If you disabled UAC

[Brandon Live Veteran]

There's a better compromise between running with UAC or turning it off. You can run with UAC enabled, but have all elevation requests automatically succeed.

More details here.

As I've said before, I run with UAC turned on. I like the extra control over my machine that it gives me.

However, if you're going to turn it off - that way is much better.

[RaisinCain]

I just disabled it & turned off security center. Too much "security" crap. If anyone knows how to properly operate a PC they don't need either one as they know what to download/install & what not to. And also what sites are malicious. All that is needed is a good, up to date AV program (Avast! is free & works very well).

[Brandon Live Veteran]

I just disabled it & turned off security center. Too much "security" crap. If anyone knows how to properly operate a PC they don't need either one as they know what to download/install & what not to. And also what sites are malicious. All that is needed is a good, up to date AV program (Avast! is free & works very well).

That's completely and utterly false.

It doesn't matter how much you know about your PC - any application (like a browser, mail or chat client, etc) may have a vulnerability in it that can be exploited remotely, with no user interaction.

However, if you run those applications with reduced privileges, then so will any code injected into them. Thus why LUA is such a fantastic defense / mitigation against those kinds of attacks.

[Merter]

A nice tip, thanks for sharing it. Sounds like the sort of compromise between security and useability that I can agree with.

[UncleSpellbinder]

Excellent! Thanks a lot for the link. ;)

[RaisinCain]

That's completely and utterly false.

It doesn't matter how much you know about your PC - any application (like a browser, mail or chat client, etc) may have a vulnerability in it that can be exploited remotely, with no user interaction.

However, if you run those applications with reduced privileges, then so will any code injected into them. Thus why LUA is such a fantastic defense / mitigation against those kinds of attacks.

I download & browse the net all of the time & I have NEVER gotten anything that I did not purposely download or install to test. I am behind a hardware firewall (don't run a software one- yep, I also disable Window's firewall. I have since XP). I work in IT, I know how to secure my PC without all the extra crap. Oh... & I don't use IE.

[heavensblade23]

I work in IT, I know how to secure my PC without all the extra crap. Oh... & I don't use IE.

Anyone that does tech support has heard that line before. It's often the partly knowledgable users that end up ****ing things up the worst.

[RaisinCain]

Meaning? I run the Help Desk here. I've been doing this for 17 years. I am quite confident in my abilities.

[Brandon Live Veteran]

Meaning? I run the Help Desk here. I've been doing this for 17 years. I am quite confident in my abilities.

It has positively nothing to do with your abilities. You've never had a problem with your computer's security. Great, neither have I. That doesn't mean you never will. It doesn't matter that you don't use IE - FireFox has had plenty of remote code exploits. And lots of non-browser software has as well. Why disable extra layers of protection and control? Why make yourself more vulnerable?

[RaisinCain]

Because I know how to secure my PC without all the extra crap. BTW, it is a good guide- forgot to mention that. :)

[heavensblade23]

Because I know how to secure my PC without all the extra crap.

You obviously don't if you think a router and installing Avast! is all you need to do to secure your PC.

[andy2004]

brandon why is it in 64bit vista ultimate , when you go to Internet Explorer or Media Player it links to the 32bit versions by default ? i would have thought the 64bit OS would use the 64bit version of IE and WMP by default ?

[Menge]

brandon why is it in 64bit vista ultimate , when you go to Internet Explorer or Media Player it links to the 32bit versions by default ? i would have thought the 64bit OS would use the 64bit version of IE and WMP by default ?

plugin compatibility.

the 64-bit versions aren't and can't be made compatible with the 32-bit plugins. the solution is run the 32-bit version while plugin makers migrate :)

[UncleSpellbinder]

...It's often the partly knowledgable users that end up ****ing things up the worst.

I, too, dislike UAC. Having said that, I find it "necessary". But it should be up to me. If "partly knowledgable users" end up ****ing things up because they chose to do sometiing as silly as keep UAC off, that's on them. But many users (and me to a small extent) don't want Microsoft holding our hands while we do what we do.

And yes, I'm now using the guide posted above. As posted in the link in post #1: "No, it is not nearly as secure as the default setup. Remember, any application requesting elevation will get it without telling you! But it?s better than just running with everything elevated all the time."i> an"...the best way to turn off the annoying UAC, loose a bit of security - but still be secure."i>

[primexx]

I have UAC off right now, but after I install the RTM I'll evaluate the annoyingness and see if it's bearable to leave it on. I actually wish I COULD have UAC turned on, it's just too annoying. If it's still so annoying in the RTM then I'll use the tip above and take the compromise.

[HeartsOfWar]

I download & browse the net all of the time & I have NEVER gotten anything that I did not purposely download or install to test.

Because I know how to secure my PC without all the extra crap. BTW, it is a good guide- forgot to mention that. :)

You aren't perfect and your statements above are BULLSH*T...

Someone like you, a self-proclaimed security know-it-all, is the reason why malware will always find someone to contaminate.

You actually think working in an IT department managing a "help desk" for 17 years means you know everything to know on how to secure your computer so you're 100% malware free 100% of the time? Absolutely not, it just means that you've learned over the years, from others' mistakes and even your own I might add, how not to shoot yourself in the foot on a semi-regular basis.

The nature of being human is the act of making mistakes, and any security analyst will tell you that the best security is to "avoid ignorance"; however, I guess you already knew that... so tell me, if someone like yourself can secure a computer so well, why are you working as a manager for a "help desk"? Don't you know you can make twice or even three times as much money as a security analyst?

[gigapixels Veteran]

I've been working with computers for 10 years. I've never gotten a virus or a piece of spyware, and I work as a technician helping the less-knowledgeable customers of mine do the same.

But, I still have antivirus and antispyware installed. Kaspersky and Spysweeper make an excellent team, and even if I don't need them I have them there just in case. And when I get Vista installed on this machine I'll damn sure have UAC enabled. Computers are constantly evolving, as is malware, and if you think for one second that you're never going to get infected then that makes it all the funnier when you actually do.

But hey, your 17 years of experience makes you completely immune though, right?

[Ironman273]

I find it mildly amuzing that Vista is dogged for being unsecure and when they try to secure it people complain.

[Phalesafe]

As much as I hate UAC I will give it a shot since you try so damn hard to convice people otherwise.

[McDave]

I could not stand UAC being turned on, encountering a popup box from it everytime I tired to do somthing. After haveing a look in the local security policy I also changed it to automaticly elevate, however at login Vista displayed a box alerting me that UAC is switched off and wanted me to change the settings.

Programs would not install/run propperly because I had to click (run as administrator). I can't stand it on and hate the way windows keeps telling you its off.

This very simple solution totaly ignores UAC

1.Turn UAC On.

2. Enable the Administrator account.

3.Use the Administrator account as your login.

This runs everything as Administrator since your loged in as that account, no silly problems with restrictions. If you want to change the account name then go into "local security policy" Local Policy -> Secuirty Options. There is one that says rename the administrator account. Bish bash bosh, all sorted.

[Brandon Live Veteran]

McDave - that's equivalent to running as "root" on a Unix or OS X box. It's just a bad, bad, bad idea. And why bother turning UAC back on if you're just going to use the built-in Administrator account? (which UAC doesn't apply to)

With the change I described in the link above, you can turn off the Security Center alert. And you won't have to do anything special to install programs. You will have to chose "Run as administrator" or set the "Always run as admin" flag on any executables that don't already ask for elevation (via their manifest or because they are detected as installers), if you want them to run with admin privileges. But you won't get any Continue/Cancel prompts.

However, there is absolutely no reason you should be running 99.9% of applications with admin privileges in the first place. Virtually everything that requires it will ask for it automatically.

[xpablo]

I download & browse the net all of the time & I have NEVER gotten anything that I did not purposely download or install to test. I am behind a hardware firewall (don't run a software one- yep, I also disable Window's firewall. I have since XP). I work in IT, I know how to secure my PC without all the extra crap. Oh... & I don't use IE.

Ditto ! , But I also run a software firewall.

I don't need or want UAC, I have it disabled on my Vista system.

[RaisinCain]

You aren't perfect and your statements above are BULLSH*T...

Someone like you, a self-proclaimed security know-it-all, is the reason why malware will always find someone to contaminate.

You actually think working in an IT department managing a "help desk" for 17 years means you know everything to know on how to secure your computer so you're 100% malware free 100% of the time? Absolutely not, it just means that you've learned over the years, from others' mistakes and even your own I might add, how not to shoot yourself in the foot on a semi-regular basis.

The nature of being human is the act of making mistakes, and any security analyst will tell you that the best security is to "avoid ignorance"; however, I guess you already knew that... so tell me, if someone like yourself can secure a computer so well, why are you working as a manager for a "help desk"? Don't you know you can make twice or even three times as much money as a security analyst?

I m not in it for the money. I set mine & my clients's PC's as so. Are you a "security analyst"? Thought not.I just do my job. Your statement is BS. Quit trashing the thread.

[McDave]

"And why bother turning UAC back on if you're just going to use the built-in Administrator account? (which UAC doesn't apply to)"

Well with UAC turned the Security Center does not popup warning messages to enable UAC, these are even displayed in the built-in Administrator account. This makes Secuirty center happy because UAC is enabled and me happy because it does not bother me with pointless messages, Win Win for OS and Me.

For 95% of Vista users I agree leave UAC enabled, however for the more advanced user who finds the idea of UAC intolerable its one way round.

[RaisinCain]

Quit trashing the original thread.