UAC Whitelist?

[MagicAndre1981]

:laugh: :laugh: :laugh: :laugh: :laugh: :laugh:

I doubt that you no more than me. Otherwise you wouldn't write such nonsense all the time

:laugh: :laugh: :laugh: :laugh: :laugh: :laugh:

[hdood]

How does UAC protect us? Since the virus infects your computer when you use it as a standard user, the virus cannot get access to the global system resources, and therefore the amount of damage it can do is severely limited. Although it still can corrupt your documents and read your email, it cannot infect Windows system files or install itself to be automatically activated everytime you login to the computer. If a virus attempts to modify the system files and settings, UAC will alert you by displaying an elevation prompt.

This is a very dubious claim. Malware can make itself automatically launch without needing administrator rights. This means that even as a standard user, it can be running all the time, stealing all your files, manipulating running programs, or even make you part of a botnet. These are all things you don't need administrator access to do, and effectively give an intruder full control of your system. The separation between standard user and administrator is largely meaningless on a single-user home computer (except from a stability and reliability aspect, but that isn't what we're talking about here.)

Not just that, but can you guess what a program running as standard user can also do? That's right, it can trick you into giving it administrator rights. Think back to the last time you said yes to a UAC (AAM) prompt. Did you really know what you were saying yes to? Do you really know what that "setup.exe" really was? Do you really know that malware running as standard user wasn't watching your downloads and silently replacing setup.exe with a trojan, or infecting it with a virus? Even if the executable itself wasn't modified, are you sure that it won't end up loading some component that the malware has touched?

The answer is that you don't. You really do not know what you're saying yes to. The UAC prompt doesn't give you any information of value that can be used to make an informed decision.

There are certain variations on this that make UAC even more dangerous. One is where you disable the dimming when showing a prompt. If you do that, you risk accidentally elevating something without ever knowing you did it at all, because malware that is running can simply change the UAC prompt to say whatever it wants. It could change it to a random error message for instance, and you'd click yes, and oops, you just elevated the malware.

Another is where you're logged on as an actual standard user and want to run something as administrator. UAC will then pop up a dialog asking for your credentials (username(/password) before running it. Can you guess where this going? Yup, you have no idea of knowing whether the dialog you're writing your password in belongs to UAC or some random malware. Oops, you just gave away your admin password to the malware.

Anyway, I'm not saying that anyone should disable UAC or the AAM -- I personally don't. I'm just trying to point out that UAC does not constitute a security boundary, and that you should never give anyone the impression that it protects them from anything. The reality is that the second you run a program, your system could be compromised. It doesn't matter if it's as a standard user or administrator, you're just as screwed either way. The only thing that can protect you to some extent is antivirus/security software. These can at least block known threats before they execute.

[ShamRocker1]

(snipped)

read this:

http://www.msfn.org/board/faq-uac-t135143.html

I tried to explain you in simple words what UAC is.

With UAC you have standard user rights! Standard users were never able to write to C:\Windows or install applications.

Is you still don't understand it, it's simply your fault (snipped)

Quite judgmental aren't we? I am an IT Professional (A+, Net+, Security+ and MCSE with a little CCNA). Please don't talk down to members when they have a specific opinion. It only makes you look ignorant.

[MagicAndre1981]

I told you the solution to the question and the only thing you do is bashing the thread. Read what UAC is and learn how to use the task scheduler.

[ShamRocker1]

I told you the solution to the question and the only thing you do is bashing the thread. Read what UAC is and learn how to use the task scheduler.

I'm not bashing the thread.

[Kirkburn]

Am I forcing someone to turn it off? NO. If someone wants to leave it on, then leave it on, by all means. I doubt it'll limit the damage a virus can do Kirk. Whatever the virus is and does it'll do it. It doesnt matter if its on or off. I've seen HJT posts from people who have been infected. UAC has been on and its been covered in infections. It didnt limit anything whatsoever

No, you aren't forcing anyone to do anything. But some people are suggesting that others do it. This is when it becomes an issue.

No. It doesn't limit anything if malicious software gets access to the OS (and possibly other software/programs).

I'm confused - you're saying if malicious software gets access to the OS it can do malicious stuff to the OS? Well yes, that's basically tautology.

But UAC is there to help prevent exactly that situation arising.

[soldier1st]

the UAC prompts don't bother me as i like when it tells me something that needs to be done.

[ArmedMonkey]

well when you have apps like rivatuner start on startup, you will know what i mean

[svnO.o]

well when you have apps like rivatuner start on startup, you will know what i mean

I know what you mean! xD

[MagicAndre1981]

well when you have apps like rivatuner start on startup, you will know what i mean

follow my guide! I told you how to start apps with elevated rights without accepting the UAC prompt and without turning UAC off! What is so difficult? Spend 5 minutes of your time and read the guide and create a task and the shortcut in your startup folder!!!!!! :rolleyes:

[Kpssst]

follow my guide! I told you how to start apps with elevated rights without accepting the UAC prompt and without turning UAC off! What is so difficult? Spend 5 minutes of your time and read the guide and create a task and the shortcut in your startup folder!!!!!! :rolleyes:

People like to complain.

[bryonhowley]

I'm far from being a "noob". It doesn't work. Yes it can be configured to not annoy the user so much but it doesn't work as it should. Hence my post.

The very fact that you turn UAC off shows how much if a "noob" you really are. If you had any idea what UAC really does you would never tun it off! Microsoft should have hard-coded UAC with no way to change the settings then there would be no problems as it is noobs that think there not turn it off for no good reason at all.

[Ryoken]

I tried to live with UAC, but after a month I just couldn't take it anymore..

UAC is a nice idea, but it fails in practice.. the fact that it has no built in way to call a program safe is proof of this.. This is in addition to the fact that it can be "spoofed", it can just be what you think is a harmless program, and the one that really bothers me is it just requires a click to yes.. At least MacOS requires you to enter an Admin password before you can make system changes..

There is Nothing, NOTHING UAC protects you from that common sense shouldn't already.. If anything I find people with it on are more prone to do stupid things, just like with AV they feel they are protected, so they don't think.. They know they have UAC but they click yes to every prompt they see.

I run with no UAC, no AV, not active Anti-Malware applications. I make sure I know what a program is before I click it, I do my mail through gmail so they can scan it ( and I would still never download anything other than images and files for work, not exe's from email ). I haven't gotten a virus since the Win3.11 erra, and it came on a floppy.

Being smart is what protects you, not these little tools.. I'm sure all of you have helped recover someones computer from a virus.. tell me, how many of them were running AV, but still were infested with everything under the sun ?

Just a little common sense.. if you don't trust the program, Don't Run It.

*edit*

If you are wondering what steps I do take to protect myself, aside from just trusting the programs I install.. I have the MVPS Hosts file to block ad's and shady sites, along with Spybots Hosts File entries.. I also run a Spybot scan every few months ( it's yet to find anything of relevance.. ) .. Additionally I run an online AV Scan about once every 3 months, just to be safe... Again, never found anything of relevance..

[MagicAndre1981]

UAC doesn't protect you! It is a helper to run with standard user rights most the time!

[Ryoken]

If it doesn't protect you ( And I agree, it really doesn't ), then why get so bent out of shape over people saying they turn it off..

People getting called Noobs just because they turn it off..

[ArmedMonkey]

It could protect you if it had things like whitelists and sandboxing that you could actually understand and control.

What many people don't know is that UAC implements a VirtualStore folder (look it up) which provides some sandboxing type stuff if apps don't have permissions to write to places. But it's not documented well enough.

I tried the app compatibility manager thing, but it does not work right, so i'm shutting this crap off again. I kind of regret not taking over the admin account now.

[Garry]

UAC doesn't protect you! It is a helper to run with standard user rights most the time!

I've read through this thread with great interest and can see the argument from both sides however you appear to have quite an attitude problem.

[BigBoobLover]

Quite judgmental aren't we? I am an IT Professional (A+, Net+, Security+ and MCSE with a little CCNA). Please don't talk down to members when they have a specific opinion. It only makes you look ignorant.

This statement, coming from the person who repeatedly claimed in another thread that it was impossible for 32-bit systems to access RAM over 4GB using PAE, is downright hilarious. Welcome to my ignore list. You have already cost me and likely a few others a warn by baiting people into arguments about things you clearly know nothing about.

If you really do have those certifications, it is further evidence of how worthless they have become in recent years.

[ArmedMonkey]

I had no intention of starting a flame war. Come on guys. Let's try to be a little bit more mature.

BTW- ShamRocker, speak softly and carry a large stick. Don't go bragging because it will backfire on you (QED)

[MagicAndre1981]

If it doesn't protect you ( And I agree, it really doesn't ), then why get so bent out of shape over people saying they turn it off..

you still don't understand UAC and you are not willing to understand it. I wrote a "For Dummie style" guide and if you don't understand the UAC with that writing style, sell your PC and go for a new hobby.

People getting called Noobs just because they turn it off..

because they are n00bs. They never run a Windows NT based system with a limited user account. That's all. I'm using Windows NT for 15 years now and that's why I loved UAC, because I was always annoyed how stupid it was to work with such an account. You had now easy way to do operations which required elevated rights. Under NT/2000 you had to logoff/logon as a member of admin group to run such operations. With XP you have the fast user switch, which was still annoying. And with Vista the great UAC was born. No more fight with 2 Accounts, now I only have 1 account which is running with standard user rights and I'm able to do operations which require elevated rights, by simply accepting the UAC prompt. That's a real improvemnet. Only n00bs are annoyed about it, because they don't understand that concept of user rights and they never worked on a limited user account ;)

It could protect you if it had things like whitelists and sandboxing that you could actually understand and control.

It does sandboxing! LowIL like used in Internet Explorer. I also told you how to get Whitelists!

What many people don't know is that UAC implements a VirtualStore folder (look it up) which provides some sandboxing type stuff if apps don't have permissions to write to places. But it's not documented well enough.

it is documented, but all those n00bs are simply not willing or to stupid to read the Technet/MSDN documentation.

however you appear to have quite an attitude problem.

no, I only have a problem with people who have no knowledge and bash about things which they don't understand!

[hdood]

It does sandboxing! LowIL like used in Internet Explorer. I also told you how to get Whitelists!

That depends on your definition of a sandbox though.

IE in protected mode still has read access to your data, read and write access to the desktop and BNO object directory, as well as the ability to send certain messages to other processes. I believe it also has full access to network resources.

Even the sandboxing it does do, I don't believe Microsoft offers any guarantees for. That means they have no obligation to fix any problems in it. Compare that with something like .NET or Hyper-V, where they actually do guarantee absolute security boundaries, and so have to consider any flaws critial and have to fix them.

In other words it still poses a certain risk and probably does not qualify as a "sandbox" in the sense that most people mean. They tend to want the absolute isolation that you get from, say, a virtual machine.

You can still keep the rest of UAC while only disabling the administrator approval prompts though. That seems to be the part that actually annoys people, but who knows, some of the posters here seem obsessed with disabling anything they can.

[ShamRocker1]

Like i stated. It is another feeble attempt to provide "security" to Windows. Are we forgetting Security Center? I work in an environment where I deal with several PC's on a daily basis that are running UAC by default and still get infective. It doesn't work and is ineffective.

[MagicAndre1981]

It is another feeble attempt to provide "security" to Windows.

Windows is secure. Much more secure as you think, but when all n00bs like you running with admin accounts and not with limited user account, all the security is gone. Ask the *nix guys, which account they use. And all power users use a LUA, but on Windows all n00bs ("power users" or "experts") are running a admin account. With the SDL ( security development lifetime) process, all MS products are much secure than all other software products in the world. But this is something you also never heard before :rolleyes:

[Ryoken]

Windows is not Secure. NO OS is secure when you give the users access. This is a simple fact. You can add as much protection and popups as you want, as long as people can click Yes, then there's your security whole..

[GreenMartian]

Let's try this.

Which of the Windows user demographics are more likely to be infected with malware? The moms & pops type (which makes up a significant percentage); not the techies. When presented with a UAC prompt of "Yes" and "No", which one do you think they'll pick? Yeah, that's right.

"I wanna install this bonzy buddy app! Why am I being asked if I want to allow it to make changes? I'm INSTALLING it!" *clicks yes*

I think we can safely say that UAC isn't really an effective countermeasure against malware - for the people most likely to get infected in the first place.

On the other hand, I myself find it useful. It lets me know if what I'm doing might potentially affect other users on this machine, or that it's potentially dangerous (and hence making recovery a tad harder - compared to user-specific actions).