• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

The Great UAC Debate!

UAC  

1,263 members have voted

You do not have permission to vote in this poll, or see the poll results. Please sign in or register to vote in this poll.

Recommended Posts

MrKuro    0

i also turn it off; i know the "benefits" ; but it annoys me too much to leave on

Share this post


Link to post
Share on other sites
Solid Knight    511

I left mine on. It gets annoying but I'd rather have it on.

Share this post


Link to post
Share on other sites
techcafe    0

UAC is the first thing i disable on every Vista system i setup... UAC is a royal pain in the *SS, and most of my clients absolutely hate UAC, because it constantly nags/annoys the user about the most trivial activities. UAC just gets in the way of getting real work done.

UAC is not a feature, it's a bug, and if microsoft was serious about securing the OS, then they would never have hacked together a crappy/half-assed/stop-gap measure like UAC.

Share this post


Link to post
Share on other sites
NEVER85    248
UAC is the first thing i disable on every Vista system i setup... UAC is a royal pain in the *SS, and most of my clients absolutely hate UAC, because it constantly nags/annoys the user about the most trivial activities. UAC just gets in the way of getting real work done.

UAC is not a feature, it's a bug, and if microsoft was serious about securing the OS, then they would never have hacked together a crappy/half-assed/stop-gap measure like UAC.

Wow, I seriously pity any client you have, if that's the best you can come up with. Do us a favor and get out of the field before you do any more damage.

Share this post


Link to post
Share on other sites
MagicAndre1981    5

@techcafe

instead of posting such a bull**** you should learn what UAC and NT security right management is.

*facepalm*

Share this post


Link to post
Share on other sites
ryan_the_leach    0

Ok, I'm not claiming to be an expert.

But let us say i follow the turn UAC off camp,

What's the worst that could happen considering the arguments for and against, i end up giving malware admin access that wasn't intended as mentioned above.

Now considering I don't turn it off,

I'm annoyed daily when I'm renaming files editing ini files in program files(which i now know i can find in the virtual store thanks topic :D).

considering the two worst scenario outcomes I can tell you I personally would rather be "Protected" and annoyed.

Edit: Wow 26 pages, I think this thread has gotten way too big, and i only read until page 9, and even rorm the first 3 pages just saw people repeating themselves, reckon the facts from this topic just need to be pinned, and then locked,

but its not my place to back seat mod....

Edited by ryan_the_leach

Share this post


Link to post
Share on other sites
MagicAndre1981    5

sorry, UAC never anyones you, it helps you to do operation which require elevated rights. If you're trying to do the same things with a limited account under XP, you'll get an error message ;) That's all.

Share this post


Link to post
Share on other sites
Descartes    130

UAC in Vista was horrible, but since I moved to Windows 7, i have it turned on default settings - I only see it when a program needs to elevate itself, which hardly ever happens - and it saved my ass a couple of times too, the icon overlay usually gives you a heads up, when an app is not supposed to make use of the administrator privileges. A great thing!

Share this post


Link to post
Share on other sites
PureHeart    0

I always have UAC turned on, if it improves security why not? Although I don't think I have ever been saved by it though, maybe it will in the future :)

Share this post


Link to post
Share on other sites
Growled    3,880

I like UAC. I run as a standard user and my Admin account has a password. Despite all of that you never know when something might get through, so UAC is turned on, just in case. It is slightly annoying but not nearly as annoying as many make it out to be.

Share this post


Link to post
Share on other sites
Kralik    3

As I stated in another thread I need an AV because all the systems at one of my client's office are infected and I have to connect my USB drive there to exchange data, I also bring back viruses/malware from there and for me the combination of Norton AV 2009 and UAC is golden.. no infections so far since I started using these 2.. UAC doesn't let the exe files run without consent and NAV cleans them off. I feel almost nothing can sneak through and infect me system (Y)

Share this post


Link to post
Share on other sites
antareus    0

Is it better to run as a standard user and elevate as necessary? I'll be reinstalling 7 when the final comes out so I'll switch to doing that if there is a genuine benefit over running as admin at max UAC settings.

Share this post


Link to post
Share on other sites
Brandon Live    232

Sigh... when will that crap die.

It's a non-issue. UAC in Win7 works as intended and should be left at the default setting for most users (the UAC settings dialog explains which option you should use based on your usage habits).

Share this post


Link to post
Share on other sites
Xerxes    228

I always have it turned on.

EDIT: Scratch that last part, made no sense :p

Edited by Xerxes

Share this post


Link to post
Share on other sites
Brandon Live    232
Is it better to run as a standard user and elevate as necessary? I'll be reinstalling 7 when the final comes out so I'll switch to doing that if there is a genuine benefit over running as admin at max UAC settings.

The most secure thing you can do is to run as a standard user, and use Fast User Switching to switch to an administrator account for admin tasks.

A step down from that is to use OTS (Over The Shoulder) elevation, where you run as a standard user but run admin tools as an Administrator on the same desktop. To make this safer you'll want to turn on the option that requires a Ctrl+Alt+Del press before elevating, since you'll have to type a password, and you want to make sure the dialog isn't being spoofed. However, this is not a security boundary because non-admin and admin apps are sharing the same desktop.

A step down from that is UAC at the maximum setting. This is much easier to live with because you don't need to enter a password (and don't need the C+A+D press to protect from spoofing) and the apps still run with your user profile and such. Again this is not considered a security boundary because non-admin and admin apps share the same desktop.

-- The above two options are safest at times when there are no admin apps are running --

A small step down from that is the default Win7 configuration where you aren't prompted for changes to Windows settings. This reduces the barrier between non-admin and admin applications, but maintains the same barrier between protected applications (like the IE Protected Mode and Chrome sandboxes) and normal applications.

There's another notch below that where the secure desktop switch is not enabled, opening up the possibility that someone could tamper with the consent dialog.

Below that is disabling UAC entirely. This is a very bad idea because it removes the "low integrity" option used for things like IE's Protected Mode and Chrome's sandbox. That is a very important and useful security feature for mitigating the impact of exploits against the most common attack surfaces.

Across these options you have trade-offs between safety and useability. The default option is meant to provide the best balance for most users.

Share this post


Link to post
Share on other sites
MagicAndre1981    5
A step down from that is UAC at the maximum setting. This is much easier to live with because you don't need to enter a password (and don't need the C+A+D press to protect from spoofing) and the apps still run with your user profile and such.

that's right and this way it was done in Vista.

Again this is not considered a security boundary because non-admin and admin apps share the same desktop.

Yes it it. The IL levels prevent you from attacking an admin app from a non-admin app.

Across these options you have trade-offs between safety and useability. The default option is meant to provide the best balance for most users.

no, it only opens a security whole which can be used very easy run apps with admin rights without accepting the UAC prompt. If Average Joe got a mail with a link to get a free cool game and the chance to win a few bucks he will download the tool and try to run it. Under Vista UAC prompt was shown and this unsettles him and de doesn't accept it. With Win7 the apps can use the Explorer, DWM or several other MS apps to bypass the UAC prompt and still get admin rights.

And this is WRONG!

Share this post


Link to post
Share on other sites
jamesVault    0
The IL levels prevent you from attacking an admin app from a non-admin app.

No, this is not the purpose of IL levels (in every Windows NT version any admin app can't be attacked by a non-admin app). The purpose of IL levels is preventing an app1 to attack another app2 which runs with the same privileges of app1 i.e. app1 and app2 are running with the same privileges but different integrity levels.

Edited by jamesVault

Share this post


Link to post
Share on other sites
+allan    12

Just when you think this thread has taken its last breath it rears its ugly head again...... :D :D

Share this post


Link to post
Share on other sites
John G.    0
I'm hoping future versions will not have an option to disable UAC, any insider info on that possibility?

That should NOT happen. People should have the ability to customize they're computer, I personally don't like **** popping up whenever I click to run programs, it happens everytime firefox starts up, some java **** or something.

Share this post


Link to post
Share on other sites
NfoTech    0

UAC is a security patch (just like the security center). Until Microsoft cleans up the kernel (or starts from scratch) It will be the same issue(s) over and over.

Share this post


Link to post
Share on other sites
bryonhowley    11
That should NOT happen. People should have the ability to customize they're computer, I personally don't like **** popping up whenever I click to run programs, it happens everytime firefox starts up, some java **** or something.

It should have happened in Windows 7. Microsoft should have hard coded UAC at default with NO way to change it period. I have never ever had a UAC prompt for Firefox ever if you are getting them you have something on your end.

Share this post


Link to post
Share on other sites
John.D    56

Only thing with UAC (in Vista and 7 x64). Is it can give you access denied errors, when you update programs (foxit reader is one of them). Thats one reason why I've disabled it

Share this post


Link to post
Share on other sites
Growled    3,880

UAC is not perfect. Nothing is, especially against a determined hacker. However, every little bit of protect helps.

Share this post


Link to post
Share on other sites
John.D    56

Nothing worth stealing on these anyway

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.