The Great UAC Debate!

[waruikoohii]

yeah, this seems to be everyone's respone once they find out that they CAN run UAC in silent mode. this is no one's fault but microsoft. it seems pretty clear to me that silent mode should have been included as an option as an alternative to turning it off. people are very resonable, if they had been given the option to just hide the prompts they would use it.

:( very disappointing when microsoft is supposed to care about security.

Silent Mode is essentially the same as off (in that it will automatically elevate anything that asks to be elevated), which is why, I imagine, it isn't included as an option in the User Accounts applet.

It is a better option than totally off, but the only two viable options are this:

UAC On, run as whatever account type you want

UAC Off, run as limited user unless you're installing software.

The second option is going back to the XP days, but it's a better option than running as Administrator with UAC turned off.

[ViperAFK]

UAC in silent mode is still advantageous as all programs run as low privileges by default and things like IE's protected mode will work.

[Brandon Live Veteran]

I don't mind having the extra security if it doesn't appear to be a nuisance to my everyday work on the computer. Being an avid fan of multi-tasking these elevation prompts can get really annoying for me compared to someone who opens 1 application once every 2 hours.

If the security feature remains invisible to the end-user there shouldn't be ANY reasons to not have it at least on silent.

I've heard that the SQM data shows that something like 90% of user sessions involve 0 UAC prompts at all, and the majority of sessions with prompts have exactly one.

If you are seeing more than one UAC prompt per logon session you are in a very, very small minority. If you're seeing one every 2 hours then you are simply doing something wrong. What are you changing about your system on such a frequent basis that you require elevation so often? Is there some legacy program that you are constantly starting and stopping and there's no modern alternative for?

I'm not denying the fact that UAC is a security feature. I'm saying that UAC is not useful for ME and yes that's a POV.

If you have a PC connected to the internet, then UAC is useful to you.

Whether you comprehend that is another matter entirely. If you use IE, UAC is critically important, as far as I'm concerned.

[NEVER85]

If you use IE, UAC is critically important, as far as I'm concerned.

Sorry if I misconstrued your post here, but are you saying that using IE7 without UAC, like on XP, is a bad idea?

[Brandon Live Veteran]

Sorry if I misconstrued your post here, but are you saying that using IE7 without UAC, like on XP, is a bad idea?

XP users don't have this option, so it's a non-issue. Certainly they would be more secure by upgrading to Vista. I don't think anyone will deny that.

I only hope that we see more browsers take advantage of Protected Mode-like functionality using a Low IL process to isolate rendering and hosting of untrusted content and code whenever possible.

[Linkinfamous]

It seems odd that none have. They've had like two years since they could have begun work on it in the betas.

It's not a trivial thing to implement, so obviously it'd take them a while...but FF2 came out around the same time as Vista, so it would have a perfect thing for FF3. And Opera always has the best security title, you'd think a protected mode would literally make it the most secure browser possible.

[Mayhem]

i after many weeks of using Vista with UAC also desactivated it, not because of the Popups (even if i do 30% of my time on PC is doing Adminstrative work and see many UAC popups) but its because when we execute a file UAC checks the file fully

well, this on 20MB+ setup files starts to notice the slowdown and the time to wait until the setup is started, example of this was on my laptop and downloaded Office 2007 SP1 with is about 220MB and the rest you probably know, waited about 15 to 20seconds to the setup to start

to compare i turned off UAC and tested the same file and guess what? 1 second

this is basicly my huge UAC complaint, the rest for me was minor stuff (some annoying but still minor)

recently discovered Comodo Firewall Pro 3.0 that have now a module of Defense+ and after a while i noticed what UAC should have been without questions

-> accept or refuse a .exe to do stuff (install files, create folders, create/change registry stuff, etc)

-> choose if that application is safe or not, if safe make it a trusted app and you can run it wherever you want and you dont get any popup (unless the application try to execute another .exe, then a popup will come up offcourse, a trusted app is only trusted within is program)

-> protection? a picture better that 1000 words, not to mention its firewall part

take a look on this screenshots on their site also if you want -> http://www.personalfirewall.comodo.com/screenshots.html , especially this one http://www.personalfirewall.comodo.com/scr...hots2.html?im=7 for a example that i talked

----

if you like real control of your computer and are a medium/good Admin you should try this, for inexperience ones maybe to complicated but this program after initial setup of the applications you run every day and set their rules i dont see anymore any popup of Comodo, only when instaling a new program or when some program wants to start a external file that dont have any rule defined

but without all of this lol, in Vista Sp1 UAC is better but like i said, that 20MB+ setup files being a huge slowdown has the MB is bigger is a 100% decision for me to turn UAC off

sorry for the big text

[Linkinfamous]

Wait. Are you comparing a firewall to UAC?

[Mayhem]

Wait. Are you comparing a firewall to UAC?

no. all my post was about the Defense+ module that this program have, its 2 separated modules, Firewall or Defense+witch his all i talked

the firewall part of this program his the normal options that almost every firewall program out there have witch can be desactivated and keeping only the Defense+ part

try it if you want, its a great program and its what UAC should have been for me, its totally free

Microsoft should have made options like this for UAC

1 Standard option like acted like UAC does now in what we have in windows 7

2 Advanced option to act like Defense+ and we having option to trust the applications and not be bothered anymore (unless the program in question executes an external .exe) and all the stuff i mention on my previous post

[mad_onion]

no. all my post was about the Defense+ module that this program have, its 2 separated modules, Firewall or Defense+witch his all i talked

the firewall part of this program his the normal options that almost every firewall program out there have witch can be desactivated and keeping only the Defense+ part

try it if you want, its a great program and its what UAC should have been for me, its totally free

Microsoft should have made options like this for UAC

1 Standard option like acted like UAC does now in what we have in windows 7

2 Advanced option to act like Defense+ and we having option to trust the applications and not be bothered anymore (unless the program in question executes an external .exe) and all the stuff i mention on my previous post

so after reading your post i think i've worked out what you actually want to say basically to want have the option to trust an application and automatically elevate it.

ok if that's what you wanted to say you should have to just said it.....

[Brandon Live Veteran]

2 Advanced option to act like Defense+ and we having option to trust the applications and not be bothered anymore (unless the program in question executes an external .exe) and all the stuff i mention on my previous post

If an application starts another application, that other application runs at the same integrity level. If you trust an app (by letting it run elevated) then you must trust it fully. Anything it does, including launching other applications, is a trusted action. There is nothing about launching another file that is special or more dangerous than any other code that could be running in the trusted process.

[Aaron Olive]

Turn The S**t off End of Story It's Useless and it slows down productivity.

[Mayhem]

all get it wrong what i meant that i want to UAC to be, i basicly explained how Defense+ work, sorry if i didn't said properly what i wanted to UAC to be

resume - what i wanted to UAC to be for me :

-> a Windows Vista module/protection that give me info and full control of what is happening, ex: the famous dont bother me anymore, popups showing me what the program is accessing and if is in a protection folder/reg hive i wanted to know and have the option to allow it or not if i find that the program in question may not me what we think

-> dont read the integrety of the file has it starting about of 20mb+ (on laptops) and 40/50mb (desktop) you start to notice the slowdown to that .exe file to finally start (ex: large instalantions like for ex: world of warcraft setup, diablo2 setup,... world of warcraft patchs (100-200mb), Office 2007 sp1 (220+/-mb) etc etc, you get it

i saw now also the new Kaspersky internet security and it has the same "module" has Comodo but even better, basicly that is what i wanted to UAC to be and not only a App starts, asks for Admin rights and like 70% ppl out there (guessing) click always Allow without any problem and without any notification what is happening after that (ex: some program has spyware on it, you install it (asks for admin for installing on Program files (you think is only that) and guess what? it puts toolbars on IE or worse)

hope i explained it rigth this time what i wanted to UAC to be

[Linkinfamous]

dont read the integrety of the file has it starting about of 20mb+ (on laptops) and 40/50mb (desktop) you start to notice the slowdown to that .exe file to finally start (ex: large instalantions like for ex: world of warcraft setup, diablo2 setup,... world of warcraft patchs (100-200mb), Office 2007 sp1 (220+/-mb) etc etc, you get it

I believe that's just explorer doing the check. If you launch such large apps from say, an elevated command prompt, the delay doesn't occur.

That said, maybe there's a way to disable it....

Edited May 2, 2008 by MioTheGreat

[ViperAFK]

That might actually just be explorer doing the integrity check. If you launch such large apps from say, an elevated command prompt, the delay doesn't occur.

This actually happens to me occasionally even when I run the installer as admin first, only with files that are like 700 mb though.

[jjrambo]

I can't wait till we get rid of Vista. I hate every byte of it... :laugh:

[Brandon Live Veteran]

This actually happens to me occasionally even when I run the installer as admin first, only with files that are like 700 mb though.

There is more than one thing that tends to make installers take longer to get going in Vista. One of them is often a System Restore point being created, which tends to happen right before the UAC dialog is shown for MSI installers.

As for any delay running an elevated app, applications that request elevation do get their digital signatures checked before the prompt is displayed. There are different prompts for unsigned applications versus verified publishers versus Windows components.

[NEVER85]

I can't wait till we get rid of Vista. I hate every byte of it... :laugh:

Then don't use it and stay on XP.

[Ferret]

I can't stand the thing - Too many pop-ups.

Plus that DEP (Data Execution Prevention) really gets on my ###### too. It's stopped me installing or playing some games, so i've disabled that too !

[CrashG]

I can't stand the thing - Too many pop-ups.

Plus that DEP (Data Execution Prevention) really gets on my ###### too. It's stopped me installing or playing some games, so i've disabled that too !

That had me going for a bit, untill I added it to the excluded list. Had to turn it off for IE7 though, just so I could use IEspell (I have to have my spell checker). :yes:

[Doli]

What are you doing for it to pop up so many times?

[Srsly]

Another reason why i went back to xp :)

[dvb2000]

Another reason why i went back to xp :)

ANd now FINALLY even microsoft is admitting its a mistake :)

(from the front page news)

Experts agree that Microsoft's Windows Vista is relatively well-protected, but its security features ? such as User Account Control (UAC) ? have been highlighted by security experts as one reason why the operating system is far less popular than its predecessor, Windows XP.

According to Scott Charney, vice president of Microsoft's Trustworthy Computing Group, UAC was designed to give users more control over the applications they run and help them make better security decisions by providing them with more informatiHowever, the main problem with Vista's UAC, according to Charney, is that it prompts the user far too often.

"Clearly there has to be work done on UAC user prompts, where users get prompts at times they don't necessarily expect it ? and it's not intuitive. The challenge is ? as with many of these things when we try to give users control ? if you give people too many prompts in too many situations, they view it as an impediment," Charney told ZDNet.com.au yesterday at the AusCERT security conference on the Gold Coast.

http://www.zdnet.com.au/news/security/soa/...htm?omnRef=1337

/waits for Brandon to try and defend UAC yet again.....

[mad_onion]

i don't really see what can be done to reduce the number of prompts. it's completely dependant on how many things you do that require elevation.

UAC does prompt the user too often but this isn't a problem with UAC it's only doing it when a program requests elevation. what do you expect, it to just randomly choose to ask for elevation for some and not for all lol

there are too many prompts because of poorly written software which asks for elevated privilage when it doesn't need it. and tbh even then it isn't annoying for me at least i get like none during normal operation.

there's not much microsoft can do about how developers write programs, although i'm sure it will just improve over time.

[ViperAFK]

The problem with too many UAC prompts (Although I hardly get any) lies not in poor design of UAC but in poorly designed programs that need admin rights when they shouldn't. Linux and OSX have had something like UAC for a long time so this problem isn't as bad as programs have already been designed with it in mind.