If you disabled UAC

By Brandon Live
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

raskren

Posted
Posted
Because I know how to secure my PC without all the extra crap. BTW, it is a good guide- forgot to mention that. :)

What about a 0-day exploit within something like Windows Live Messenger, Adobe Acrobat reader, or Quicktime that deploys a payload simply by opening a "regular looking" file? Are you prepared to handle those? It doesn't sound like it.

BrandonLive, thanks for the tip. This may be useful during the configuration and installation of a fresh operating system. To cover your ass one step further, you may want to consider a reg file that also un-does the auto approve functionality.

I have UAC turned on but it doesn't switch to the secure desktop on my home PC which is good enough for me!

Link to comment
Share on other sites
Grand Master

primexx

Posted
Posted
What about a 0-day exploit within something like Windows Live Messenger, Adobe Acrobat reader, or Quicktime that deploys a payload simply by opening a "regular looking" file? Are you prepared to handle those? It doesn't sound like it.

BrandonLive, thanks for the tip. This may be useful during the configuration and installation of a fresh operating system. To cover your ass one step further, you may want to consider a reg file that also un-does the auto approve functionality.

I have UAC turned on but it doesn't switch to the secure desktop on my home PC which is good enough for me!

Every setting is in secpol.msc you can just go there and change it around.

Link to comment
Share on other sites
Collaborator

Mark Schieldrop

Posted
Posted

Here's a thought.

Some people want to run with no security other than a hardware firewall. If they make routine backups and keep duplicates, they can limit loss to a short period of time. In a lot of cases, that's no big deal. Reinstalling the OS and apps isn't either.

It's a fair choice to make if you all you want is flat-out unadulterated performance. The key is making those backups.

Link to comment
Share on other sites
Grand Master

primexx

Posted
Posted
I know.

The point was Brandon covering his ass.

I get your point, but just for amusement: how many people who dont know how to change settings in secpol would a) visit Brandon's site, b) know what a registry file is, and c) download and merge it?

Link to comment
Share on other sites
Grand Master

ANova

Posted
Posted
Here's a thought.

Some people want to run with no security other than a hardware firewall. If they make routine backups and keep duplicates, they can limit loss to a short period of time. In a lot of cases, that's no big deal. Reinstalling the OS and apps isn't either.

It's a fair choice to make if you all you want is flat-out unadulterated performance. The key is making those backups.

I'm in this catagory; three years of no AV, software firewall (disabled windows firewall) or IE and I haven't been infected with a single virus, trojan, spyware or malware. All I run is a hardware firewall along with ad-aware and hijackthis for safe measure. That together with a correctly configured computer, minimal startup processes and services and a little common sense means no problems and a fast and responsive computer. I'm still even running SP1. One of my biggest annoyances with Vista after having played with it was all the extra unneeded crap that took control away from me and tried to re-enable itself.

Those who claim it's not possible obviously don't know what they're talking about.

Link to comment
Share on other sites
Collaborator

rtk

Posted
Posted
Those who claim it's not possible obviously don't know what they're talking about.

Support will be ending for SP1 soon, at which point you can not be protected from any discovered remote exploit. I'm just glad you're not on my network, I'd have pulled your plug a long time ago.

Link to comment
Share on other sites
Proficient

stockwiz

Posted
Posted

LOL.. this whole UAC thing is turning into a frenzy here. I've got mine on because I've done more research into it and find the principles of how UAC operates to be sound. That's not to say everyone should keep it on, however. There comes a point when you just end up with redundancy. Say you decide to install NOD32 which in itself has built in spyware protection.. then windows defender is no longer necessary and it can be turned off. You may not even need UAC either if that's the case.

However if you run without an antivirus, it might be smart to keep UAC on. If you know what you're doing, you really don't need either of them at all. I've disabled the security center because I don't need to be babysat... although I'm still using windows firewall. All this could change around as I get bored.. I may try turning off UAC from time to time, uninstalling the antivirus, etc. to see what gives the best combination.

In theory though with UAC you shouldn't need an antivirus at all because no application can actually run unless you tell it to, or am I wrong about this? What about viruses embedded in jpegs?

Link to comment
Share on other sites
Mentor

andy2004

Posted
Posted
plugin compatibility.

the 64-bit versions aren't and can't be made compatible with the 32-bit plugins. the solution is run the 32-bit version while plugin makers migrate :)

I thought thats why it might be, dunno if its me i just find the 64bit IE7 faster than the 32bit IE7

Overall i dont find UAC a hinderance, it only takes a second to approve the action, and say if im doing alot in the background such a listening to WMP and UAC comes up, the music carrys on playing and after you approve the action it just takes you back to what your doing. Really dont see what the fuss is all about ? and i can bet you one of these days it will proove its worth ;)

Link to comment
Share on other sites
Veteran

xpgeek

Posted
Posted
WARNING: Requests for elevation will succeed automatically, so your user works like a full administrator

Yea, I don't really see the point of this. Its the same thing as just having it off.

Link to comment
Share on other sites
Grand Master

Evolution

Posted
Posted
Yea, I don't really see the point of this. Its the same thing as just having it off.

It is definitely not... read his page for details. It may appear that way, but it's a lot safer.

Link to comment
Share on other sites
Grand Master

ANova

Posted
Posted
Support will be ending for SP1 soon, at which point you can not be protected from any discovered remote exploit. I'm just glad you're not on my network, I'd have pulled your plug a long time ago.

Who said I've been keeping up with SP1 updates? The vast majority of remote exploits require specific working conditions and many have to be run at the console or require services or programs I've disabled. All I have to say is the proof is in the pudding; you can go right ahead and continue to keep your computer(s) up to date since that is working for you, but I don't need it.

I'm glad I'm not on your network as well.

Link to comment
Share on other sites
Grand Master

Dashel

Posted
Posted

Brandon, can you clarify by what you mean by:

Filesystem and registry virtualization (ie. the ?sandbox?) will still be enabled for applications running with low privileges.
Link to comment
Share on other sites
Veteran

bobbba

Posted
Posted
I'm in this catagory; three years of no AV, software firewall (disabled windows firewall) or IE and I haven't been infected with a single virus, trojan, spyware or malware. All I run is a hardware firewall along with ad-aware and hijackthis for safe measure. That together with a correctly configured computer, minimal startup processes and services and a little common sense means no problems and a fast and responsive computer. I'm still even running SP1. One of my biggest annoyances with Vista after having played with it was all the extra unneeded crap that took control away from me and tried to re-enable itself.

Those who claim it's not possible obviously don't know what they're talking about.

Stupid argument really, works about as well as:

"I've been riding my motorbike for 25 years without a helmet on and I've been ok. "

Only problem is that if that accident occured you'd be very glad of the protection

Link to comment
Share on other sites
Grand Master

linsook

Posted
Posted
Stupid argument really, works about as well as:

"I've been riding my motorbike for 25 years without a helmet on and I've been ok. "

Only problem is that if that accident occured you'd be very glad of the protection

is he gonna die if he caught a virus?

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.