• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Archived

This topic is now archived and is closed to further replies.

Do You UAC?

Do You UAC?  

462 members have voted

You do not have permission to vote in this poll, or see the poll results. Please sign in or register to vote in this poll.

Recommended Posts

Evolution    16

Programs will have to adapt. Many programs have been created by finding exploits or vulnerabilities and taking advantage of them. Programs like AutoIT will simply have to find a better way to program the app if they want it to live on in Vista.

One of the most exciting parts of Vista is the major shift in the software ecology... Microsoft is getting companies to actually produce decent software for a change.

Share this post


Link to post
Share on other sites
franzon    7
Programs like AutoIT will simply have to find a better way to program the app if they want it to live on in Vista.

DON'T SAY STUPIDITIES!

UAC window is physically isolated by Secure Desktop and so a program can't interact with it (only the user is able to click and move the mouse on that UAC window; programs can't send window messages to it and any process that wants to send a message to a high privilege process must get itself elevated to the higher privilege context, via UAC).

If a program will be able to interact with it, then this is a flaw, then this will be fixed.

UAC implementation is better and safer than all other OS's.

Share this post


Link to post
Share on other sites
Evolution    16

hmmm well I was thinking that remote desktop could pass the UAC prompts.... but I guess it can't.

Share this post


Link to post
Share on other sites
Nightkrawler    7

I think its just a very bad attempt to improve security.

Think of the old Internet explorer security questions "do you want to trust.... Yes/No?"

The typical user (not the users here i hope) are not interested and just want to go on surfing on the "free porn site" or installing "this really nice screensaver that came per email".

So what does he do? He clicks on OK/Yes knowing that it starts - the user learned before that some things only work by clicking there.

Share this post


Link to post
Share on other sites
TheNay    1

Disabled from day one, and if I get infected my issue, however I'm smart about my actions and not a moron clicking and opening exe's that say Paris_nude_photo in an e-mail I get :p

Share this post


Link to post
Share on other sites
Brandon Live    232
Disabled from day one, and if I get infected my issue, however I'm smart about my actions and not a moron clicking and opening exe's that say Paris_nude_photo in an e-mail I get :p

That is absolutely 100% not what UAC is for.

UAC is there so that when someone finds a remotely exploitable flaw in IE, Firefox, AIM, Trillian, uTorrent, or whatever else... it can do a lot less harm because it is running with a low privilege level.

That's why the argument that "users will just click Continue so UAC is useless" makes no sense. When UAC is working properly, usually the user won't see a prompt and have to decide between Continue and Cancel. If, for example, AOL/IM were compromised and you were attacked via an exploit in their code, the application would already be running with reduced privileges, so the attack would likely fail (or have a greatly minimized impact) and you wouldn't see anything at all.

If the exploit allowed (and in many cases, it wouldn't), and the exploiter was targetting UAC-enabled machines, they could theoretically try to spawn a process on your machine with elevated privileges, which would present the dialog. However, you would see an indication completely out of the blue that AOL Instant Messenger was trying to start some random (probably unsigned) application with elevated privileges, and hopefully be smart enough to say no.

Share this post


Link to post
Share on other sites
freak_power    0
That is absolutely 100% not what UAC is for.

UAC is there so that when someone finds a remotely exploitable flaw in IE, Firefox, AIM, Trillian, uTorrent, or whatever else... it can do a lot less harm because it is running with a low privilege level.

That's why the argument that "users will just click Continue so UAC is useless" makes no sense. When UAC is working properly, usually the user won't see a prompt and have to decide between Continue and Cancel. If, for example, AOL/IM were compromised and you were attacked via an exploit in their code, the application would already be running with reduced privileges, so the attack would likely fail (or have a greatly minimized impact) and you wouldn't see anything at all.

If the exploit allowed (and in many cases, it wouldn't), and the exploiter was targetting UAC-enabled machines, they could theoretically try to spawn a process on your machine with elevated privileges, which would present the dialog. However, you would see an indication completely out of the blue that AOL Instant Messenger was trying to start some random (probably unsigned) application with elevated privileges, and hopefully be smart enough to say no.

I guess i can appreciate it when i fix computers for friends or family...i will less deal with spywares, viruses etc...

UAC -> for average Joe good thing

-> for people like me annoying

It's amazing how many people surf the porn sites :laugh:

Share this post


Link to post
Share on other sites
McSmiggins    0
I find that the so called -power users- will turn it off, but the more advanced users will keep it on.

And that right there, is hitting the nail on the head, even though it's not going to be a popular opinion. Go find a Linux sys admin and tell them you run as root all the time and see how long it takes before they laugh in your face. UAC is the long needed and finally delivered improvement on the permissions implementation of XP , and it works well, although I'm completely with everyone else on Secure Desktop, too slow, too painful.

Share this post


Link to post
Share on other sites
raskren    0
Here is the list of things i disabled on my Windows Business Edition:

Automatic Defragmentation - I do manually

Windows Firewall - I use hardware firewall/router

Removed PC Tablet Components - Don't need it

Error Reporting Service - Useless

Windows Update - I do manually

Security Center - Don't need it

Windows Defender - annoying - I run AVG antivirus only

Windows Media Network Sharing - I don't plan to do it

Offline Explorer (OMG by default is set to use 24% of hard drive) - Useless

System Restore - Crap...Windows Backup is just fine...I did a full backup of fresh install

Windows Search and Indexing - Useless

UAC - Annoying

Sidebar - Fun, get's boring

Windows Fax and Scan removed - Don't need it

ReadyBoost - useless

Windows Aero - disabled - Switched to classic view (Win 95 look and feel)

Now system is pretty much Windows 2000 with DX10.0 in it...what i actually need it :)

I wish Microsoft saved me of this work, because they could make an optional to install or not the described components above....during Windows Setup.

Nobody cares. This thread is about UAC. You're only proving how completely ignorant of Vista you are.

Share this post


Link to post
Share on other sites
melted98    17

Good idea for newbies or the ppl scared of virus's are things, but for ppl that have use there pcs for a long time and know what they are doing its a waste of time

Share this post


Link to post
Share on other sites
stockwiz    7
I think its just a very bad attempt to improve security.

Think of the old Internet explorer security questions "do you want to trust.... Yes/No?"

The typical user (not the users here i hope) are not interested and just want to go on surfing on the "free porn site" or installing "this really nice screensaver that came per email".

So what does he do? He clicks on OK/Yes knowing that it starts - the user learned before that some things only work by clicking there.

well in the end there's nothing you can do to help a person like that outside of turning the internet into some sort of communist overregulated system designed to take away the freedoms of all the responsable users in exchange for protecting the idiots that do that kind of stuff.

It's a sort of compromise.. you'll never protect everyone without sacrificing all freedom. People have to be able to install applications on their system and to do that they need some sort of interaction with the operating system. Any sort of interaction is prone to risk... it's up to the user to manage that risk to a degree, or don't use a computer.

I've read enough information on this thread that I may be convinced to turn it back on, after I've installed and configured my system to my liking. By turning off the "secure desktop" feature it should still serve the intended purpose.

Share this post


Link to post
Share on other sites
Gibwar    0
I've read enough information on this thread that I may be convinced to turn it back on, after I've installed and configured my system to my liking. By turning off the "secure desktop" feature it should still serve the intended purpose.

Just so you know, if you turn off the "Secure Desktop" that means that any program can send it window messages, programs like AutoIt (awesome automation language) can move the mouse and click it for you - or even better can just tell that button that it was pressed, completely taking control out of your hands.

For the record though, I do use UAC - and one step further, I run as a limited domain account and am required to type in a username/password. It is slightly annoying during initial setup, but I hardly ever get a prompt anymore.

Share this post


Link to post
Share on other sites
Fabian-    0

Disabled from day one, annoys the hell out of me :p

Share this post


Link to post
Share on other sites
franzon    7
Secure Desktop, too slow

Secure Desktop transition is a bit slow with Aero disabled i.e. with Basic Interface.

If you have a graphics card which supports Aero and so the new desktop composition is enabled, then the Secure Desktop transition is very very fast (almost instantaneous)! I obseved it when I bought a new DX9 graphics card in order to enable aero (I spent about 50$ for it and now I've Aero enabled and all Windows Vista GUI is amazing fast and without lacks).

Share this post


Link to post
Share on other sites
b0m8er    3

I do use UAC - security features were put there for a reason, and it makes no sense to turn them off.

Share this post


Link to post
Share on other sites
Ames    2

I turned it off because although the concept of UAC is very good (and has sucessfully been used on other OS's), Microsofts implementation has some issues that really annoy me.

For example, if I create a new folder in a secure location, I have to elevate once to create the folder and then again to name it. Thats just stupid and pointless (although I understand the technical reasons that it works this way)

Personally I think an administrator should have a elevate button that elevates the entire session, so they can elevate, do some stuff, and then drop back down to standard user permissions.

Share this post


Link to post
Share on other sites
kl33per    0

I cannot believe the total lack of understanding in this thread. How anyone even finds UAC annoying is beyond me. Most days you won't see a single UAC prompt. You only see it when changing system settings, adding/removing applications, or malicious progrmas attempt to get themselves elavated. The numerous posts by Brandon throughtout the thread have clearly illustrated why UAC should be enable (although I think Brandon should have Secure Desktop enabled). People who disable UAC are a dangerous class of computer user; they're technical enough to disable UAC, but clearly not technical enough to understand the ramifications of doing so.

Share this post


Link to post
Share on other sites
mosi    0

On a server PC which isnt going to have lots of stuff done on it like installing apps and stuff once its all set up then I think it'll be ok (but I'll still probably disable it because it annoys me all the time anyway) For my home desktop pc and laptop I have disabled it becuase it seriously annoys the hell outa me.

I cannot believe the total lack of understanding in this thread. How anyone even finds UAC annoying is beyond me. Most days you won't see a single UAC prompt. You only see it when changing system settings, adding/removing applications.

All of the above are things I do on a regular basis so I get the annoying UAC thing a lot!

Share this post


Link to post
Share on other sites
C Ronnie    0

I had it for a few days :rolleyes:

Soon got annoyed and turned it off though.

Share this post


Link to post
Share on other sites
Smigit    7

well i dont have Vista yet but I'll likely use it I'd say.

Share this post


Link to post
Share on other sites
Maximum Error    2

Have been using it ever since i started using vista....... the windows developers were right - once you have your PC set up as you want it you really never see a UAC pop_up and on the odd occasion i do it is good to know that the computer needs my permission to do something that could harm itself. (XP would just drive straight in there n shoot itself in the head)

Share this post


Link to post
Share on other sites
+Ely    208

Once your machine is set up correctly with all programs installed you rarely see a UAC prompt, in my opinion its one of the best changes in Windows, it will surely save many people from spyware and maleware, it is totally stupid to turn it off in my opinion, usually people who turn it off are just too impatient and don't really understand the concept or don't understand that it's only on the first few days of using Windows that it will keep popping up.

Share this post


Link to post
Share on other sites
Kushan    27

I installed vista and on the first boot, went to install all the drivers that needed updating (Graphics, TV card, etc.) and after about 5mins of this, I disabled UAC as well so when I restarted, it didn't bother me any more. Now it just gives me a popup to annoy me instead.

Share this post


Link to post
Share on other sites
StevenNT    11

Considering I know exactly what I?m doing I disable it. Having it ask me do I really want to open the MMC snap-ins is rather patronising since I?m a Network and IT Tech.

I can see where it would be useful and that is for Joe User but not someone like me.

Share this post


Link to post
Share on other sites
stockwiz    7

I think the biggest thing UAC needs is the option to "remember" which applications I want to allow run similar to what good firewalls with application controls do. Same thing goes with UAC's startup blocker that I'd rather just disable.. let it remember what apps I want to start so there's no prompting.

The least they could do is fix it so their own "MSCONFIG" utility will run at startup. :)

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.