BajiRav Posted August 11, 2007 Share Posted August 11, 2007 i didn't get this part "2. Make yourself an owner of all locations you create/keep you data."plus i don't know how to tell UAC to stop bother me about a specific program it keeps alerting me about. Filesystem permissions. If you don't have r/w access to file/folders, you will see UAC prompt. Link to comment Share on other sites More sharing options...
pyehac Posted August 11, 2007 Share Posted August 11, 2007 I just leave UAC alone. Then again, I haven't seen any bad applications try to get through. Link to comment Share on other sites More sharing options...
ozgeek Posted August 11, 2007 Share Posted August 11, 2007 I have mine off. It's actually do nothing security-wise. I know from experience. You will just click on Contiune no matter what the message says. Anyway, if I have it on, and that stupid pointless dialog comes up, my screens changes resolution for like 2 seconds when starting programs that I initalze. That annoying clicking sound of my secondary CRT monitor. Link to comment Share on other sites More sharing options...
ZonoBurk Posted August 11, 2007 Share Posted August 11, 2007 Week by week we get treads like this. *sigh* Download (not an installation, just an .exe) TweakUAC. Click the middle button. Link to comment Share on other sites More sharing options...
kouhii00 Posted August 11, 2007 Share Posted August 11, 2007 Well I guess the people who turned off UAC will be the ones coming onto the forums and bitch VISTA SUCKS! Link to comment Share on other sites More sharing options...
jmc777 Posted August 11, 2007 Share Posted August 11, 2007 I have mine off. It's actually do nothing security-wise. I know from experience. You will just click on Contiune no matter what the message says. And even if you "just click on continue".... http://brandonlive.com/2007/01/31/vista-my...-just-click-ok/ Link to comment Share on other sites More sharing options...
Mordkanin Posted August 11, 2007 Share Posted August 11, 2007 I don't think it would be an increased security risk adding an "Allow this app" for the reasons I previously stated. In the example you gave, if an app/process started that wanted to run CMD.exe which was previously grated rights to always run in admin then there should be a UAC prompt. This UAC prompt would then tell the user that this app/process is attempting to call CMD which is an admin level app/process. That way an app/process isn't allowed to elevate itself through a back door. To my knowledge Vista already works this way with process isolation when UAC is on. UAC would also automatically turn off the "Allow this app" if the application exe ever changes to prevent malicious code from patching the exe to gain the priviledges. I can't see how that would work. How is the computer supposed to differentiate between an app being launched by you, and an malicious program launching it? Explorer is just another program, one that can be compromised or very easily controlled. Link to comment Share on other sites More sharing options...
NienorGT Posted August 11, 2007 Share Posted August 11, 2007 I think Mio is addicted to UAC... I'm sure he pass his time by making UAC popups poping 24h/24h Link to comment Share on other sites More sharing options...
+Fahim S. MVC Posted August 11, 2007 MVC Share Posted August 11, 2007 Leave it on (I can't remember the last time I saw a UAC prompt - annoying for the first week and then all but disappear.) - in fact go one step further and remove your users from the Administrators group (make yourself a Standard user), create a separate Admin account and type in a password when you need to elevate. Link to comment Share on other sites More sharing options...
DaViD_BRaNDoN Posted August 12, 2007 Share Posted August 12, 2007 I have my UAC enabled. Used to disabled Secure Desktop but then re-enabled it after a couple of days Link to comment Share on other sites More sharing options...
+LogicalApex MVC Posted August 12, 2007 MVC Share Posted August 12, 2007 I can't see how that would work. How is the computer supposed to differentiate between an app being launched by you, and an malicious program launching it? Explorer is just another program, one that can be compromised or very easily controlled. Since an app has to make calls to Windows to start another process be it in its own process or outside of it Windows knows when a process is being launched by another process. As I said earlier... Process Elevation protection is already in Vista by way of Process Isolation... http://www.winsupersite.com/showcase/winvista_security.asp Link to comment Share on other sites More sharing options...
solardog Posted August 12, 2007 Share Posted August 12, 2007 Aren't we done with this question? We all know the correct answer is nyeso. :huh: Link to comment Share on other sites More sharing options...
Mordkanin Posted August 12, 2007 Share Posted August 12, 2007 Since an app has to make calls to Windows to start another process be it in its own process or outside of it Windows knows when a process is being launched by another process. As I said earlier... Process Elevation protection is already in Vista by way of Process Isolation...http://www.winsupersite.com/showcase/winvista_security.asp But again, it's very easy to get explorer to do stuff for you. Any old process can make explorer do pretty much anything for it. You can't remove its ability to launch programs from your hypothetical "Always Allow" list, because that's how the user would always start a program, and you can't trust it to launch them because of how easy it is to mess around with externally. I don't believe process isolation will help you if explorer.exe is the one to actually launch the program at the direction of another program. Link to comment Share on other sites More sharing options...
daniel_rh Posted August 12, 2007 Share Posted August 12, 2007 It can take 1 month to be used to it, but it worth the pain. Link to comment Share on other sites More sharing options...
TheDreamX Posted August 12, 2007 Share Posted August 12, 2007 I hate UAC!!! Off! Off! OFF!!! Why? The first time I tried CREATING a folder, I was asked if I really wanted to do it. Are you kidding me, Microsoft? If my mouse right clicks and selects "New Folder," I damn well know what I'm doing. If there's some malware out there that can do that without me noticing, well, hats off to 'em, I'll hand over my machine on a silver platter. Link to comment Share on other sites More sharing options...
+LogicalApex MVC Posted August 12, 2007 MVC Share Posted August 12, 2007 But again, it's very easy to get explorer to do stuff for you. Any old process can make explorer do pretty much anything for it. You can't remove its ability to launch programs from your hypothetical "Always Allow" list, because that's how the user would always start a program, and you can't trust it to launch them because of how easy it is to mess around with externally.I don't believe process isolation will help you if explorer.exe is the one to actually launch the program at the direction of another program. I'm not sure if you're a programmer, but from your comments I will assume not... Processes may be able to ask explorer to launch an app for them (I'm not an expert on the Win32 API as I use the .NET Framework), but the way programs ask Windows to do anything is through programming interfaces. The way explorer works internally is not seen or known by the calling program. As a result, I'm sure the programming interfaces called by explorer when you ask it to open a program are different from those called by other programs. MS can also throw a UAC prompt when an external application calls one of those interfaces when explorer is running in evelated priv. (and I'm sure they do now)... So basically... It isn't impossible to know how an application is lauched. If it were MS wouldn't have been able to ensure UAC prompts came up in the first place ;) Link to comment Share on other sites More sharing options...
tao muon Posted August 12, 2007 Share Posted August 12, 2007 (edited) Well I guess the people who turned off UAC will be the ones coming onto the forums and bitch VISTA SUCKS! They were the one's coming into the forums and bitching 'Vista Sucks' when Vista was first released. Now they'll have more reasons to bitch once SP1 comes out. ---------------------------------------------------------------------------------- One of my elementary school teachers used to complain because I would write g, j, p, q and y above the line. I complained since I thought all letters should be above the line. That's what I was told by other teachers before. The teacher ended up convincing me there was an area outside of the line where letters could go and make everything correct. It's all the same, though. Rebellion creates hostility. Repetition creates harmony. You learn by doing. When you fight the learning process, you don't learn as much and people care less about your opinion. Edited August 12, 2007 by tao muon Link to comment Share on other sites More sharing options...
ozgeek Posted August 12, 2007 Share Posted August 12, 2007 Wrong. I love Vista. It has made my computing life much more pleasenting than XP as long as UAC is off. Running Vista with UAC is no difference than running XP. As long as you don't visit bad sites or do anything that cause the OS to be exploited then it is good without UAC. Windows Updates is there for a reason. Link to comment Share on other sites More sharing options...
tao muon Posted August 12, 2007 Share Posted August 12, 2007 Wrong. I love Vista. It has made my computing life much more pleasenting than XP as long as UAC is off. Running Vista with UAC is no difference than running XP. As long as you don't visit bad sites or do anything that cause the OS to be exploited then it is good without UAC. Windows Updates is there for a reason.So, in other words... according to you..., if you don't do anything that UAC is supposed to protect you from then you don't need UAC... and Windows Update saves you when you screw up?And I'm guessing you saved a lot of money by switching car insurance... right? Link to comment Share on other sites More sharing options...
MrCobra Posted August 12, 2007 Share Posted August 12, 2007 Protected Mode IE alone is enough reason to keep it on. There are utilities that exist that does the exact same thing as protected mode IE does. Link to comment Share on other sites More sharing options...
NEVER85 Posted August 12, 2007 Share Posted August 12, 2007 I hate UAC!!! Off! Off! OFF!!!Why? The first time I tried CREATING a folder, I was asked if I really wanted to do it. Are you kidding me, Microsoft? If my mouse right clicks and selects "New Folder," I damn well know what I'm doing. If there's some malware out there that can do that without me noticing, well, hats off to 'em, I'll hand over my machine on a silver platter. Um, that only happens if you try to create a folder in a location where there are important files (Program Files, WINDOWS, etc), so why would you be wanting to create a folder in either of those locations in the first place? Link to comment Share on other sites More sharing options...
Niels. Posted August 12, 2007 Share Posted August 12, 2007 Allways turn it off when i reinstall my computer, but then i turn it back on. Can't live without protected mode in IE :p Link to comment Share on other sites More sharing options...
Naughty Dog Posted August 12, 2007 Share Posted August 12, 2007 IMO if you can't handle it, switch back to XP and buy a copy of WindowBlinds and WindowFX. Use the theme "Arrow" and leave WindowFX and you have a complete Vista without many of the annoyances. BTW is there a program that can make your XP start menu like Vista's? Link to comment Share on other sites More sharing options...
Denis W. Veteran Posted August 12, 2007 Veteran Share Posted August 12, 2007 My only complaint with UAC is the secure desktop flicker (off for now until Microsoft finds a more aesthetically pleasing way to fade the desktop) and the double confirmation dialogs caused by XP SP2-era and UAC security dialogs piling up on top of each other. Otherwise, it stays on for my Vista installs. There are utilities that exist that does the exact same thing as protected mode IE does. If you're talking about something like Sandboxie, it tends to slow IE,?or?any?sandboxed?application, down to a crawl. (At least that's the case for IE7 XP.) But Sandboxie is a lot more effective than Protected Mode IE. You can simply install any spyware just for ****s then wipe it off in a fla:laugh:ugh: Link to comment Share on other sites More sharing options...
halcyoncmdr Posted August 12, 2007 Share Posted August 12, 2007 You can disable the secure desktop independently from the UAC system. Link to comment Share on other sites More sharing options...
Recommended Posts