The Great UAC Debate!

[Linkinfamous]

Wow look at the votes.

But seriously, if you are THAT scared that something bad will happen then you shouldn't even be using a computer.

It's not so much that we're 'scared' that something bad will happen, it's simply good security practice and a great preventative measure for a lot of potential exploits and problems.

[mad_onion]

um allan from another thread told me to post here. i'm pretty sure I understand how UAC works but he seems to think there is a reason to disable it entirely rather than just disable the promts via TweakUAC. he wouldn't tell me what his reason is (from my perspective that appears to be because there isn't one, certainly no one has explained it in this thread) but if there is a reason i would like to know? so could someone explain?

i mean someone on the previous page asked the same question and didn't get a response

WOW I cannot believe so many people would prefer risking security by using an an Admin Account instead of UAC Enabled but in Silent Mode. How is UAC annoying when in Silent mode? It's the prompts that are annoying, everything else about UAC is anything but annoying.

so any help? thanks

[+allan MVC]

It's not that I wouldn't tell you, it's that I chose not to hijack someone's thread to have the discussion.

In my opinion, disabling UAC is purely a personal preference. I happen to have a proprietary application that is incompatible with UAC, so in my case it's easier to keep UAC disabled at all times than to toggle it on and off, that's all. But regardless of why, it's up to the user to decide what he does and does not want running on his system. As long as he has all of the relevant information in front of him to make an informed decision, it's really nobody else's business.

And by the way, regarding that other thread - saying something is "dumb" is really a poor way of getting your point across in my opinion.

[mad_onion]

It's not that I wouldn't tell you, it's that I chose not to hijack someone's thread to have the discussion.

In my opinion, disabling UAC is purely a personal preference. I happen to have a proprietary application that is incompatible with UAC, so in my case it's easier to keep UAC disabled at all times than to toggle it on and off, that's all. But regardless of why, it's up to the user to decide what he does and does not want running on his system. As long as he has all of the relevant information in front of him to make an informed decision, it's really nobody else's business.

And by the way, regarding that other thread - saying something is "dumb" is really a poor way of getting your point across in my opinion.

ah ok thanks, yeah i just didn't realise that UAC caused those kinds of issues. so it's a very small minority that would want to disable UAC for that reason. also, in regard to the other thread the guy didn't have all the facts, he hadn't been made aware of the TweakUAC option, that's why i posted. obviously for someone in his situation (someone who just doesn't want to click through the dialog) my solution is superior to simply disabling UAC entirely.

[Brandon Live Veteran]

It's not that I wouldn't tell you, it's that I chose not to hijack someone's thread to have the discussion.

In my opinion, disabling UAC is purely a personal preference. I happen to have a proprietary application that is incompatible with UAC, so in my case it's easier to keep UAC disabled at all times than to toggle it on and off, that's all. But regardless of why, it's up to the user to decide what he does and does not want running on his system. As long as he has all of the relevant information in front of him to make an informed decision, it's really nobody else's business.

And by the way, regarding that other thread - saying something is "dumb" is really a poor way of getting your point across in my opinion.

How can an application be "incompatible" with UAC? Other than requiring you to elevate unnecessary, which I wouldn't count as "incompatible."

[mad_onion]

How can an application be "incompatible" with UAC? Other than requiring you to elevate unnecessary, which I wouldn't count as "incompatible."

:) i was hoping you would post that because it sounded weird to me but i don't really know enough to disagree with him. maybe he can explain.......................... ;)

[panicswitched]

when i use vista i keep it enabled, i just disable switch to virtualized desktop as it gets annoying and sometimes crashes stuff :)

[Chicane-UK Veteran]

No UAC for me, on an admin account.

I hope that nasty malware doesn't come and get me ;)

[Lexonex]

Here is my 2 cents worth, I NEVER use UAC. I?m running Vista 64bit and it took my some time to find compatible anti-virus software. I went with Trend Micro Internet Security 2008. Anyway, that was my latest purchase. I?ve run Trend Micro for over a year. Bottom line is that you can NOT scan for viruses with this UAC turned on. It MUST be off in order to scan your PC for viruses. Therefore, I keep the UAC turned off at ALL times. I NEVER had a problem because I let Trend Micro handle any arising situations and/or problems.

[ViperAFK]

Here is my 2 cents worth, I NEVER use UAC. I?m running Vista 64bit and it took my some time to find compatible anti-virus software. I went with Trend Micro Internet Security 2008. Anyway, that was my latest purchase. I?ve run Trend Micro for over a year. Bottom line is that you can NOT scan for viruses with this UAC turned on. It MUST be off in order to scan your PC for viruses. Therefore, I keep the UAC turned off at ALL times. I NEVER had a problem because I let Trend Micro handle any arising situations and/or problems.

You can scan for viruses with uac on...

[Lexonex]

Does NOT work for me............

[Linkinfamous]

Does NOT work for me............

No offense, but if that's the case, then you're "doing it wrong".

All antivirus software that I'm aware of, provided you're not using an old version, is perfectly compatible with UAC.

[Lexonex]

Could anyone running Trend Micro Anti-Virus Software AND Vista 64bit that can have UAC "ON" and still have the ability to scan their Entire PC for Viruses please post.........

[gigapixels Veteran]

You shouldn't be running AV software that's going to risk security in another area just to do a scan. I'm running Kaspersky, and it scans no problem with UAC fully enabled. You should get some better software rather than turn off an important security component.

[NEVER85]

Here is my 2 cents worth, I NEVER use UAC. I’m running Vista 64bit and it took my some time to find compatible anti-virus software. I went with Trend Micro Internet Security 2008. Anyway, that was my latest purchase. I’ve run Trend Micro for over a year. Bottom line is that you can NOT scan for viruses with this UAC turned on. It MUST be off in order to scan your PC for viruses. Therefore, I keep the UAC turned off at ALL times. I NEVER had a problem because I let Trend Micro handle any arising situations and/or problems.

Wrong. You can scan for viruses with UAC enabled just fine.

[Denis W. Veteran]

I believe any software that is incompatible with UAC are having problems with UAC's file and registry virtualization, which is one of the main benefits UAC provides.

The real problem comes when someone disables UAC and finds their applications acting weird because certain files and settings were stored in the virtualized folder that is no longer being used. There's no problem if one disables UAC right away after Windows is installed and before applications are being setup.

[Lexonex]

Wrong. You can scan for viruses with UAC enabled just fine.

While running Trend Micro?

[ViperAFK]

I have never used trend micro, but it obviously just isn't fully compatible with UAC if it can't do a scan. What happens with UAC on when you try and scan? I have never heard of any vista av's having a problem like this.

[Lexonex]

I have never used trend micro, but it obviously just isn't fully compatible with UAC if it can't do a scan. What happens with UAC on when you try and scan? I have never heard of any vista av's having a problem like this.

Tell you what. when I get back later this morning I will start a Topic on this very subject and go through step by step what happens when I try a full PC "Scan for Viruses" using TrendMicro Internet Security 2008 with the UAC "ON" with a Vista 64bit OS.....

[Brandon Live Veteran]

If it won't work, then it's probably because it's launching without elevation. Right-click and choose "Run as Administrator" and see if it works.

[Lexonex]

If it won't work, then it's probably because it's launching without elevation. Right-click and choose "Run as Administrator" and see if it works.

Tried that...This is a Negative...Still won't work UNLESS I turn OFF the UAC.....

[abcdefg]

It was also impossible to run that app as an Admin, under your account profile, which I think is one of the greatest things about UAC.

Isn't that what MakeMeAdmin does?

It's about keeping processes running with as few privileges as they need to perform their function, so as to prevent them from potentially doing harm, mostly by exploits (But it certainly helps prevent by accident.)

PWN2OWNed

Then when the application (IE, Firefox, AIM, Outlook, Thunderbird, whatever) gets attacked through a vulnerability in its code, it is prevented from doing significant damage and in many cases will fail altogether.

UAC isn't about preventing untrustworthy applications from being installed. It is about preventing trusted everyday applications from being hijacked via remote code execution exploits.

PWN2OWNed

Now what was UAC's role in preventing exploits?

[_BeanZ_]

PWN2OWNed

Now what was UAC's role in preventing exploits?

How about waiting until the details of the exploit are released? Was UAC disabled on the laptop? Was there a UAC prompt that needed to be accepted to enable the exploit to run?

[Linkinfamous]

PWN2OWNed

Now what was UAC's role in preventing exploits?

Uh, by making the scope of the exploit incredibly limitted, or potentially failing alltogether because it may assume Admin rights? Weren't you paying attention?

[ObiWanToby]

I'm sorry Brandon, but if you guys at Microsoft really think that way, I think a lot of users are going to heed your advice... because, from my experience with OS X and Linux, they have nothing as insanely annoying as UAC. :)

Mac OSX has been around long enough to where developers have made apps that install and run without admin rights (sometimes it asks you for the password during install).

Once Vista and its successors hit maturity developers better learn. Install google talk for instance http://talk.google.com , UAC will not prompt you to even install, because the developers understood how to install it without provoking admin rights. No one needs admin rights 100% of the time, that is why no OS defaults to that.

If you still hate it, you do have a choice, you do not have to use windows.