Neowin.net

It does prompt, turn it up to max and it will. Turn it to a lower setting and it won't, the choice is yours.

UAC is not useless, users bitching and moaning about it and wanting it gone or less effective are the useless ones.

Let me check. Nope, I never said it was usless. Allowing something to poke around in the registry and turn stuff off is not a good idea. The registry setting that controls UAC should be at a higher protection level.

I didn't say you said it was useless, the article states that at the end.

And I don't think it changes the registry, in this case it's faking user input to change it through the control panel. I could be wrong but the registry should still be covered the same was it is in vista since users don't normaly go poking around and changing things in there.

Personally,
I not only think it's useless and stupid, it's a MAJOR PITA!!

Have to give MS credit though. They've helped me make several hundred dollars by other people trying to disable it and not knowing what they're doing, and then me fixing their stuff.

How is it useless and stupid when it's no different than what unix/linux and even OSX use?

I don't get this double standard that's set.

Allow me to repeat what you're saying.

exactly. apparently its annoying and useless to click a button but on linux and osx its ok to type a long password everytime you want to do something.

So true...

Well the point is... Totally different user groups using each product.

Your typical windows user (as we know) is an idiot and cant be trusted with ****. On the other hand, your typical linux user an uber geek and some what with OS X.

So yeah you think the security would be the other way around. Or not! Geeks care more about security!!

i agree with you mate

Action Center does notify the user that UAC is turned off

Well there you go, you DO get told UAC is off, if it tells you this right when the change happens you should be able to figure out something is wrong.

Also, as it is stated by MS, for this to work something else has already gotten into your system. UAC isn't useless at all, saying so is stupid. IF something already got into your system, then on any OS not just Win7 or Vista, it'll then find a way to do something else.

The key here is to stop the initial breach, if users can't stop that then anything else isn't going to help much.

And what happens in the default quiet state of UAC when something pokes in to the registry and turn it and action center off?

UAC is [or "should have been" in this case] a PRO ACTIVE counter measure for security risks BEFORE IT HAPPENS. If you are able to easily turn it off, even you are notified by Action Center LATER ON, the whole purpose of PRO-ACTIVE protection becomes obsolete.

So this is why UAC is useless right now...

Say you don't easily turn it off, so what? Users will then just run as Admin or in the case of *nix, as root to get past the "annoying pop-ups."

UAC is pro-active unless you make it not be by setting it low or off. The fact you even have the choice in Win7 compared to Vista is because USERS ASKED FOR IT.

Yet people moan that MS doesn't listen to them. We'll here is a case in point where they have.

+1

+1000000000000000000000

On top of that excellent point I would like to say they also have this little thing called windows defender and avg is free. I mean I know avg isn't a Microsoft product but when there is a free solution to a common problem usually people don't complain about it but for some reason they jump all over Microsoft. I think Microsoft deserves are respect. They have managed to keep people paying for a piece of software with a better free alternative.

+11234057892345790

LOL.

This would be fixed if MS simply put a single warning on changing UAC permission levels. Something that should be blatantly obvious since it's a SECURITY feature. That wouldn't change the overall "feel" of Windows 7's reduced nagging. It would only be a single more dialog box in the specific case of changing UAC settings, which a user normally never do.

But Microsoft doesn't want to, because they're idiots.

I think they should have either removed it entirely (as it stands, it really is a false sense of security) or made it a true security boundary.

+100

This is the default level in Windows 7. Can you see the potential for ugly malware now?

Why would you be clicking on it every 10 minutes? Do you sit there and install/uninstall or move files around every minute?

Now if you want it off, that's your choice, more power to you, but if you get bit in the but later don't turn around and moan that Windows isn't secure when you turn off one of the security features yourself.

I agree with this. It's like saying your anti-virus software is useless after you've turned it off.

It should only prompt you when you run the program, not every time it runs its check.

Why don't you just use something like teatimer that comes with spybot, that just tells you when a registry setting has been changed instead of checking every 10 minutes whether you've been using the computer or not?

the registry tracer is on otomatic, it just checks every x minutes (Regrun Platinum) Vista lets it pass without problem, win 7 puts op an UAC box even when on medium setting.

Wait, you paid for that software? Yipes..

What does the UAC box say under Win7? That something is poking around and looking at your registry? If that's the case then isn't it a good thing really? Wouldn't that mean UAC is checking the registry itself?

It warns that an application needs elevation. Just the regular. And as i said before, with Vista it passes without elevation prompt.

Well that's still good though, because it means something is trying to run that needs admin rights, and if you're going to scan the registry of all things you should at least get something like that. If the app ran under Vista without that sorta prompting then they'll have to update it for Win7.

It just sounds like it's doing something that is different for Win7 compared to Vista.

A 'registry tracer' would be utterly useless against a rootkit. A rootkit hides itself from the registry at the kernel level.

You shouldn't be getting prompted after you're done setting up your PC, only when you're installing/uninstalling would you get a prompt again.

Few people go in and tinker with their system settings every day.

As a developer I get prompted several times a day, but that is to be expected . I agree a normal user should almost never see an UAC prompt (except to break out of IE protected mode when opening a pdf or something like that) even on highest settings.

Is that due to the developer tools you use needed admin rights?

And do they actually need them? I take it a few will if they do low-level stuff, but like you said, that's expected.

The same would happen under any other OS with their own version of UAC, unless you ran as root/admin.

Amen to that

If you want better security, use the "high" option in the UAC settings. That's why it is there.

Microsoft would have to do this for everything which can UAC can elevate silently, as anything that can write to the UAC registry keys (ie: anything elevated) can make any changes it wants. It's a lot of work for little benefit.

There are already multiple prompts and warnings when running anything downloaded from the Internet - one more isn't going to stop people who are determined to install something. Really, the virtualization for low-rights users and IE Protected Mode are the only useful parts of UAC. I'd love to see it taken one step farther and have "Continue, Cancel, Virtualize" in the UAC dialog (essentially an integrated Sandboxie), but I can see that confusing a *ton* of people.

Exactly, MS has left us with a "choice". No fault to MS if we don't exercise that choice. In my daily work, mainly using Word and some translation related programs I get few if any UAC prompts (at high).

They know how to fix it, use Vista's UAC. Oh wait, everyone told them not to do that...

See?

You're absolutely right and that's the point - they're in a kind of dramatic situation

Everybody says Windows should offer more options, so now it does. You can have the option to have UAC be a major hurdle for medium -> high IL elevations if that's what you want.

The thing is, malware running even with standard user privileges is plenty bad. It can still add itself to run at start-up (for that user), and can still read / write / delete data in any locations that user can access.

So the most important boundary is the Low IL -> Medium IL one, used by IE in Protected Mode and some other processes, which is still protected just as much as in Vista (or moreso) in this default state.

I don't see how. All it would require is a single prompt added whenever changing UAC settings. That doesn't mean making it exactly like Vista UAC in all cases.

That wouldn't really achieve anything. In anything less than the "high" UAC setting, any medium IL app can trivially elevate itself to high IL.

The lower settings largely exist to keep IE's protected mode and other Low IL isolation mechanisms in place, while being more "user friendly." They also still run most applications with reduced privileges, so code injection into those processes (like, say, Outlook or Firefo has to at least go through some additional hoops to make system-wide changes.

But yeah, if this mode were as secure as the "high" mode there wouldn't be a "high" mode.

No, I don't see. They could retain the standard Windows 7 UAC setting here, just apply an extra nag for changing the UAC level. Nothing more, and still faaar less nags than in Vista. Most user wouldn't even notice the difference, because people generally don't meddle with the UAC setting.

See?

If the slider is at anything but the top, then protecting the UAC slider itself is currently impossible.

Then it should be made possible, or at least, when a UAC change is registered, a prompt should be displayed.

I agree. The registry setting for UAC, as well as the run keys and winlogon should have higher protections. If those are accessed for any reason, either thru changing them at UI level, or directly poking around in the registry, there should be some alert that they are being changed.

That's exactly what people here (at least the intelligent ones who aren't Microsoft apologists) are asking for, but so far Microsoft is refusing to do that.

That would offer no protection at all from medium IL processes that wanted to circumvent the elevation dialog.

Circumvent the elevation dialog? Are you saying applications can already elevate themselves without prompting? Then what use is UAC to begin with?

See my post above. It provides a mechanism for running processes in the "low" integrity level, such as Protected Mode IE and others. The is a HUGE security benefit.

It's really quite simple. If you are concerned about the boundary between medium IL (normal apps) and high IL (admin apps), which is arguably of small benefit especially on single-user systems, then use the "high" UAC setting. That's what it's there for.

The "Secure Desktop" mode which is in Vista can't be fooled, so no app can change the UAC because no app can gain mouse or keyboard access or any other sort of access to any input device in the secure desktop mode, that was why MS did it, and in my post I said "the secure desktop mode shows" to prompt user of he want to change the UAC behavior.

It wouldn't matter. Please read above. The settings below "high" allow Medium IL applications to gain admin privileges *without* any prompt at all. So if a malicious app can turn off UAC in this way, it doesn't matter, they can already own your system a dozen other ways. That's simply the nature of those modes. They keep Low IL processes insulated, but if you want to protect the boundary between Medium IL (normal apps) and High IL (admin apps) you use the "high" setting.

MS being idiotic in this instance? yes.

worth trolling? no.

+1

Your Windows install is hosed if you're being prompted for anything from the desktop. It's not a protected location.

Wow, talk about being uninformed.

1. UAC doesn't ask you multiple times to do one thing.
2. Desktop is not a protected location, so UAC prompts from there are impossible.

Get your facts straight, computergeek. Your username doesn't suit you since you know nothing about them.

It sounds like you're also uninformed. You can get a UAC prompt deleting something from your desktop. Your visible desktop is actually two folders merged into one. The All Users desktop (at C:Documents and SettingsAll UsersDesktop or C:UsersPublicDesktop) and your own personal desktop (C:Documents and Settings\Desktop or C:Users\Desktop). If you try to delete something from *your* desktop you don't get prompted. If you try to delete something from the *all users* desktop which is a *system wide* desktop you will get prompted since it will affect all users on the machine.

did you accidentally forget to update the early beta you installed?

must be tough for you.



well, he did say "his" desktop. If he's a computer geek, then surely he'd get the concept of the merged desktops that you explained (correctly & succinctly to your credit).

The public desktop folder is also not a protected folder.

The "obvious and simple fix" wouldn't have a goal of telling such a difference. It would merely prompt on UAC changes. Sounds simple to me.

No, it actually IS a simple fix; in Windows Vista, launching any process gives the developer the opportunity to ask for permission elevation. The reason Microsoft doesn't do this is not due to difficulty, but because of a mismatch in their odd Windows 7 design docs.

I think if your gonna do that you might as well just shut it off. Yes it is FAR less annoying, but the virus/malware will now be able to just click through or tamper with the dialogue box now anyways. Whats the point then?

Of course it's a security boundary!! It's designed to improve the security of Windows itself by limiting application software to standard user privileges. What exactly is it if it's not for security? Those links you have provided all describe the security benefits of it so maybe epic failure on your behalf my friend.

I love it when people talk trash about my replies without even reading the articles I link to.

And I love it even more when those same people don't have a clue about the technology involved.

And I very much love it when people like yourself spread this FUD knowing full well they don't have a clue. Even more when they write for a site as big as neowin!

You really should read http://blogs.msdn.com/crispincowan/archive...-floor-wax.aspx again.

I quote:

"Clearly, all security boundaries are security features, but not all security features are security boundaries."

"Security Boundary: this is a special term to Microsoft. It means that if someone discloses a way to violate a Microsoft-defined security boundary, that Microsoft will release a security patch as soon as possible, so that the method to violate the boundary no longer works against patched systems."

From Mark I quote:

"It should be clear then, that neither UAC elevations nor Protected Mode IE define new Windows security boundaries.

Microsoft has been communicating this but I want to make sure that the point is clearly heard. Further, as Jim Allchin pointed out in his blog post Security Features vs Convenience, Vista makes tradeoffs between security and convenience, and both UAC and Protected Mode IE have design choices that required paths to be opened in the IL wall for application compatibility and ease of use."

I quote again:

"Because elevations and ILs don’t define a security boundary, potential avenues of attack , regardless of ease or scope, are not security bugs."

So again Sir, I say to you, that this article is total BS and needs to be redacted! Seems you need an editor!! Damn I love the media, always ****ing it up for the little guy!!

At the very least, the last "paragraph" should be removed and neowin and yourself should offer both Microsoft and all Neowin visitors an apology for blowing this way out of context and for misleading your users..

Last edited by war on 01 Feb 2009 - 04:30

That would accomplish nothing, and totally misses the point.

The current settings are fine. If you want to protect the normal -> admin boundary, use the "high" setting. That's what it is there for.