The Great UAC Debate!

[rtk]

If Vista ever made UAC unable to be turned off, I'd leave Vista forever. That's how frustrated I get from the relentless, stubborn messages asking me to confirm an action I just committed.

Being a programmer, I move files around a lot, copy them to different folders, and delete what I don't need anymore. UAC bugged me until I finally did a Google search to read on how to disable it.

Leave Vista now, last thing the world needs is another windows programmer that doesn't understand secure system setup.

[Mathachew Veteran]

Leave Vista now, last thing the world needs is another windows programmer that doesn't understand secure system setup.

Eh, it is secure, but they definitely need to make it smarter, much like performing an admin command in Linux. You've authenticated right now, so you shouldn't have to in 20 seconds when you perform a second admin command. UAC gives you the prompt every. single. time. If it was smarter, I wouldn't mind it so much, but until then, it's staying off.

[Ayepecks]

So you are asking Microsoft to fix UAC problem which only the minority of users may be complaining about ?

And TweakUAC doesn't fix UAC and make it less intrusive - it actually makes it pointless as processes which request elevation at startup are granted it at automatically - even if the code is malicious.

Are you kidding me? Simply because something is a minority doesn't mean it's not a problem?

Here's a little piece of information for you: the Red Ring of Death on the 360 only affects a minority (roughly 33%) of users, from what's been reported. Guess that's just a small issue as well :)

[Linkinfamous]

Eh, it is secure, but they definitely need to make it smarter, much like performing an admin command in Linux. You've authenticated right now, so you shouldn't have to in 20 seconds when you perform a second admin command. UAC gives you the prompt every. single. time. If it was smarter, I wouldn't mind it so much, but until then, it's staying off.

Uh. What?

UAC and Process Integrity levels are actually pretty similar (Though arguably smarter than) Linux and sudo.

If you start a command prompt with Admin privileges (The Vista equivalent the 'su' command.) that command prompt is going to spawn every process after it with Admin privileges.

There's absolutely no way to make it 'remember' the privileges a process should be launched with within some arbitrary time limit without introducing a security vulnerability that basically makes the system utterly worthless.

[Scaldari Anitoba]

I have it turned off on my gaming rig. It interfears with the copy protection on some of my older games that just running as admin does not fix. but in all my day to day machines i leave it turned on. By nature i dont install much on my rig to keep its performance high, so it works out well.

[Linkinfamous]

I have it turned off on my gaming rig. It interfears with the copy protection on some of my older games that just running as admin does not fix. but in all my day to day machines i leave it turned on. By nature i dont install much on my rig to keep its performance high, so it works out well.

Personally, I install no-cd cracks for all games that I own. I find that the checks for the cd/dvd both slow down the launch of the game (That idiotic spinning cd cursor for 5 seconds at the launch of every game I own really manages to **** me the **** off.), and in the case of certain games (The Sims 2, for my sister) actually cause the game to crash every now and then upon launch.

[Scaldari Anitoba]

Yet to find a no dosk crack for sacred that will work for me, they load but you can create no new toons, and people have stoped trying since the next version has been out for a while now ;P

Personally, I install no-cd cracks for all games that I own. I find that the checks for the cd/dvd both slow down the launch of the game (That idiotic spinning cd cursor for 5 seconds at the launch of every game I own really manages to **** me the **** off.), and in the case of certain games (The Sims 2, for my sister) actually cause the game to crash every now and then upon launch.

[Denis W. Veteran]

If you start a command prompt with Admin privileges (The Vista equivalent the 'su' command.) that command prompt is going to spawn every process after it with Admin privileges.

There's one difference. For instance in Linux (or specifically Ubuntu) after you invoke the first command in a program that requires sudo, any other programs/commands that require admin access go through for the next X amount of minutes. This applies to GUI and text-based apps/scripts. I guess for now Vista has no way of picking out which commands are user or hidden app initiated so it's going for the safer (but more annoying) route of prompting everytime for each new process requiring admin privileges. Also because of the greater amount of dialog prompts compared to sudo Vista opts for a single cancel/allow for administrators with a secure desktop as prompting for the password for every single UAC dialog on administrator accounts would make this whole hate against UAC a lot worse.

That begs me to ask: does sudo in Linux differentiate between system commands launched by the user and launched by a hidden program during that given time period, or it doesn't? I would think the best solution for both Windows and Linux is probably placing a gigantic button on the bottom right that stops automatic privilege escalation (similar to OS X's "Click here to make/prevent changes" lock).

Edited February 10, 2008 by rm20010

[Mathachew Veteran]

Uh. What?

UAC and Process Integrity levels are actually pretty similar (Though arguably smarter than) Linux and sudo.

If you start a command prompt with Admin privileges (The Vista equivalent the 'su' command.) that command prompt is going to spawn every process after it with Admin privileges.

There's absolutely no way to make it 'remember' the privileges a process should be launched with within some arbitrary time limit without introducing a security vulnerability that basically makes the system utterly worthless.

Hold on a second, You misunderstood my point. In Linux, if I perform an admin action, I am prompted for the admin password, but come 10 seconds later, if I do something else, ie: not a spawn of the first admin action, I am not prompted for a password, whereas with Vista, I do receive the UAC prompt, and will continue to receive it if the action is not a child process of the first action.

Here's an example. Let's assume Linux admin checks behaved like UAC. I type vi /etc/httpd/conf/httpd.conf to edit the Apache configuration. I receive a prompt. I make my changes, save the file, and then I type service httpd restart (or /etc/init.d/httpd restart). I receive another prompt, even though I gave my credentials moments earlier. This is how UAC behaves, but not Linux. If I had made my changes and waited approximately 15 minutes (or it could be 10, I never timed it), Linux would prompt me because I'm outside of the "admin window" so to speak, and this behavior occurred for both CLI and GUI; that is why I say UAC needs to be smarter.

[Linkinfamous]

Then what exactly is stopping a malicious piece of code hiding in the background from waiting until you do something like that, and then suddenly having full access to the system? There's got to be more to it than you've described....

If there's not, and it's just a blind 'execute anything that wants admin privileges within the next 'x' minutes with them', Microsoft could never implement it without it being a security nightmware.

Edited February 10, 2008 by MioTheGreat

[+Fahim S. MVC]

Are you kidding me? Simply because something is a minority doesn't mean it's not a problem?

Here's a little piece of information for you: the Red Ring of Death on the 360 only affects a minority (roughly 33%) of users, from what's been reported. Guess that's just a small issue as well :)

Big difference between the two examples you gave:

Red Ring Of Death means a broken 360

UAC Prompt means Vista is behaving as it should

If the majority of people are happy with UAC, why should Microsoft change it? I think that there are a lot of users that see the advantage of it.

And I for one have never had any malware on my computer or viruses (since 95). I still run Vista under a low priveledge user meaning that I have to type in a password when UAC wants permission...

[#Michael]

Well, I decided to keep uac on when I did a reformat of my laptop. See here at the university they make us use Cisco's Clean Access Agent program in order to sign onto the wireless network. It seems that a huge amount of universites in the states use this system to protect wireless networks from viri and spyware and also to prevent the community from stealing the wireless.

But with the latest version of it (whenever a new version of it is released, you are forced to update) a uac prompt is brought up everytime the computer is restarted or the program signs on. Very annoying.

But that does seem to be the only time I see uac now...except for when I install or uninstall something.

[Mathachew Veteran]

Then what exactly is stopping a malicious piece of code hiding in the background from waiting until you do something like that, and then suddenly having full access to the system? There's got to be more to it than you've described....

If there's not, and it's just a blind 'execute anything that wants admin privileges within the next 'x' minutes with them', Microsoft could never implement it without it being a security nightmware.

Theoretically, malicious code shouldn't be hiding in the background anyways. There's nothing more than what I described. Here's a Linux GUI example:

Click on the update icon, type in password. Close the update window that opens when you've entered the correct password. Click on the update icon again, no password prompt, instead it goes straight to the update Window. If I clicked on the update icon after, say, 5, 10 or 15 minutes, I have to type in the password again.

As far as I know, Linux has always behaved like this (I can't say for certain since I only have about three years of experience with it), and I've never heard of a blind execute overtaking it, have you? I don't see why Windows couldn't either. I fail to see how the current implementation is as smart as it can get.

[freeza]

With the ability to enter passwords into the UAC box when prompted, i keep it on :)

[Argi]

I fail to see how the current implementation is as smart as it can get.

I think the point is that it's not smart - by design. I'm sure it'd be possible to differentiate between user-initiated prompts and "background" prompts, but thats leaves room for exploitation, even if you believe the implementation is 100% foolproof.

By opting for a confirm everything there's no way a malicious application can "trick" the system into thinking it's something that it's not.

[Brandon Live Veteran]

Hold on a second, You misunderstood my point. In Linux, if I perform an admin action, I am prompted for the admin password, but come 10 seconds later, if I do something else, ie: not a spawn of the first admin action, I am not prompted for a password, whereas with Vista, I do receive the UAC prompt, and will continue to receive it if the action is not a child process of the first action.

That's fine and all, but most desktop Linux installations are ridiculously insecure. If you have a "grace period" like that when all processes are magically allowed to launch with elevated privileges, then you've completely defeated your own security model. Any code that wants to initiate an Escalation of Privilege attack just has to wait until you perform any admin action and bam, they own your box.

[ViperAFK]

Theoretically, malicious code shouldn't be hiding in the background anyways. There's nothing more than what I described. Here's a Linux GUI example:

Click on the update icon, type in password. Close the update window that opens when you've entered the correct password. Click on the update icon again, no password prompt, instead it goes straight to the update Window. If I clicked on the update icon after, say, 5, 10 or 15 minutes, I have to type in the password again.

As far as I know, Linux has always behaved like this (I can't say for certain since I only have about three years of experience with it), and I've never heard of a blind execute overtaking it, have you? I don't see why Windows couldn't either. I fail to see how the current implementation is as smart as it can get.

Not all distros behave like this, ubuntu and it's derivatives generally do, but Fedora and Suse don't

[Ayepecks]

Big difference between the two examples you gave:

Red Ring Of Death means a broken 360

UAC Prompt means Vista is behaving as it should

If the majority of people are happy with UAC, why should Microsoft change it? I think that there are a lot of users that see the advantage of it.

And I for one have never had any malware on my computer or viruses (since 95). I still run Vista under a low priveledge user meaning that I have to type in a password when UAC wants permission...

Whoa now, let's take a look at what you said.

People are happy with UAC, or people aren't complaining to Microsoft about UAC? I'm betting it's the latter, big-time. Just because people don't complain to Microsoft doesn't mean you shouldn't try to improve on it. Like I said: I don't think anyone disagrees with UAC's purpose. Why would they? They disagree with it's annoyance and intrusiveness.

[Iian K]

I don't use UAC, I find bothersome.

Edited February 20, 2008 by Sevan

[Sethos]

I used to turn off UAC, but the last time i installed Vista i left it on - It's not that bothersome as i imagined it to be, i get like 1-2 prompts a week, if that is all it takes to increase my security? Fine.

[buddybud]

uac is only as useful as the user clicking the yes/no button. I support vista professionally and constantly run in to folks who hate it but never bother to find out what it is, let alone read what it says before they click yes/no. The common thing said is that "i have (fill in generic security app here) so there is no way i can get infected by malware. So in other words if the user is either lazy or dumb no amount of security features will save them in the long run. To be blunt the average user i deal with is either a moron or just thinks that because they spent x amount of dollars no thinking should be involved..lol.

That said i dont use the uac. I ghost my system on a regular basis so always have a way out if something goes terribly wrong.

[Linkinfamous]

uac is only as useful as the user clicking the yes/no button.

No, no, no, no, no.

UAC's real strength is when you don't get the prompt, but some action that would have otherwise been allowed in a process with a High IL is simply denied. It's about launching and keeping processes at the lowest privilege level they need to function. It doesn't block actions, it blocks permissions at process start.

[mobilnic]

greetingz,

uac is an extra security layer, it is indeed there for a reason and because u paid for it, then maybe you should use it. but uac is not just for you, it's there so that anyone who uses your pc is prompted and most of us here know more than our friends about pc's, so they would probably query you if the system needs elevation.

my only gripe is that it would've been champ if microsoft included a training algorythm much like one used for anti-spam engines in mail clients, although u can 'manually' train uac by using the method as mentioned by +brandnewfantx.

perhaps this will be addressed by sp1 along with many other high-hopes for the service pack.

[roadgeek9]

I used to have Windows Vista, but I got rid of it. When I did use it, I didn't have UAC turned on... on my Administrator account.

[+Fahim S. MVC]

Whoa now, let's take a look at what you said.

People are happy with UAC, or people aren't complaining to Microsoft about UAC? I'm betting it's the latter, big-time. Just because people don't complain to Microsoft doesn't mean you shouldn't try to improve on it. Like I said: I don't think anyone disagrees with UAC's purpose. Why would they? They disagree with it's annoyance and intrusiveness.

You're 'betting' but have no emperical evidence to support your 'hunch'. There are features of Windows that users genuinely complain (to Microsoft) about and those that they don't complain about. The above suggests that you would rather Microsoft works on those that the users are not complaining about.

I don't think most users think that UAC is as annoying and intrusive as YOU suggest. I certainly don't find it being either.