• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

UAC, it may be annoying,

Recommended Posts

SionicIon    76

UAC and why its important

UAC is a special security feature in Windows Vista. Don't press that continue button yet, always make sure that is the correct publisher and application location. Did you know that you can reach a webpage containing malware and even if you don't make contact with the webpage such as clicking on a clickable area, in the background it is currently installing it. With Windows Vista, no longer that issue! UAC will pause your work and prompt you if you want to continue, if you click cancel, it will return you to your desktop with the webpage powerless of infecting you. Are you creating a new folder in a location protected? UAC can find out! UAC will prompt you, just click continue since your physically doing it. It will then return you and create the folder where you can rename it. Since everything in Windows starts out with a name, it already has a name, which is "New Folder", so technically you are renaming it which is a change so it prompts you if you are changing it, just click continue and your folder is now fully created! Why doesn't it have a "Do not prompt me for this type of operation again" you ask? Well Windows Vista only knows you by your account and if someone remotely gets access to your account and creates a new folder in a location protected or renames all your folders, it won't prompt them because they are on your account where you told UAC to not prompt you. If UAC ever randomly prompts you for a "File Operation", that is a remote user attempting to create a folder in a protected location so if you do not want them doing that, click cancel and UAC will return you to your desktop.

So, what have we learned?

  1. UAC can be helpful when an unwanted remote user recieves access to your PC and attempts to create an unwanted folder, rename a folder, or any type of file operation.
  2. UAC can be helpful when installing programs and when unwanted programs attempt to install automatically.
  3. UAC can be helpful with businesses too when BitLocker is installed and an unwanted remote user attempts to permanently decrypt the volume.
  4. UAC can be helpful with system wide changes and confirmation your making them.
  5. UAC is always helpful and is designed for everybody!

Feel like switching to Mac to get rid of the problems? Better read this comparison first!

Windows:

  1. If you have administrative privilages, complete or any at all authentication is not required.
  2. If you have standard privilages, easy authentication is required, complete authentication is not.
  3. Less operations require confirmation of authentication.

Mac:

  1. Neither you have administrative privilages or standard privilages, complete authentication is required.
  2. You need to click the lock first to be requested authentication or else the administrative options are grayed out.
  3. More operations require confirmation of authentication.

Nicknames:

Complete Authentication - A nickname for authentication that requires both the account name and password.

Easy Authentication - A nickname for authentication that requires you to click your account name and type your password or if not listed you can type the complete authentication.

No Authentication - A nickname for no authentication in which you already have privilages to run the operation, it just needs confirmed with "Continue" or "Cancel".

What needs improved in UAC?

  1. Operations in Windows Explorer such as the File Operation or installing unknown applications do not need a "Do not prompt me for this type of operation again" but known applications that aren't capable of hurting your computer such as Windows Live Onecare should be able to have a "Do not prompt me for this type of operation again" when they are installed or performing an administrative operation.
  2. An "Advanced" option to change the authentication being used when running on an administrative account should be present.

Thats all and it only took me 2 hours to type this! Now love UAC and don't say its annoying!

Edited by techdude6371

Share this post


Link to post
Share on other sites
freak_power    0

That's all nice but it breaks apps such as Ntune by preventing its service to run at startup which i badly need. There are a lot of applications from known and safe publishers broken by UAC. It's not intuitive. It basically stops everything...what it should and what it shouldn't.

Share this post


Link to post
Share on other sites
:: Lyon ::    56

It's too annoying for me.. sorry to disable it! :)

I think it's useful for people who don't know / always get spywares, etc somehow into their system

Share this post


Link to post
Share on other sites
SionicIon    76
What needs improved in UAC?
  1. Operations in Windows Explorer such as the File Operation or installing unknown applications do not need a "Do not prompt me for this type of operation again" but known applications that aren't capable of hurting your computer such as Windows Live Onecare should be able to have a "Do not prompt me for this type of operation again" when they are installed or performing an administrative operation.
  2. An "Advanced" option to change the authentication being used when running on an administrative account should be present.

That's all nice but it breaks apps such as Ntune by preventing its service to run at startup which i badly need. There are a lot of applications from known and safe publishers broken by UAC. It's not intuitive. It basically stops everything...what it should and what it shouldn't.

Thats one of the things I listed that needed to be improved! Once you install it and its known that you will have an option on next logon when UAC prompts you if you want to run it that you want it to always OK it and not prompt you. Thats whats needed but for file operations and unknown publishers or publishers not trusted it shouldn't have that option, anyway maybe Microsoft might find this! :yes:

Share this post


Link to post
Share on other sites
lothodon    2

did you try the latest release, apparently they are trying to fix the uac issues with ntune.

(oops, this was meant to be a reply about ntune above, my screw up)

Share this post


Link to post
Share on other sites
Tantawi    188
It's too annoying for me.. sorry to disable it! :)

I think it's useful for people who don't know / always get spywares, etc somehow into their system

+1

Excellent thread though (Y).

Share this post


Link to post
Share on other sites
BajiRav    2,137
It's too annoying for me.. sorry to disable it! :)

I think it's useful for people who don't know / always get spywares, etc somehow into their system

After your setup was complete, how many times did you see it ? What were you doing ? I am curious.

Share this post


Link to post
Share on other sites
stockwiz    7

I must admit the startup blocker is annoying. I wish I could have UAC but have that turned off.

Share this post


Link to post
Share on other sites
Evolution    16

The problem is that you're trying to run a Windows XP app in Windows Vista :p

Share this post


Link to post
Share on other sites
shihchiun    2
Mac:

1. Neither you have administrative privilages or standard privilages, complete authentication is required.

2. You need to click the lock first to be requested authentication or else the administrative options are grayed out.

3. More operations require confirmation of authentication.

1. Okay.

2. Okay.

3. Where are you getting this from?

Most of what you're saying is true, but OS X is still not as annoying as Vista. Having the screen gray out every single time gets old really quick.

Share this post


Link to post
Share on other sites
+Leddy    0

IMO UAC is so annoying that users will just learn to automatically click Continue and ignore what text there is in that box. Well-intended solution that isn't going to work.

Share this post


Link to post
Share on other sites
CPressland    176

After I finished setting up/installing everything on my PC I only see it once every week or so, hardly annoying

Share this post


Link to post
Share on other sites
notuptome2004    161

welcome to the UAC how many i assist you... click accept to listen to the rest of my welcome message...

i my self love UAC i don't have a problem with it

Share this post


Link to post
Share on other sites
Brandon Live    232

You should never, ever, ever have an elevated application running at start-up. That's why those are blocked. Either update the application (I can't think of any that still do that, Orb used to but they fixed it a while ago), or only run it when you need it.

If something really needs to be running all the time with admin-level access, it should be a service.

IMO UAC is so annoying that users will just learn to automatically click Continue and ignore what text there is in that box. Well-intended solution that isn't going to work.

Actually that's not true. Even if users click Continue to every prompt they see, they can still be saved by UAC. For example, the recent .ANI exploit was foiled by UAC and Protected Mode IE. No consent prompts were ever shown.

Share this post


Link to post
Share on other sites
Mordkanin    225
That's all nice but it breaks apps such as Ntune by preventing its service to run at startup which i badly need. There are a lot of applications from known and safe publishers broken by UAC. It's not intuitive. It basically stops everything...what it should and what it shouldn't.

Services aren't blocked by UAC. I assume you mean some kind of helper app that has to run at startup. Ntune either has to move it over to a service, or rig it to not require admin privledges.

Just because you know your app is from a safe publisher doesn't mean it couldn't ever be tricked into executing malicious code. So having UAC "just let it run" would be a bad idea.

Actually that's not true. Even if users click Continue to every prompt they see, they can still be saved by UAC. For example, the recent .ANI exploit was foiled by UAC and Protected Mode IE. No consent prompts were ever shown.

Indeed. Shutting off UAC kills more than just the consents. Real question: if UAC is off, does that disable file system/registry virtualization? I mean, I think it would, since the apps would be running as Admin, and no longer require that virtualization, but I'm not 100% sure.

Share this post


Link to post
Share on other sites
SionicIon    76
After I finished setting up/installing everything on my PC I only see it once every week or so, hardly annoying

me 2, except for times when im using IIS a lot which requires file operations...

You should never, ever, ever have an elevated application running at start-up. That's why those are blocked. Either update the application (I can't think of any that still do that, Orb used to but they fixed it a while ago), or only run it when you need it.

If something really needs to be running all the time with admin-level access, it should be a service.

Actually that's not true. Even if users click Continue to every prompt they see, they can still be saved by UAC. For example, the recent .ANI exploit was foiled by UAC and Protected Mode IE. No consent prompts were ever shown.

i dont remember that but i think ur saying that its not even compatible with UAC that it says access is denied and the only way to have the thing get a chance to load the bad thing is by running the thing as admin which it will then not be bothered by UAC so it wont prompt nor be denied access but who would do that. anyway that happened to me a few times with a few apps where there not compatible with UAC that they just say an error occured or access is denied.

Services aren't blocked by UAC. I assume you mean some kind of helper app that has to run at startup. Ntune either has to move it over to a service, or rig it to not require admin privledges.

Just because you know your app is from a safe publisher doesn't mean it couldn't ever be tricked into executing malicious code. So having UAC "just let it run" would be a bad idea.

Indeed. Shutting off UAC kills more than just the consents. Real question: if UAC is off, does that disable file system/registry virtualization? I mean, I think it would, since the apps would be running as Admin, and no longer require that virtualization, but I'm not 100% sure.

One thing, when I recommended safe applications able to run and install, I meant that, now if Windows made a new programming language that was the only compatible language, they could revolutionize the way applications work, when using the language in the works of a program, you could test it and when it found a system wide change or something that may be a protected location it needed to access, it would require the developer to put a lock like Macs do so installing the application thats trusted but still could have system wide changes in it wouldn't be bad because everything that needed a system wide change would have a lock by it! I wish they would make something new... I think about it everyday, they use a clutter of apps that should be way more cleaner and efficent but no they have old icons, and stuff, and Microsoft itself has that in system32! They should make Windows 7 really new where no upgrading exists, sorry, but they should, because clutter is taking over and then malware and this is why they need UAC because its a clutter from having old apps from win98 running on ur vista which i doubt but it is possible resulting in bugs... idk, if the world would evolve maybe UAC would be unneeded or at least cleaner..

Share this post


Link to post
Share on other sites
Mordkanin    225
One thing, when I recommended safe applications able to run and install, I meant that, now if Windows made a new programming language that was the only compatible language, they could revolutionize the way applications work, when using the language in the works of a program, you could test it and when it found a system wide change or something that may be a protected location it needed to access, it would require the developer to put a lock like Macs do so installing the application thats trusted but still could have system wide changes in it wouldn't be bad because everything that needed a system wide change would have a lock by it! I wish they would make something new... I think about it everyday, they use a clutter of apps that should be way more cleaner and efficent but no they have old icons, and stuff, and Microsoft itself has that in system32! They should make Windows 7 really new where no upgrading exists, sorry, but they should, because clutter is taking over and then malware and this is why they need UAC because its a clutter from having old apps from win98 running on ur vista which i doubt but it is possible resulting in bugs... idk, if the world would evolve maybe UAC would be unneeded or at least cleaner..

I have no idea what you're talking about. It's really a jumbled mess, sorry.

What I pulled out of it however, I'll respond to.

Trusted == Bad. Just because an application is trusted doesn't mean a vulnerability can't be found in a trusted app that causes it to execute arbitrary code. This is why services typically run at a higher level than the user, but can't interact with the desktop in Vista.

What's wrong with system32? Everything in there has a purpose. Windows does a LOT of stuff, and every system component has a few files in there. Want to connect to a network drive? Call up smb.sys, the network file transfer thing, want to edit your theme settings? Ok, we have themecpl.dll controlling that, etc. Everything has a clear cut purpose.

Share this post


Link to post
Share on other sites
Peter McGrath    0
It's too annoying for me.. sorry to disable it! :)

I think it's useful for people who don't know / always get spywares, etc somehow into their system

Indeed its far too annoying for me too. I don't need Microsoft telling me how to use my computer, and I can't remember the last time I got some spyware on my computer.

When I do get it I have successfully been able to remove it though.

Share this post


Link to post
Share on other sites
Berto    0

I've noticed that too many user accounts in Vista, when making changes to anything that should be left up to the user, get the UAC prompt. Why that is? Beats the hell out of me. I should not be prompted to continue or cancel when I choose to bring up msconfig to make changes to the way my user account starts up.

From recently switching to OS X I've been prompted less on the Mac than when I boot up into Vista and do anything I would normally do on OS X under system preferences. Control panel in Vista has gone ###### up and it's unfortunate. If this is the far reaching vision of the future that so fittingly is the definition of Vista (google it) then the future in Microsoft's world is nothing more than control.

Share this post


Link to post
Share on other sites
Mordkanin    225
I should not be prompted to continue or cancel when I choose to bring up msconfig to make changes to the way my user account starts up.

msconfig is a system-wide configuration tool. I find it rather obvious why such a tool should require 'Administrator' privledges.

Share this post


Link to post
Share on other sites
ramik    3

I installed vista business yesterday, installed all updates, drivers and the essential software i need, but now i have a problem with uac:

once in a while i get the effect of ther uac wants to popup, the screen becomes darker than usual, but i see no alerts or popups.

it stays like this till i reboot.

even logging off and logging on again doesn't fix, because it remains normal till windows finished loading all of its stuff then becomes dark again.

any idea/solution?

ps. already thinking of going back to xp....

Share this post


Link to post
Share on other sites
Wilhelmus    12
I installed vista business yesterday, installed all updates, drivers and the essential software i need, but now i have a problem with uac:

once in a while i get the effect of ther uac wants to popup, the screen becomes darker than usual, but i see no alerts or popups.

it stays like this till i reboot.

even logging off and logging on again doesn't fix, because it remains normal till windows finished loading all of its stuff then becomes dark again.

any idea/solution?

ps. already thinking of going back to xp....

1. Click the Start button.

2. In the search area, type gpedit.msc and press Enter.

( Since you can't see the UAC prompt, try pressing the Left key once and then press Enter key. [This selects the Continue button and should close the prompt] )

3. The Group Policy Object Editor will open, although before that you'll probably need to allow the program to run, so click Allow in the security box that pops up.

4. In the left pane, expand Computer Configuration, Windows Secttings, Security Settings, Local Policies, and click on Security Options.

5. Scroll to the bottom, and double-click on "User Account Control: Switch to the secure desktop when prompting for elevation."

6. Select Disabled, and press OK.

7. Close the Group Policy Object Editor.

Source.

But:

User Account Control Prompts on the Secure Desktop:

If this policy is set to be ?disabled?, the elevation prompt goes back to the User Desktop as it was in the February CTEveryone should note, however, that you will be at risk of exposure from the various attacks I?ve just described should you choose to do this.s.

Share this post


Link to post
Share on other sites
ozgeek    157

Do XP have UAC? No

Did most people have problem with security in XP? No

Remember back in the Windows 98 days, when you use IE you would get "Security Warning" or the like box that asks you to install software. Most people back then would click Yes or OK to get rid of that box, resulting in malicous programs being installed. UAC will become like that. Some malware would pose as legit software and request UAC. Clicking Contiune will become an automated get-rid-of routine.

I personally have UAC disabled, am using AVGFree, the default firewall, and defender and never had any problems. My father is running XP Home with AVG Free, the default firewall and too never encountered any security issues. So IMO UAC is overkill.

Share this post


Link to post
Share on other sites
ramik    3

Sorry, false alarm.

it was the ATI Drivers that changes color settings upon start, same effect as UAC darkening.

anyway, still thinking of XP, i don't care for security because the last time i had a virus or something similar was the nimda virus.

Share this post


Link to post
Share on other sites
TogaForComfort    1
Did most people have problem with security in XP? No

I have to say this statement is wrong.

Imagine you are a User with a basic knowledge of the working of computers (e.g. you know enough to get your daily tasks completed) Security has always been a big issue. UAC is intended to make you think about what you are running. Should I allow this program to run, should it have admin access?

Most people on this forum and most people I deal with on a day-to-day basis have a fairly high competency level, but I would suggest that there are more people in the world that do not have the skills/knowledge to realize that a particular program is installing/running and shouldn't be.

The sheer amount of "Zombie" computers, spouting spam mail and ports scans is a testament to the fact that something was needed.

UAC may not be the best solution but it is a start in the right direction.

That said, I turned it of the second vista had finished installing

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.