The Great UAC Debate!

[xplatinum]

I understand that UAC can be a useful feature for -some- people but not to everyone.

I'm a power-user. I've been working with computers for over a decade. I know what I should and should not execute. Nobody uses my PC except for me. Got a virus once and it was Tai-Pan back in my early years.

All that to say: UAC can most definately be a pain in the arse for people who know EXACTLY what they are doing. Sure some people need the extra padding in case they get hurt... but for some it's more of a nuisance than anything else.

UAC is a feature among lots of other things that hold me back from Vista.

What took me 2 seconds before now takes me 30 seconds. Talk about productivity. 4 extra steps to get the same job done.

/end Vista rant

[frbubba]

After I applied the tweak of keeping vista from darkening the screen, I don't mind UAC so much.

[jjrambo]

The problem with UAC is that pops up too often and for the most cases when it's not needed to. For example. If you start event viewer UAC will pop up. Absolutely there is no need for it. Let's say you want to delete shortcut from start menu. Well, it does it again. If UAC 'wakes up' only for the things it needs to, everything would be cool.

[Mordkanin]

I know what I should and should not execute.

The general point that a lot of us are trying to make is that while you might, all of your software might not be so smart. It's better to limit its access to the system so that it can't, either by exploit or accident, do bad things on a system-wide level.

If you start event viewer UAC will pop up. Absolutely there is no need for it.

Some parts of the event log are not things that software running under a limitted acount should have access to. There's a considerable amount of information about your system in there, and not all of it pertains to your user account. It's possible that some of it could be dangerous under the right circumstances. Maybe what we need is something more like the Task manager, where you can see YOUR stuff, but can't get to the system stuff unless you elevate have it launch a new, elevated, copy of itself. (That's how I feel regedit should be done.)

[jjrambo]

The general point that a lot of us are trying to make is that while you might, all of your software might not be so smart. It's better to limit its access to the system so that it can't, either by exploit or accident, do bad things on a system-wide level.

Some parts of the event log are not things that software running under a limitted acount should have access to. There's a considerable amount of information about your system in there, and not all of it pertains to your user account. It's possible that some of it could be dangerous under the right circumstances. Maybe what we need is something more like the Task manager, where you can see YOUR stuff, but can't get to the system stuff unless you elevate have it launch a new, elevated, copy of itself. (That's how I feel regedit should be done.)

So you're saying that should be able to access application as yourself or Admin. And if you do as yourself you get only get the limited rights so there is no need for UAC. I agree. It's like the same idea where on the web page you have admin and user access. User can do less then Admin.

[Brandon Live Veteran]

So you're saying that should be able to access application as yourself or Admin. And if you do as yourself you get only get the limited rights so there is no need for UAC. I agree. It's like the same idea where on the web page you have admin and user access. User can do less then Admin.

Without an elevation prompt, you aren't an admin. Your applictions are running just as if you were a regular "user." Only if the application requests admin privileges at start-up, and you click "Continue," does it launch with admin privileges.

The Event Viewer needs to launch with admin privileges because it shows you information about other users. Non-admins are not allowed to see information about other users. That would be a security / privacy violation.

I'm a power-user. I've been working with computers for over a decade. I know what I should and should not execute. Nobody uses my PC except for me. Got a virus once and it was Tai-Pan back in my early years.

UAC has nothing to do with what you should and should not execute. The fact that you do not understand the difference between privileged and non-privileged execution tells me that you are probably not as much of a "power-user" as you think you are.

What took me 2 seconds before now takes me 30 seconds. Talk about productivity. 4 extra steps to get the same job done.

/end Vista rant

If it takes you 28 seconds to click "Continue" and you consider this to be "4 extra steps" then I would again have to say you are no "power-user."

[Doli]

I really dont get UAC prompts that much. Im not off changing system settings everyday and my programs are better now that developers are not making UAC prompt up.

I dont see anthing wrong with UAC.

[gigapixels Veteran]

If it takes you 28 seconds to click "Continue" and you consider this to be "4 extra steps" then I would again have to say you are no "power-user."

Too right...

[ViperAFK]

Too right...

rofl

When the prompt comes up he must just sit there and stare at it like a deer in headlights.

[Mordkanin]

On a few systems, the switch to the secure desktop can add a delay. On my laptop, if I'm watching a video, the switch can be pretty slow on occasion, which is why I've disabled it the secure desktop on that machine. It didn't always do it. But when it did, it was very, very annoying.

[PyX]

I can't be saved by UAC because I don't download crap.

Seriously, come on. To get a virus or a trojan or a worm, you seriously have to look for it.

Sometimes I really see some people being surprised by having viruses in porn stuff, phishing or dubious websites with porn on them, downloading illegal stuff with gutella or something. Come on.

I remember when I found 1000 things with ad-aware on my friend's PC, half of these being cookies, what's wrong with the other half? I swear he looked hard on the net to get all this crap.

[Mordkanin]

I can't be saved by UAC because I don't download crap.

If you're going to post anything in this thread, at the very least read a few of the posts in it. Numerous scenarios in which UAC can offer a nice layer of protection have been presented. Very few, if any, of them require you to actively download and run some executable file. Most of them have to do with 0-day exploits which you have no control over, and can do absolutely nothing to protect yourself against.

[kylejn]

I don't currently use Vista (downgraded back to XP), but when I did use it, I gave UAC a shot. Then I realized that it was prompting me for permission to copy and paste basic files. I killed it immediately after that.

Here's the problem: UAC, as a concept, isn't bad. Similar things are available in Leopard and Linux (at least Ubuntu, not sure about other distributions). However, UAC should have been smart enough out of the box to not prompt the user for permission for every single little thing. As a result, people just turn it off rather than take the time to adjust the settings to something more reasonable. I know I didn't want to do Microsoft's work for them and make UAC usable. It was much simpler to just turn it off.

Besides, as long as you're a safe user, then there's not a lot for UAC to protect you from. I know that I ran my computer unprotected (i.e. no firewall, no virus scan) for about six months before I decided I should probably run a virus/spyware scan. Stupid, I know, but I never got around to getting the software. Wanna know what the scans came up with? Absolutely zero viruses, and maybe a handful of cookies. That's it. Because of this, I get the feeling that the importance of internet security is overhyped in order to make money for the software manufacturers. After all, it's much wiser, from a financial standpoint, to convince users that they need to give you money to be safe rather than just educate themselves on how to use a computer.

[Mordkanin]

Then I realized that it was prompting me for permission to copy and paste basic files. I killed it immediately after that.

It only prompts when you do that outside your user folder, as every other major operating system (Linux, UNIX, BSD, OSX, etc) will do by default.

[kylejn]

It only prompts when you do that outside your user folder, as every other major operating system (Linux, UNIX, BSD, OSX, etc) will do by default.

Really? Hmm, maybe it just hasn't been as "in your face" before. Are you talking about the "These files are hidden. Modifying these may affect your system" (or whatever) message?

[Mordkanin]

Really? Hmm, maybe it just hasn't been as "in your face" before. Are you talking about the "These files are hidden. Modifying these may affect your system" (or whatever) message?

No. I'm referring to the fact that under Vista, if you make an attempt to copy and paste a file into a directory that "Users" or your user account do not have explicit Write access to, you will get a UAC prompt.

Under every major operating system, you will either get a big fat "Access Denied" message, or get a prompt for root username and password if you try to do the exact same thing.

If you have complaints about UAC, file operations outside your user folder shouldn't be one of them, as UAC is actually the fastest/easiest (Just click 'Continue') dialog of all the other major implementations.

[ViperAFK]

In linux when you try and move something to the root folder for example all it does is spit out an access denied error and I have to launch the file browser as root to do anything there... Vista's prompt is arguably more convenient.

Not really sure what OSX does as I haven't been able to use it except at school where I can't do anything anyway lol.

[xplatinum]

If it takes you 28 seconds to click "Continue" and you consider this to be "4 extra steps" then I would again have to say you are no "power-user."

I wasn't even referring to the UAC at that point in my post. I know you seem to defend UAC at all cost but it's no reason to take shots at someone at every occasion.

I was talking about Vista in general. What took me 3 seconds in XP now takes me much longer due to useless extra steps.

And as far as UAC goes, you shouldn't debate the fact that UAC is annoying because even an employee of Microsoft admited that UAC was annoying on purpose. Useful or not is a whole different story. It never saved me from anything, it did pop-up way too many times.

There's a reason I always use an admin account on my PC, it's because I know what I'm doing and don't need the extra 200 triple-checks about every single decisions I make. If I ever need to be ultra safe and feel like I'm in a cardbox I'll think about using a non-admin account.

I know almost nothing about *nix but do you get elevation prompts when logged in as root ? Probably not because you shouldn't have been using 'root' in the first place. An elevation prompt asking for me the admin pass to execute something along with a message informing me about the potention effect is fine by me. But being on an ADMIN ACCOUNT and still being asked if i'm very very sure is just a pain in the arse IMO. I think it would be much more efficient than UAC.

No prompts for Admin accounts. And when using a non-admin one, everytime you do something that requires admin rights, THEN you get a prompt for a password along with some info about what the program is trying to access/modify.

@Brandon Live: I'm glad you find UAC useful. But that's your POV and I respect it. Try to do the same with others. To each their own.

GG.

[ViperAFK]

No you don't get prompts if you run as root i linux.

[mad_onion]

@Brandon Live: I'm glad you find UAC useful. But that's your POV and I respect it. Try to do the same with others. To each their own.

it's not that it's useful. it's that it's a security feature and it isn't anyone's point of view it's a fact. your opinion is a point of view because you've made your decision without having all the facts (if you had actually read the thread you would be aware of the facts). there is no reason that i know of to turn off UAC, to run in silent mode yes but not to rurn it off entirely. silent mode still protects you from exploits within application to some extent which it can't do if it's off.

this is why microsoft should have never given the option to turn off UAC. put in silent mode yeah, but not turn it off. there's just so many people that don't have the facts and just turn ot off because it's annoying. but that's microsoft's fault.

[xplatinum]

it's not that it's useful. it's that it's a security feature and it isn't anyone's point of view it's a fact. your opinion is a point of view because you've made your decision without having all the facts (if you had actually read the thread you would be aware of the facts). there is no reason that i know of to turn off UAC, to run in silent mode yes but not to rurn it off entirely. silent mode still protects you from exploits within application to some extent which it can't do if it's off.

this is why microsoft should have never given the option to turn off UAC. put in silent mode yeah, but not turn it off. there's just so many people that don't have the facts and just turn ot off because it's annoying. but that's microsoft's fault.

I'm not denying the fact that UAC is a security feature. I'm saying that UAC is not useful for ME and yes that's a POV.

Having a realtime Anti-virus running in the background has to do with security, but having one installed comes down to personal needs and knowledge. The security benefits remain the same for everyone, but my mom for instance would need one, me on the other hand would not. (there are times where I would install one before running a suspicious app but generally speaking no.)

I'm not saying that UAC is a mistake.

Picture it this way... in XP I never had to deal with elevation prompts while running full-time administrator. I never had a single problem with my decisions. In Vista I have to deal with numerous prompts for extra padding when I clearly do not need it.

System Restore ? it's off. UAC ? it's off. If something bad happens (which never happened up to now) I have an image ready to be restored in 3 minutes.

Turning off UAC would be XP's way of handling things, no ? If I never had a problem in XP why would I have one in Vista ?

In the end it's a security feature that not everyone can truly benefit. You're not tech-saavy, use UAC. You don't have an image/partitions/backup/etc to be safer, use UAC. You want all the extra security you can get, sure go ahead and leave UAC activated.

If things EVER do go wrong I'll turn to my system snapshot instead of the too many prompts that UAC brings me.

So yeah, UAC is not about usefulness, it's about the extra SECURITY FEATURE I do not need.

[mad_onion]

ok, i will try to explain more clearly. there aren't just two option for UAC. you can have it ON, SILENT or OFF. silent is exactly the same as off from an end user perspective but still takes advantage of UAC. thus increasing your security without putting you to any extra hassle (no confirmation to click through).

if you feel that you are tech savvy enough to not require the confirmation then put UAC into silent mode.

the tool to put UAC into silent mode can be found here http://www.tweak-uac.com/

[xplatinum]

ok, i will try to explain more clearly. there aren't just two option for UAC. you can have it ON, SILENT or OFF. silent is exactly the same as off from an end user perspective but still takes advantage of UAC. thus increasing your security without putting you to any extra hassle (no confirmation to click through).

if you feel that you are tech savvy enough to not require the confirmation then put UAC into silent mode.

the tool to put UAC into silent mode can be found here http://www.tweak-uac.com/

Putting UAC in silent mode is a worthy solution.

I don't mind having the extra security if it doesn't appear to be a nuisance to my everyday work on the computer. Being an avid fan of multi-tasking these elevation prompts can get really annoying for me compared to someone who opens 1 application once every 2 hours.

If the security feature remains invisible to the end-user there shouldn't be ANY reasons to not have it at least on silent.

[ViperAFK]

Yeah I don't get why anyone would turn it completely off when there is silent mode. I think Microsoft should have included that as an option instead of just on or off.

[mad_onion]

Putting UAC in silent mode is a worthy solution.

I don't mind having the extra security if it doesn't appear to be a nuisance to my everyday work on the computer. Being an avid fan of multi-tasking these elevation prompts can get really annoying for me compared to someone who opens 1 application once every 2 hours.

If the security feature remains invisible to the end-user there shouldn't be ANY reasons to not have it on silent.

yeah, this seems to be everyone's respone once they find out that they CAN run UAC in silent mode. this is no one's fault but microsoft. it seems pretty clear to me that silent mode should have been included as an option as an alternative to turning it off. people are very resonable, if they had been given the option to just hide the prompts they would use it.

:( very disappointing when microsoft is supposed to care about security.