yes or no: User Account Control

By Shasoosh
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

BajiRav

Posted
Posted
i didn't get this part "2. Make yourself an owner of all locations you create/keep you data."

plus i don't know how to tell UAC to stop bother me about a specific program it keeps alerting me about.

Filesystem permissions. If you don't have r/w access to file/folders, you will see UAC prompt.

Link to comment
Share on other sites
Grand Master

ozgeek

Posted
Posted

I have mine off. It's actually do nothing security-wise. I know from experience. You will just click on Contiune no matter what the message says. Anyway, if I have it on, and that stupid pointless dialog comes up, my screens changes resolution for like 2 seconds when starting programs that I initalze. That annoying clicking sound of my secondary CRT monitor.

Link to comment
Share on other sites
Grand Master

Mordkanin

Posted
Posted
I don't think it would be an increased security risk adding an "Allow this app" for the reasons I previously stated. In the example you gave, if an app/process started that wanted to run CMD.exe which was previously grated rights to always run in admin then there should be a UAC prompt. This UAC prompt would then tell the user that this app/process is attempting to call CMD which is an admin level app/process. That way an app/process isn't allowed to elevate itself through a back door. To my knowledge Vista already works this way with process isolation when UAC is on. UAC would also automatically turn off the "Allow this app" if the application exe ever changes to prevent malicious code from patching the exe to gain the priviledges.

I can't see how that would work. How is the computer supposed to differentiate between an app being launched by you, and an malicious program launching it? Explorer is just another program, one that can be compromised or very easily controlled.

Link to comment
Share on other sites
Grand Master

+Fahim S. MVC

Posted
  • MVC
Posted

Leave it on (I can't remember the last time I saw a UAC prompt - annoying for the first week and then all but disappear.) - in fact go one step further and remove your users from the Administrators group (make yourself a Standard user), create a separate Admin account and type in a password when you need to elevate.

Link to comment
Share on other sites
Grand Master

+LogicalApex MVC

Posted
  • MVC
Posted
I can't see how that would work. How is the computer supposed to differentiate between an app being launched by you, and an malicious program launching it? Explorer is just another program, one that can be compromised or very easily controlled.

Since an app has to make calls to Windows to start another process be it in its own process or outside of it Windows knows when a process is being launched by another process. As I said earlier... Process Elevation protection is already in Vista by way of Process Isolation...

http://www.winsupersite.com/showcase/winvista_security.asp

Link to comment
Share on other sites
Grand Master

Mordkanin

Posted
Posted
Since an app has to make calls to Windows to start another process be it in its own process or outside of it Windows knows when a process is being launched by another process. As I said earlier... Process Elevation protection is already in Vista by way of Process Isolation...

http://www.winsupersite.com/showcase/winvista_security.asp

But again, it's very easy to get explorer to do stuff for you. Any old process can make explorer do pretty much anything for it. You can't remove its ability to launch programs from your hypothetical "Always Allow" list, because that's how the user would always start a program, and you can't trust it to launch them because of how easy it is to mess around with externally.

I don't believe process isolation will help you if explorer.exe is the one to actually launch the program at the direction of another program.

Link to comment
Share on other sites
Mentor

TheDreamX

Posted
Posted

I hate UAC!!! Off! Off! OFF!!!

Why? The first time I tried CREATING a folder, I was asked if I really wanted to do it. Are you kidding me, Microsoft? If my mouse right clicks and selects "New Folder," I damn well know what I'm doing. If there's some malware out there that can do that without me noticing, well, hats off to 'em, I'll hand over my machine on a silver platter.

Link to comment
Share on other sites
Grand Master

+LogicalApex MVC

Posted
  • MVC
Posted
But again, it's very easy to get explorer to do stuff for you. Any old process can make explorer do pretty much anything for it. You can't remove its ability to launch programs from your hypothetical "Always Allow" list, because that's how the user would always start a program, and you can't trust it to launch them because of how easy it is to mess around with externally.

I don't believe process isolation will help you if explorer.exe is the one to actually launch the program at the direction of another program.

I'm not sure if you're a programmer, but from your comments I will assume not...

Processes may be able to ask explorer to launch an app for them (I'm not an expert on the Win32 API as I use the .NET Framework), but the way programs ask Windows to do anything is through programming interfaces. The way explorer works internally is not seen or known by the calling program. As a result, I'm sure the programming interfaces called by explorer when you ask it to open a program are different from those called by other programs. MS can also throw a UAC prompt when an external application calls one of those interfaces when explorer is running in evelated priv. (and I'm sure they do now)...

So basically... It isn't impossible to know how an application is lauched. If it were MS wouldn't have been able to ensure UAC prompts came up in the first place ;)

Link to comment
Share on other sites
Mentor

tao muon

Posted
Posted (edited)
Well I guess the people who turned off UAC will be the ones coming onto the forums and bitch VISTA SUCKS!

They were the one's coming into the forums and bitching 'Vista Sucks' when Vista was first released. Now they'll have more reasons to bitch once SP1 comes out.

----------------------------------------------------------------------------------

One of my elementary school teachers used to complain because I would write g, j, p, q and y above the line. I complained since I thought all letters should be above the line. That's what I was told by other teachers before.

The teacher ended up convincing me there was an area outside of the line where letters could go and make everything correct.

It's all the same, though.

Rebellion creates hostility. Repetition creates harmony.

You learn by doing. When you fight the learning process, you don't learn as much and people care less about your opinion.

Edited by tao muon
Link to comment
Share on other sites
Grand Master

ozgeek

Posted
Posted

Wrong. I love Vista. It has made my computing life much more pleasenting than XP as long as UAC is off. Running Vista with UAC is no difference than running XP. As long as you don't visit bad sites or do anything that cause the OS to be exploited then it is good without UAC. Windows Updates is there for a reason.

Link to comment
Share on other sites
Mentor

tao muon

Posted
Posted
Wrong. I love Vista. It has made my computing life much more pleasenting than XP as long as UAC is off. Running Vista with UAC is no difference than running XP. As long as you don't visit bad sites or do anything that cause the OS to be exploited then it is good without UAC. Windows Updates is there for a reason.
So, in other words... according to you..., if you don't do anything that UAC is supposed to protect you from then you don't need UAC... and Windows Update saves you when you screw up?

And I'm guessing you saved a lot of money by switching car insurance... right?

Link to comment
Share on other sites
Veteran

MrCobra

Posted
Posted
Protected Mode IE alone is enough reason to keep it on.

There are utilities that exist that does the exact same thing as protected mode IE does.

Link to comment
Share on other sites
Grand Master

NEVER85

Posted
Posted
I hate UAC!!! Off! Off! OFF!!!

Why? The first time I tried CREATING a folder, I was asked if I really wanted to do it. Are you kidding me, Microsoft? If my mouse right clicks and selects "New Folder," I damn well know what I'm doing. If there's some malware out there that can do that without me noticing, well, hats off to 'em, I'll hand over my machine on a silver platter.

Um, that only happens if you try to create a folder in a location where there are important files (Program Files, WINDOWS, etc), so why would you be wanting to create a folder in either of those locations in the first place?

Link to comment
Share on other sites
Community Regular

Naughty Dog

Posted
Posted

IMO if you can't handle it, switch back to XP and buy a copy of WindowBlinds and WindowFX. Use the theme "Arrow" and leave WindowFX and you have a complete Vista without many of the annoyances. BTW is there a program that can make your XP start menu like Vista's?

Link to comment
Share on other sites
Grand Master

Denis W. Veteran

Posted
  • Veteran
Posted

My only complaint with UAC is the secure desktop flicker (off for now until Microsoft finds a more aesthetically pleasing way to fade the desktop) and the double confirmation dialogs caused by XP SP2-era and UAC security dialogs piling up on top of each other. Otherwise, it stays on for my Vista installs.

There are utilities that exist that does the exact same thing as protected mode IE does.

If you're talking about something like Sandboxie, it tends to slow IE,?or?any?sandboxed?application, down to a crawl. (At least that's the case for IE7 XP.)

But Sandboxie is a lot more effective than Protected Mode IE. You can simply install any spyware just for ****s then wipe it off in a fla:laugh:ugh:

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.