Deathray Posted July 5, 2009 Share Posted July 5, 2009 Hello So I have some pretty simple questions... I have a few programs that require to run in adminsitrator mode (I trust them), but each time UAC popup asks if I want to allow it Is there any way to grant a program a way to be automatically approved, instead of showing the popup every time? I don't want to outright turn off UAC, but it's getting annoying having this popup when it's not necessary for programs that I trust. I would imagine there must be something like firewall rules, where you can trust some connection once, always, or reject it... But it doesn't seem to have that. Instead, I'm shown a stupid bar with four settings for UAC settings. Link to comment Share on other sites More sharing options...
hdood Posted July 5, 2009 Share Posted July 5, 2009 No, you cannot, period. It doesn't have a "remember" option because it has no way of knowing that the program you're approving right now will be identical the next time you run it, and will load the exact same third-party code. It could have been infected by something else that uses it to gain administrator access. Heck, it doesn't even know if you actually wanted to run it the second time. Link to comment Share on other sites More sharing options...
GreenMartian Posted July 5, 2009 Share Posted July 5, 2009 No, you cannot, period. It doesn't have a "remember" option because it has no way of knowing that the program you're approving right now will be identical the next time you run it, and will load the exact same third-party code. It could have been infected by something else that uses it to gain administrator access. Heck, it doesn't even know if you actually wanted to run it the second time. And yet, firewall products have been doing this for how many years now, by storing and comparing the hash of the apps that you've told them to "remember"? My personal opinion is that there should be a way of setting an app as "trusted", otherwise, people annoyed enough by this might opt to turn off UAC altogether; and we're back to the XP days of everyone running as admin... Although, I have to admit, Win7 UAC is much less annoying than Vista's. Link to comment Share on other sites More sharing options...
hdood Posted July 5, 2009 Share Posted July 5, 2009 And yet, firewall products have been doing this for how many years now, by storing and comparing the hash of the apps that you've told them to "remember"? Do they also hash every single piece of external code it's bringing into the process (like libraries), and any other code those again are bringing in? It's not easy to do right. Of course, UAC is hardly that secure as it is, so I wouldn't mind if there was such a list as long as there was no way for other software to access it problematically (even when running as admin, so programs wouldn't auto-white list themselves). Link to comment Share on other sites More sharing options...
zhangm Supervisor Posted July 5, 2009 Supervisor Share Posted July 5, 2009 What programs do you have to run in admin mode? The vast majority, if coded correctly, shouldn't have to. Link to comment Share on other sites More sharing options...
ToneKnee Posted July 5, 2009 Share Posted July 5, 2009 What programs do you have to run in admin mode? The vast majority, if coded correctly, shouldn't have to. That is correct. If a program starts and triggers the UAC prompt, then it's accessing system settings which can harm the system. Yes, the UAC is an effective system, and no, it will not learn what your habbits are, though, the UAC is far less intrusive than Vista's version. Most of my programs do not trigger the prompt, if it does, then it's an update program or something else. You can also change the UAC habits through the gpedit.msc program if you type that into the start menu search box. Hope this helps you. Link to comment Share on other sites More sharing options...
ZonoBurk Posted July 5, 2009 Share Posted July 5, 2009 Maybe in Windows 7 SP1 we'll have that option. Maybe. lol Link to comment Share on other sites More sharing options...
hdood Posted July 5, 2009 Share Posted July 5, 2009 Thankfully fewer and fewer programs need admin access, but some just do. Maybe you're the type that runs CPU-Z twice a day. Well, that's two prompts a day that you didn't really care about. Calling UAC effective is a bit of an exaggeration.. When a user is prompted by the admin approval consent prompt, he really has no way of making an informed decision. What is "setup.exe" really? Is it actually the "setup.exe" you wanted to run, or are you being tricked? Has some other running program modified it? Will it load any libraries that contain code that shouldn't be trusted? You just don't know. Useless security barrier, even though it does exactly what it says on the box (except in 7, where it's broken on the default setting). The UAC credentials prompt is even worse. There you don't even know what you're typing your credentials into. It could be spoofed by any running program, and you've just given it the keys to the safe. Dangerous stuff. Link to comment Share on other sites More sharing options...
PureHeart Posted July 5, 2009 Share Posted July 5, 2009 If your going to use Windows Vista/7 then your going to have to come to grips with UAC now, for its probably not going to be changing in the near future. Link to comment Share on other sites More sharing options...
Subject Delta Posted July 5, 2009 Share Posted July 5, 2009 Do they also hash every single piece of external code it's bringing into the process (like libraries), and any other code those again are bringing in? It's not easy to do right. Of course, UAC is hardly that secure as it is, so I wouldn't mind if there was such a list as long as there was no way for other software to access it problematically (even when running as admin, so programs wouldn't auto-white list themselves). Most firewalls can detect if one library or application has been launched by another, presumably it would be possible to code UAC to do the same with low level kernel access Link to comment Share on other sites More sharing options...
hdood Posted July 5, 2009 Share Posted July 5, 2009 No doubt it's technically possible, but I'm guessing they just felt it was too much work. Link to comment Share on other sites More sharing options...
ToneKnee Posted July 6, 2009 Share Posted July 6, 2009 No doubt it's technically possible, but I'm guessing they just felt it was too much work. It's not that. Viruses can attach themselves to applications, so if you set it to always allow a program admin rights and the virus has infected that program, it's now just got admin wide access to the system. UAC is fine, it shouldn't be given any options like "always remember" etc, because it'll get abused. Link to comment Share on other sites More sharing options...
rakeshishere Posted July 6, 2009 Share Posted July 6, 2009 This can be possible using a 3rd party tool from Symantec (Now dont curse me for recommending me their product but it actually works) Link to comment Share on other sites More sharing options...
ZonoBurk Posted July 6, 2009 Share Posted July 6, 2009 No thanks. lol Link to comment Share on other sites More sharing options...
hdood Posted July 6, 2009 Share Posted July 6, 2009 It's not that. Viruses can attach themselves to applications, so if you set it to always allow a program admin rights and the virus has infected that program, it's now just got admin wide access to the system. UAC is fine, it shouldn't be given any options like "always remember" etc, because it'll get abused. Yes, but he's arguing that they should checksum all the files when you first tick the "remember" box, so that it can verify the integrity of the program every time it's launched. With a setup like that, something couldn't modify the application. Link to comment Share on other sites More sharing options...
Argi Posted July 6, 2009 Share Posted July 6, 2009 Vista: Disable UAC for Certain Applications in Vista This is the method I used on my parent's PC when a couple of applications like a be a PITA and prompt for admin each time you want to use them. It doesn't give them admin, but it supresses the UAC prompt and runs the app as the user that called it. That way you keep UAC on, don't rely on 3rd party solutions and you don't get any annoying prompts. :) Link to comment Share on other sites More sharing options...
Deathray Posted July 6, 2009 Author Share Posted July 6, 2009 Vista: Disable UAC for Certain Applications in VistaThis is the method I used on my parent's PC when a couple of applications like a be a PITA and prompt for admin each time you want to use them. It doesn't give them admin, but it supresses the UAC prompt and runs the app as the user that called it. That way you keep UAC on, don't rely on 3rd party solutions and you don't get any annoying prompts. :) Definitely going to try that, thanks Link to comment Share on other sites More sharing options...
Lord Ba'al Posted July 6, 2009 Share Posted July 6, 2009 This can be possible using a 3rd party tool from Symantec (Now dont curse me for recommending me their product but it actually works) So it actually remembers which programs need to run in admin mode, rather than nagging you each and every time? That would be neat. Link to comment Share on other sites More sharing options...
rakeshishere Posted July 6, 2009 Share Posted July 6, 2009 So it actually remembers which programs need to run in admin mode, rather than nagging you each and every time? That would be neat. Yes.. Its like "Remember my decision for this app every time" Link to comment Share on other sites More sharing options...
jnelsoninjax Posted July 6, 2009 Share Posted July 6, 2009 One thing I have been considering is getting a program called Buzof, it presses a button for you after you train in to, and if you set UAC to the second to last option (show messages, but do not gray out the desktop) I think it might work! Link to comment Share on other sites More sharing options...
blade1269 Posted July 6, 2009 Share Posted July 6, 2009 Hey, there is this Smart UAC i tried it with 7, 7000 beta and massive crashing . have not tried since, look promising but will give another go. Link to comment Share on other sites More sharing options...
GreenMartian Posted July 6, 2009 Share Posted July 6, 2009 To those of you that argue that it would make windows more vulnerable, yes you're absolutely right (and the fact that that many apps also depend on .dll and other libraries that may be infected by malware, hashing everything might be a tad inefficient). But consider the only other option that the user is presented with: Dragging the UAC slider way down. That, in my opinion, is much more dangerous than only trusting one or two apps, as now ALL apps would be treated as trusted. Yes, there will be tricks, hacks, and third-party software to do this; But we all know what the guy next door would do when he's annoyed enough by the incessant UAC prompts... Link to comment Share on other sites More sharing options...
Mazhar Posted July 6, 2009 Share Posted July 6, 2009 What programs do you have to run in admin mode? The vast majority, if coded correctly, shouldn't have to. One is CCleaner which always gives UAC even in admin mode. Link to comment Share on other sites More sharing options...
-KJ Posted July 6, 2009 Share Posted July 6, 2009 To those of you that argue that it would make windows more vulnerable, yes you're absolutely right (and the fact that that many apps also depend on .dll and other libraries that may be infected by malware, hashing everything might be a tad inefficient).But consider the only other option that the user is presented with: Dragging the UAC slider way down. That, in my opinion, is much more dangerous than only trusting one or two apps, as now ALL apps would be treated as trusted. Yes, there will be tricks, hacks, and third-party software to do this; But we all know what the guy next door would do when he's annoyed enough by the incessant UAC prompts... That was me when I first got Vista. I upgrade from XP and the prompts were driving me crazy when I was installing my apps and running them up to the point where I didn't care what it protected me from -- my mentality at that time was "If I can handle XP without this UAC, I can handle Vista without it"! And then I became informed and reenabled it on silent mode (some third party hack)? I don't know if that's a good thing or not, or if I'm even using UAC properly, but now I view it as an extra padding of protection. Anyway, I still hold that XP mentality to a degree. I don't download random stuff on the Internet and only visit trusted sources for the stuff I need. But I won't say no to more protection, especially one that is free. Link to comment Share on other sites More sharing options...
zhangm Supervisor Posted July 6, 2009 Supervisor Share Posted July 6, 2009 One is CCleaner which always gives UAC even in admin mode. CCleaner will request it because it does system-wide changes, i.e. all users may be affected. Link to comment Share on other sites More sharing options...
Recommended Posts