Disabling UAC

[drumthrasher109]

Since ever app that I run that isn't in \Program Files OR \Windows isn't working, a 'The Directory Name is Invalid' error pops up every time I run them as admin, including some of my games and it really ****ing me off.

I made a thread at several forums, nobody knows anything.

You think that since Microsoft made Vista then they should tell me what ever error means and how to fix it.

So, I noticed that turning UAC off makes everything work, but i'm vulnerable to spyware and other stuff installing by itself.

What are ALL the disadvantages of turning it off?

[Tantawi]

What are ALL the disadvantages of turning it off?

NOTHING, IF and only IF, you're not a n00b and know how to keep you computer secure and don't visit/install crap sites/software, or let other users mess with your PC.

If you never got a spyware/crap on a Windows XP environment before, chances that you wont get on Vista too with UAC turned off.

[drumthrasher109]

Yeah, in XP I only got spyware junk ONLY IF I used Internet Explorer, but with Opera I guess it blocks that stuff.

Now does turning it off effect the other accounts too?

I'm usually the only one who uses my computer, sometimes my mom does, but she does banking stuff and stuff.

[Brian M. Veteran]

If you know how to protect yourself, you have no need for UAC. It only gets in the way.

If however you don't know the difference between "my_document.doc" and "my_document.doc.exe", use UAC. (that's just a guide, obviously ;) )

[drumthrasher109]

Yeah that ones easy.

Cool i'll guess I don't need it then, except for apps that I run w/out admin, I may have to change some settings.

[Mordkanin]

NOTHING, IF and only IF, you're not a n00b and know how to keep you computer secure and don't visit/install crap sites/software, or let other users mess with your PC.

That just proves that you don't understand at all the purpose of UAC. I'd almost go as far to say that it in fact you who apparently the 'n00b'.

More than to prevent you from doing stupid things to your computer, it's main goal is to give applications to least access they need to run.

For instance, let's say an exploit is discovered in Outlook that when you read a particular email, it can do stuff to your computer somehow. Because of UAC, Outlook never runs with Admin access, and the exploit is limitted to your local account. (In IE, it's actually even more limitted, it can't even touch your documents or user startup folder, thanks to Protected Mode IE) Ditto with every other app you have, especially the internet facing ones.

[FATILA]

I really think this forum needs a Vista FAQ, with UAC and the mythology surrounding it right at the top.

[argonite]

That just proves that you don't understand at all the purpose of UAC. I'd almost go as far to say that it in fact you who apparently the 'n00b'.

More than to prevent you from doing stupid things to your computer, it's main goal is to give applications to least access they need to run.

For instance, let's say an exploit is discovered in Outlook that when you read a particular email, it can do stuff to your computer somehow. Because of UAC, Outlook never runs with Admin access, and the exploit is limitted to your local account. (In IE, it's actually even more limitted, it can't even touch your documents or user startup folder, thanks to Protected Mode IE) Ditto with every other app you have, especially the internet facing ones.

This is correct. UAC has many background services aside from the prompts. These work to put IE and Outlook into a semi-sandboxed state and also prevent access to essential Windows components. As said by Brandon, "UAC will still save your ass even if you click OK to every prompt". Disabling UAC means you understand how screwed you'll be IF you get seriously exploited.

[ozgeek]

UAC doesn't help very much. All it does is ask if you want to do this or that. Since many people do not read dialog boxes very well and click on everything they see. From my experience many newbies are nortiroious for discarding unwanted dialog boxes by clicking on Close, No or Cancel and if that don't work (for example the box comes back), they try the OK, or YES command just to get rid of the message.

Disabling UAC is actually excatly the same as running XP with the common security apps installed. Excatly the same. Not much difference. I actually still visit some illegal sites but they did nothing to my UAC-dsiabled Vista-installation. It's actually the firewall, anti-virus, anti-spyware programs that actually does the decent work of system protection.

[Mark Schieldrop]

UAC doesn't help very much. All it does is ask if you want to do this or that. Since many people do not read dialog boxes very well and click on everything they see. From my experience many newbies are nortiroious for discarding unwanted dialog boxes by clicking on Close, No or Cancel and if that don't work (for example the box comes back), they try the OK, or YES command just to get rid of the message.

Disabling UAC is actually excatly the same as running XP with the common security apps installed. Excatly the same. Not much difference. I actually still visit some illegal sites but they did nothing to my UAC-dsiabled Vista-installation. It's actually the firewall, anti-virus, anti-spyware programs that actually does the decent work of system protection.

Lot of misinformation here. Even clicking "yes" to a UAC prompt can save your ass.

[ozgeek]

So you are saying people will click on Yes even to install malware on their computers? Many people does not know the difference between whether a malware is or not.

[neufuse Veteran]

So you are saying people will click on Yes even to install malware on their computers? Many people does not know the difference between whether a malware is or not.

UAC services do a LOT more then just show security prompts... try to get informed by reading a white paper on it, not just some internet forum...

[Mordkanin]

So you are saying people will click on Yes even to install malware on their computers? Many people does not know the difference between whether a malware is or not.

The point is that sometimes the stuff malware installers are piggybacked on (Your internet browser, your email client), aren't running with Admin privledges, and thus won't actually be able to properly install it.

Besides. If you saw a random UAC prompt when you were browsing the internet, would you really click it?

[drumthrasher109]

Well i'm still gonna leave UAC off on mine.

I doubt i'll even need it for the rest of me using Vista, but it is true that its more of a pain than anything else.

[apollo_1444]

theres only 2 reasons why u should keep UAC on

1.- if you're a nerd

2.- if you're a n00b

if you aren't any of those just keep it off and be a regular user. my 2 cents.

[magik]

^ UAC is a poor attempt at extra security. For "n00bs" whenever they see a UAC prompt, they tend to get startled (if they haven't seen one before) and think that they have done something wrong, when in actually, they're just trying to change the speed on their mouse pointer or something equally as trivial. For the "nerd" who uses UAC, eventually clicking "Proceed" or "Ok" or whatever it is on the UAC confirmation prompts becomes so second-nature that even if a UAC prompt were to pop up during a real threat, it would instinctively be allowed to proceed by the user.

I turned off UAC the second day I had Vista running. Everything just works better without it, IMO. :)

[drumthrasher109]

Heres what I really think:

Look, if you can't keep control of where you go online, and are afraid of spyware and junk, turn UAC on.

If you know what you're doing then leave it off.

[ZonoBurk]

theres only 2 reasons why u should keep UAC on

1.- if you're a nerd

2.- if you're a n00b

if you aren't any of those just keep it off and be a regular user. my 2 cents.

I suggest you go up and re-read (or read) MioTheGreat and billyea responces to UAC. That's facts - not 2 cents.

[Brandon Live Veteran]

Since ever app that I run that isn't in \Program Files OR \Windows isn't working, a 'The Directory Name is Invalid' error pops up every time I run them as admin, including some of my games and it really ****ing me off.

I made a thread at several forums, nobody knows anything.

That doesn't sound like a UAC problem... I've never heard of this sort of problem, what applications does it affect?

You think that since Microsoft made Vista then they should tell me what ever error means and how to fix it.

The error is most likely being shown by the application, not by Windows.

So, I noticed that turning UAC off makes everything work, but i'm vulnerable to spyware and other stuff installing by itself.

What are ALL the disadvantages of turning it off?

Three main ones:

1. All applications will run with full Administrator privileges. This means that if one of your applications (like Outlook, uTorrent, Trillian / AIM / whatever) has a vulnerability, your entire system can be compromised.
   
2. Protected Mode IE will no longer function, meaning that vulnerabilities in Internet Explorer (or add-ins like Flash, etc) can do harm to your system, whereas with UAC and Protected Mode, they cannot.
   
3. Vista was really designed with UAC in mind. The bulk of testing on Vista and by third parties is with UAC enabled. Disabling it can cause compatability problems (for example, Adobe's installer has issues with non-UAC Vista machines).
   

Also, disabling UAC removes many other protective mechanisms inside of Windows Vista. With UAC enabled, the indexer uses a Low Integrity Level (IL) process for indexing files. Explorer uses a Low IL process for hosting previews. These and other similar security features all depend on UAC. Disabling it turns them off as well.

[Mordkanin]

theres only 2 reasons why u should keep UAC on

1.- if you're a nerd

2.- if you're a n00b

if you aren't any of those just keep it off and be a regular user. my 2 cents.

You are incorrect.

Most of the people on here who shut it off have no basic idea of the protection it offers, or why what they're doing is horribly horribly wrong.

99% of the people who turn it off:

1. Have no idea what they're doing.

2. Would like to think of themselves as understanding what they're doing, but honestly have no idea. See #1.

[Brandon Live Veteran]

Heres what I really think:Look, if you can't keep control of where you go online, and are afraid of spyware and junk, turn UAC on. If you know what you're doing then leave it off.

UAC has absolutely nothing to do with spyware, or preventing your from actively installing malware. That's what Windows Defender is for (along with the warnings about downloaded files). UAC is about mitigating the effects of vulnerabilities in applications or Windows itself, and it does a damn good job.

If you know how to protect yourself, you have no need for UAC. It only gets in the way.If however you don't know the difference between "my_document.doc" and "my_document.doc.exe", use UAC. (that's just a guide, obviously ;) )

That's an incredibly naive view. UAC has absolutely nothing to do with that scenario. Basing your decision to disable UAC on something like that is ignorant, and certainly not something a Neowin moderator should be espousing. Now, if you are determined to disable the UAC consent prompts, then at least do it this way:http://brandonlive.com/2007/02/06/more-sec...tected-mode-ie/

[freak_power]

With UAC disabled Vista won't be nothing less secured then XP, and i never had problems with viruses and trojans, malwares in XP. Get hardware firewall, and good antivirus program, and you can keep windows defender on and you're set for good. Any good antivirus program will detect malware right away and it will prevent installing it into your computer. Hardware firewall is there to close all the ports and as I said you're set. UAC is nothing but annoying...

My argument against the people who are preaching about superfetch and readyboost and how good is and necessary is the XP performance which is equal or better then Vista. Numerous benchmarks showed that in the last six months and i don't need to repeat that...

Same applies for UAC. If person X didn't have security problems with XP then it means that person X with UAC on or off won't have it with Vista. If person Y had security problems with XP then it means it should use UAC but still there is 40% change it will still have security problems.

Edited July 16, 2007 by freak_power

[SpyCatcher]

Try this...

http://www.tweak-uac.com/download/

[Brandon Live Veteran]

With UAC disabled Vista won't be nothing less secured then XP, and i never had problems with viruses and trojans, malwares in XP. Get hardware firewall, and good antivirus program, and you can keep windows defender on and you're set for good. Any good antivirus program will detect malware right away and it will prevent installing it into your computer. Hardware firewall is there to close all the ports and as I said you're set. UAC is nothing but annoying...

My argument against the people who are preaching about superfetch and readyboost and how good is and necessary is the XP performance which is equal or better then Vista. Numerous benchmarks showed that in the last six months and i don't need to repeat that...

Same applies for UAC. If person X didn't have security problems with XP then it means that person X with UAC on or off won't have it with Vista. If person Y had security problems with XP then it means it should use UAC but still there is 40% change it will still have security problems.

That's just ridiculous. No firewall is ever going to prevent your software from being exploited by malicious content streams - for example, see the WMF vulnerability from a year or so ago. That's the kind of thing UAC protects against, not malware. UAC has nothing to do with malware (other than the fact that the vulnerabilities UAC protects against are occassionally used to distribute malware).

If person A never had a security problem with Windows XP, they should still leave UAC enabled on Vista. Just because you've never been robbed doesn't mean you should leave your doors unlocked.

UAC is quite possibly the single best defense against unpatched/unidentified vulnerabilities and 0-day attacks. Your virus scanner is going to be useless against such things, and a firewall doesn't even come into the picture.

[ZonoBurk]

Thanks Brandon for shining some light in this thread.