from the Windows XP era that blindly asks for admin rights just to save a file.
If somebody can show me a normal situation where UAC is harassing them, that is NOT in one of the above three scenarios, then I will eat my own words.
I highly doubt anyone can, though. I think people are whining just for the sake of it, and want to jump onto the waahmbulance bandwagon.
Well, you would say that...
So... UAC is doing what it's supposed to be all along. Shocking! Now, what do we tell the people who thought they could do a better job than UAC and turned it off?
Yep, sorry to say, but if you get hit with something you can't blame Vista.
More specifically, regedit can include a tools to check, see and perform a fix of incorrect entries, this will stop almost any rootkit in the market (with the exception of some "file-based" rootkit).
Personally, after a decade in IT I don't trust companies like Amazon and Apple to ship hardware that is virus free. Good thing really as they have both had virally infected devices sent out to consumers. All it takes it for your AV to miss a DAT update and your infected.
You smart enough to risk your entire IT security on your AV manufacturer pumping out correct DAT's in time....? You honestly think that trusted sites like Neowin, Facebook and Reuters vet their adverts so that nothing malicious can be ran through the flash / js advert that your reading? Going to trust your friends not to have a virus on their machine so you can be 100% sure email and IM conversation attachments are all trustworthy?
The professionals keeps UAC on. The ones with it off are simply the ones that trust their 3rd parties and friends to be as IT savvy as you - in otherwords arogant.
There is no way to be sure about anything regarding IT security. You cannot trust any website you visit, any hardware you connect up or any software you install. I personally don't even trust my AV DAT's anymore - they've screwed people's computers up far too many times thanks.
The only thing you can trust is yourself not to make mistakes. The problem is that to use a computer you HAVE to trust 3rd parties to an extent. This includes advertisers, hardware manufacturers and software developers. I don't trust them with root access to my computer - I use UAC.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.