The Great UAC Debate!

[ozgeek]

It's pretty frustrating when people like you advise others to disable UAC when you don't even understand how it works, or what it's for.

I understand the frustration but I don't want a security advisor asking me what to do. When I give my computer orders, it is to obey them without questions. For example if I want Word on my screen, I want it on my screen, no questions asked.

UAC will not protect 100% because many people are known to be "trigger" happy and will click Yes to every box they get. This will become very common. I know because you remember the IE security warning dialog boxes? Yeah UAC is like that but systemwide. I remember many computers was ridden with spyware and viruses becuse people click Yes to all Security Warning dialogs that disguse the real purpose (to install spyware and viruses disgused as addons or updates).

It's user common sense that play a large role in protecting the computer system from threats.

[Linkinfamous]

I understand the frustration but I don't want a security advisor asking me what to do. When I give my computer orders, it is to obey them without questions. For example if I want Word on my screen, I want it on my screen, no questions asked.

UAC will not protect 100% because many people are known to be "trigger" happy and will click Yes to every box they get. This will become very common. I know because you remember the IE security warning dialog boxes? Yeah UAC is like that but systemwide. I remember many computers was ridden with spyware and viruses becuse people click Yes to all Security Warning dialogs that disguse the real purpose (to install spyware and viruses disgused as addons or updates).

It's user common sense that play a large role in protecting the computer system from threats.

Sigh.

UAC can protect you without showing you a single prompt. In fact, that's actually when it's protecting you.

Let's say you launch Word. It is never going to launch itself with Administrative privileges, so it will always be running without access to any element of your filesystem that requires "Administrator" access. Let's say you got an email from a friend, but unbeknownst to you, a crafty little bit of malformed data managed to slip into that document, allowing for arbitrary code execution. Because Word does not have Administrative access to your PC, the amount of damage it can do it very limitted compared to if you had UAC turned off.

Or let's say it's some 0-day exploit in Firefox's JPEG image handler, and you're browsing neowin. The exact same thing as the Word scenario I posed above can happen.

Or even better, let's say you're using IE7. Because the IE process runs with a Low IL, it can't even touch your documents, put a file on your desktop, drop a link in your user startup folder. It just can't do it because the IE process has virtually no real access to your computer. It only can write to the LocalLow folder, where your temporary internet files folder is, and that's going to generally be useless for any exploit's purposes.

UAC is not about second guessing what you're trying to do. What it will do, however, is prevent the machine from automatically allowing a process to spawn another process with greater access to the machine than the original process had. It's simply a tool for controlling how much access to your machine a given process gets when it's launched.

Want a real world example? The ANI exploit was stopped in it's tracks by UAC in many cases.

And that's not even all that UAC does. It also allows for virtualization of the filesystem and registry, to help legacy apps work, and further protect the system by on occasion tricking apps into believing they successfully made changes to areas of the system that they did not have access to, but in actuality storing those changes to an area that only these apps can see.

Edited January 19, 2008 by MioTheGreat

[roadgeek9]

Here is what I think about UAC...

In Vista, when I am doing a fresh, clean install of Vista, I will disable UAC so I can go on installing all my software. Afterwards, I will then turn on UAC for security reasons, and security reasons only.

[jimbo11883]

There's only one reason why I have to turn off UAC, and that is fact that all of the software I develop requires admin permissions, so they bring up a UAC dialog.

- InfoBar freezes without admin permissions due to the possibility that one of it's modules cannot function without them.

- NeoCleaner obviously needs admin privs because it searches for, and deletes, files anywhere on any hard drive that meet certain criteria.

The one thing I really, really, really wish was implemented was a way to check a box and say "Run this application every time with admin privileges." That way apps will run at startup and when I manually start them, without UAC prompts. I think it would be a feature that would make people that turn UAC off happy.

[aristofeles]

Everywhere here I see people saying that UAC is "great", there is "no reason" to turn it off. Personally I would never use it, but I leave this on for my brother. He always agree with anything that comes up, so there is no point anyway. I guess his antivirus keep he save, so - again - there is no point to UAC.

Has you ever been saved by it? Ever saw the confirmation dialog when you wasn't expecting and actually clicked "cancel"?

[Lee G. Veteran]

No. I used it for about a day before I switched it off. There have been no occasions where I've wished I had it turned on.

[ßéár]

I always disable

[Raa]

Definate disable here, on all pcs that use Vista. (They eventually got the XP tho)

[theyarecomingforyou]

No. The information given for some installers is just cryptic and doesn't reflect what the program is, meaning that I often have to allow it even if I'm unsure of the application. That means I could be accepting some random installer that is piggybacking off another application. I like the idea but it becomes so common you don't even look at what is says.

Having said that I haven't disabled it at the moment. I might do at a later stage.

[Mothium]

UAC isn't something you "use", but it is useful - it protects you from doing stupid things, EVERYONE does stupid things no matter how "1337" you are. Just like my firewall, i never "use" it, buts still useful.

[deactivated01032015]

well, since I know what am I doing at the computer and haven't got any viruses, spyware,... issues in the past with XP, UAC was turned off for the time that I tested Vista.

[Pupik]

Got it disabled, since day one. I always know what I install and how it should behave.

[nonick]

Disabled since day 1, I don't even run firewall or anti virus or anti spyware. Monthly checks with online scanners prove my superiority everyday :p

[+DKAngel Subscriber²]

i barely notice it there so ive left it on =] and im quiet happy with it being on =]

[jwjw1]

UAC is about as useful as **** on a pump handle

but some people really need this when their mommy and daddy isn't around to ask them if they really 'want to do something'

Edited January 19, 2008 by Frank
let the word filter do it's job.

[Linkinfamous]

Here is what I think about UAC...

In Vista, when I am doing a fresh, clean install of Vista, I will disable UAC so I can go on installing all my software. Afterwards, I will then turn on UAC for security reasons, and security reasons only.

Here's a little tip: you can try executing your installers from an elevated command prompt window, so you don't actually have to turn it off.

[Linkinfamous]

UAC is about as useful as **** on a pump handle

but some people really need this when their mommy and daddy isn't around to ask them if they really 'want to do something'

:wacko:

That's not at all why we have UAC, and it's really terrible to post that kind of stuff, since it's flat out wrong, and people who don't know any better actually come here for advice.

You're at the 'just enough knowledge to be dangerous' level, I believe. You understand how to turn UAC off, and since you don't understand its purpose, you're going to go ahead and do it, because you don't know any better.

Here's why what you just said about hand holding is flat out wrong:

https://www.neowin.net/forum/index.php?show...amp;p=589146941

Edited January 19, 2008 by Frank

[ViperAFK]

:wacko:

That's not at all why we have UAC, and it's really terrible to post that kind of stuff, since it's flat out wrong, and people who don't know any better actually come here for advice.

You're at the 'just enough knowledge to be dangerous' level, I believe. You understand how to turn UAC off, and since you don't understand its purpose, you're going to go ahead and do it, because you don't know any better.

Here's why what you just said about hand holding is flat out wrong:

https://www.neowin.net/forum/index.php?show...amp;p=589146941

QFT.

UAC doesn't come up very often after the initial installing of software on a fresh install anyway. I have had no problems with it.

[UAC]

I love UAC

UAC is the best Vista's feature because it allows all users to run with fewer privileges and elevating only when needed.

[Titoist]

Mine is on and it is useful... especially when visiting pron sites :p. I would be browsing a site and UAC would randomly come on asking if this program can be installed. Its obvious that its spyware/worm/virus therefore I cancel.

[s.L.m]

it is a very nice feature ... but with my PC it's off because some old game can't run with it ^^; ... full screen issues ... but I really like the UAC and I plan to turn it on again :)

but for my family's PCs ... it is a MUST :) ... really saved me from a lot of pain :) ...

[0sit0]

I thought we weren't supposed to make any more topics on UAC? There's a pinned topic where you are supposed to discuss all about this.

[FATILA]

Have I ever been saved by UAC? Well frankly if I had, I might not even know about it.

[Brian M. Veteran]

Threads Merged

I've also merged the results from the second poll, and added another question (hence why they have different numbers - merging the thread doesn't keep poll data).

[soldier1st]

i have mine on,if the prompts bother me i use tweakuac to keep it on while having the prompts off,uac is really useful as it helps to protect ie even if you dont use it now thats what i call real immunization.