How to get rid of "Do you want to allow..."?

Lordbob75 said:

chrysalis said:

Lordbob75 said:

3. Allow virus onto whitelist and get screwed.

Unfortunately, having a whitelist just doesn't work.

~Lordbob

nothing like treating your userbase like kids.

why would a sane person add a virus to their whitelist.

So you are telling me that every [sane] person knows exactly what every virus looks like and can tell to not add them?

~Lordbob

If in doubt dont whitelist, I would only whitelist apps I frequently use and know are safe.

MacGyvr said:

UGH, just let the ones who don't want to use UAC turn it off and get infected. Arguing about it does nothing. They will find out soon enough. Personally, I am suspicious of anyone who is getting overwhelmed by UAC prompts. I *might* get one a day, but I don't even think I get that many. Enjoy all your little hacking tools and unnecessary hardware monitors. If you need to monitor that much about your PC, you probably need a new one. It's kind of like a car. I use it to get from place to place...I don't want to spend more time rebuilding it than I do *using* it.

bit of bizzare comment :)

I dont know how many a day I get, not many tho. I have a few apps that need admin priv to work properly, so they prompt when I fire them up but because I rarely reboot and restart these apps its not a big deal.

So ironically as it stands I am not that bothered about a whitelist feature as I probably would only use it for 2 or 3 apps however I am a big fan of user choice and not been treated like a baby by companies so I think the whitelist ability should be there.

UAC is useful but saying silly things like if you turn it off you gonna get infected is wrong as well especially given that using a whitelist is nothing like the same as turning it off, the biggest protection vs malware is user vigilence. Its entirely possible to have no a/v no fw, and no UAC and be fine. It just increases your risk of infection. UAC would truly be good if we were using restricted user accounts by default instead of admin accounts. We only halfway there at the moment, hopefully win8 will have limited user accounts the default.

Brink said:

chrysalis said:

If in doubt dont whitelist, I would only whitelist apps I frequently use and know are safe.

The only problem with being able to whitelist any app, is what would happen if a virus/malware replaces that whitelisted app's file with a version of it own. Scary thought.

it would be caught by the hash check I mentioned and reprompt, the reprompt would then catch my attention and I wouldnt whitelist again without a scan of file.

"UAC has detected file properties changed of whitelisted app please advise on action"

The same scenario can affect the yes/no prompt, its not a risk only for whitelisting. A user who regurly runs an app that has UAC prompts would typically be just mindlesly clicking yes anyway. The real danger of excessive UAC prompts is the end user can start to ignore them and just click on yes for everything, or even disable UAC which was the problem with vista. Not so much with windows 7 as microsoft did whitelist various internal windows binaries.

Tepid said:

Ok, this whole issue about whitelisting is ridiculous.
The best solution is to have software that does not require admin rights to run, period.
It can be done. 99.9995% of software should not require admin rights to run.

The only ones that should are apps like CCleaner and Malware/Virus Scanners and systems tools. That's it.
Your Games and Music and Video apps don't need Admin rights to run, only to install.

Then, get rid of UAC completely and implement straight REAL Standard User Accounts and Run As Admin that requires both UserID and Password. That's it.

Its worth noting linux/bsd etc. their form of UAC is effectively sudo, and that can effectively whitelist. If used correctly its quite safe. For the apps we dont all use the same mainstream apps. In my case the apps in question are UAC compatible however I choose to not run them that way one reason been I want their data stored in legacy format in the program dir not in the user folders when run in UAC mode. One of the apps also has addons which dont work right in UAC mode as it uses system calls that requires admin rights. Is custom coded and unlikely to be updated anytime soon if even possible. I dont care too much for whitelist for myself as said before but there will always be apps out there that will prompt for UAC.

I will soon be migrating to a SRP+restricted user setup so this for me will soon not apply for me anyway as I will be fast user switching to admin account for maintenance tasks and running apps from restricted account.

I've noticed on my system when opening Malwarebytes a UAC prompt pops up, yet when opening Super antispyware it just runs without one.

chrysalis said:

it would be caught by the hash check I mentioned and reprompt, the reprompt would then catch my attention and I wouldnt whitelist again without a scan of file.

"UAC has detected file properties changed of whitelisted app please advise on action"

The same scenario can affect the yes/no prompt, its not a risk only for whitelisting. A user who regurly runs an app that has UAC prompts would typically be just mindlesly clicking yes anyway. The real danger of excessive UAC prompts is the end user can start to ignore them and just click on yes for everything, or even disable UAC which was the problem with vista. Not so much with windows 7 as microsoft did whitelist various internal windows binaries.

Excellent post explaining the subtleties.

That actually highlights why a white-list is even more effective for security. If an app triggers every time I run it, I never read it after the first few times.

If it were malware hijacked, I would just auto click yes...

Now if I could white-list it like I want to, and if it changed, it would UAC again, that would immediately catch my attention, much the same way white-listed applications trigger on my firewall again after a change.

I think the point of UAC is twofold:

1) To protect the non-tech' masses from infecting their own machines.

2) To allow admins to assign standard user accounts to those who don't know what to allow and what to deny, or wouldn't care.

As an admin, it's no annoyance whatsoever to click 'OK' when needed, even if several times a day. The standard users on my network, however, can't just click 'OK'. They must enter a password, which they don't have. If the denied operation is essential to their progress, I'll have to enter the password. If not, I don't even get notified. They just move on. I rarely get notified.

That, for me, is where the real usefulness of UAC shows itself. I'm not worried about my actions compromising my network, but certainly I have concerns with users who either don't have the tech know-how to know or care, or the integrity to care if the system/network is infected or hosed.

James

Snowdog said:

chrysalis said:

it would be caught by the hash check I mentioned and reprompt, the reprompt would then catch my attention and I wouldnt whitelist again without a scan of file.

"UAC has detected file properties changed of whitelisted app please advise on action"

The same scenario can affect the yes/no prompt, its not a risk only for whitelisting. A user who regurly runs an app that has UAC prompts would typically be just mindlesly clicking yes anyway. The real danger of excessive UAC prompts is the end user can start to ignore them and just click on yes for everything, or even disable UAC which was the problem with vista. Not so much with windows 7 as microsoft did whitelist various internal windows binaries.

Excellent post explaining the subtleties.

That actually highlights why a white-list is even more effective for security. If an app triggers every time I run it, I never read it after the first few times.

If it were malware hijacked, I would just auto click yes...

Now if I could white-list it like I want to, and if it changed, it would UAC again, that would immediately catch my attention, much the same way white-listed applications trigger on my firewall again after a change.

Of course those saying whitelist would be very bad seem to have forgotten that microsoft did improve windows 7 UAC by whitelisting internal system files, thats all they did, it was very simple. So windows 7 already has UAC whitelist it just isnt configurable.