Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Getting back my security by "fixing" User-Account


31 Oct 2010   #1

Win7 x64
 
 
Getting back my security by "fixing" User-Account

Hey there,

when I first installed I set up my own account to be part of the administrator-group and deactivated UAC, because I came from XP and was annoyed about all the popups and prompts during the installation of all my apps. I made a backup of this set-up, and now, a year later, restored it, because my old Windows 7 was broken in some points. Now I'm wondering how to restore the complete security for me?

Is it enough to remove the "administrator"-group for my user (so that only the group "HomeUsers" remains) and activate UAC? Is this the default setting, or is there anything left?

Thanks so far!

Edit: Damn, I made myself to "HomeUser" and activated UAC (admin acc is inactive, though). But now I can't do anything!? I thought this was the right way to do it, but now I can't even click "yes" when promped by UAC...
Edit2: Okay made it back by googling: using safemode of Windows 7, logging into Adminacc and than I could restore my user-acc to be part of administrators...

My System SpecsSystem Spec
.

31 Oct 2010   #2
jav

Windows 7 Ultimate x86 SP1
 
 

no, don't make your only account into standard user. Because you will need atleast one active administrator account.

You can do two things:
1) Restore back to the state where you haven't made your account standard user yet.
Create new account (standard user account)
And use this standard user account for your everyday tasks.
For administrative tasks either login to your last admin account or "run as administrator" and put password for your admin account.

2) If you don't want to configure your settings and preferences to new account:
Restore back.
Create new Administrator account.
Login in with it.
Make your previous account standard user.
Proceed just like at (1). use standard account for everyday tasks and for administrative tasks either switch user or "run as admin".

First option is more preferable, as in some cases if you convert admin into LUA (limited user account) it may still inherit some privileges from admin.
My System SpecsSystem Spec
31 Oct 2010   #3

Win7 x64
 
 

Thanks so far, do you think UAC is worth all the stuff?
I played a bit with it now, and found it very very uncomfortable. I mean, every default program asks for admin rights or, if not, I need to rightclick->start as admin, because it's installed in c:\programs and needs write access:

-miranda
-rainlendar
-keepass
-flashfxp

It's just very very annoying and isn't there a way to always execute them as admin without having to click yes everytime? I mean, e.g. miranda doesn't even run without admin privileges, since history etc is written to my database...

I enjoy the UAC when installing new programs etc, so there's no security lack for viruses, keyloggers etc etc, because I have to click "yes" before they can install, but I don't want to always have to click yes when just starting my programs Im working with everyday...
My System SpecsSystem Spec
.


31 Oct 2010   #4
jav

Windows 7 Ultimate x86 SP1
 
 

Quote   Quote: Originally Posted by wabbo View Post
Thanks so far, do you think UAC is worth all the stuff?
I played a bit with it now, and found it very very uncomfortable. I mean, every default program asks for admin rights or, if not, I need to rightclick->start as admin, because it's installed in c:\programs and needs write access:

-miranda
-rainlendar
-keepass
-flashfxp

It's just very very annoying and isn't there a way to always execute them as admin without having to click yes everytime? I mean, e.g. miranda doesn't even run without admin privileges, since history etc is written to my database...

I enjoy the UAC when installing new programs etc, so there's no security lack for viruses, keyloggers etc etc, because I have to click "yes" before they can install, but I don't want to always have to click yes when just starting my programs Im working with everyday...
Lets say, UAC actually is not security product but more of a compatibility provider.
But, yes in a way it will give you a security.

I am not really familiar with programs you listed (except keepass), but I will try to help you.

I cant understand why IM (miranda) can't run without admin privileges.
It is the problem of the developers. In Vista and Windows 7, Microsoft has moved into different strategy of working of software.
Basically in this OSes, most of the programs shouldn't need admin privileges and should not write to "program files" folder.
All their configurations and stuff, they should write into AppData and ProgramData folders.
So, it is actually laziness by developers of Miranda to adopt, new model which is causing problems.
Microsoft did know that developers will be slow to adopt to this model, and that it will break some of the current software, therefore it created UAC.
So, it will enable those programs work under the new model.
But it never meant to be final solution, but temporary one.
It was created to give time to developers to adopt to new working model.
But as you can see some developers are still too slow to move to the new model.
Therefore in a way it was meant to be annoying, to force developers to adopt faster (because otherwise they will start loosing annoyed customers)
Unfortunately, as you can see some developers don't care about it.
And I am 100% sure, it IS possible to move IM into full LUA environment.

So, in a nutshell, this annoyance isn't fault of UAC, but fault of lazy third party developers.
Secondly, contrary to popular belief, UAC is not meant to be security mechanism. It was made to assist developers and users to move into standard user environment.
And in many technical papers it was stated that it was only temporary, until all developers adopt to LUA.

ok, anyway. I am going to much into details

Quote:
It's just very very annoying and isn't there a way to always execute them as admin without having to click yes everytime?
Have a look at this tutorial: Elevated Program Shortcut without UAC Prompt - Create
My System SpecsSystem Spec
31 Oct 2010   #5

Win7 x64
 
 

Okay thanks so far. I now see what you mean. But no, the miranda IM messenger isn't laziness-product it's me, who likes the "portable" software, where the profiles, data etc is written to the folder itself. I don't like it, when the data is scattered around the hdd... So I often download portable software which doesn't really run because it needs to write data to the programs folder... Thanks for the link though, I'm gonna try it out.

But what do you mean by saying, that UAC isn't a security mechanism? I mean, it's obvious that this helps to be more secure, doesn't it? This makes me safe against any virus installation etc, because I will SEE it and can click "no"...
My System SpecsSystem Spec
31 Oct 2010   #6
jav

Windows 7 Ultimate x86 SP1
 
 

Quote   Quote: Originally Posted by wabbo View Post

But what do you mean by saying, that UAC isn't a security mechanism? I mean, it's obvious that this helps to be more secure, doesn't it? This makes me safe against any virus installation etc, because I will SEE it and can click "no"...
Yes, it will help you. I am not saying it is useless from security point of view.
It is just it wasn't meant to be security product.

The point is some people put to much hope in UAC as their security and when it fails they blame Microsoft for creating incomplete security product. But in reality they didn't create it as security mechanism.

Quote:
This makes me safe against any virus installation etc, because I will SEE it and can click "no"...
Not always.
1) It has been already illustrated that malware can possibly bypass UAC.
2) There are already wild malware that don't need administrative privileges to run. (UAC will prompt you, only if something needs admin privileges.)

So, that's why I recommend average users to move into full LUA (limited user/standard user) rather than admin account with UAC.

Anyway, to your question, in most cases UAC can become security product, even though it wasn't directly meant to be.

EDIT: I see irony Alureon Bootkit Trojan - Crossing the 64 bit Barrier
My System SpecsSystem Spec
31 Oct 2010   #7

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by wabbo View Post
Thanks so far, do you think UAC is worth all the stuff?
Hi, wabbo.

Yes, UAC Is worth it, particularly since you have a 64-bit system. The quote below is from this topic: Alureon Bootkit Trojan - Crossing the 64 bit Barrier

Quote:
However, it's important to note, the infection can only compromise a 64 bit Windows 7 or Vista system, if User Account Control (UAC) is turned OFF or if the user casually approves the malicious action.
My System SpecsSystem Spec
31 Oct 2010   #8

Win7 x64
 
 

Thanks so far. If I understand it right, I can say generally, that infecting a 64bit system is harder than doing it on a 32bit system. At least, that is what I read from this part of the text:

Quote:
More recently, in early August 2010, a new Alureon TDL variant that displayed the ability to infect Vista and Windows 7 64 bit based computers emerged.
This was a very unsettling but significant development, because very strict security measures that were integrated into 64 bit versions of Vista and Windows 7 (Patchguard and very stringent driver signing requirements) had to be bypassed to allow this to happen!
Am I assuming right? Is it really harder for malware and viruses to get into a 64bit system? Or do they only mean such rootkits, which need to install into MBR etc...?
My System SpecsSystem Spec
31 Oct 2010   #9

Windows 7 & Windows Vista Ultimate
 
 

You are correct, wabbo. At this point, it really is more difficult for malware and viruses to get into 64-bit systems that are kept up to date with Microsoft and third-party security updates, UAC on, antivirus and firewall installed and, most importantly, the user doesn't allow install an infected program. There is no protection from the careless user.
My System SpecsSystem Spec
01 Nov 2010   #10

Win7 x64
 
 

Thanks. Assuming that UAC is turned off, is there still a difference between 64bit and 32bit (User is the same (he is not careless), Firewall and Avast Antivir turned on)? From what I read off the article, there is one because 64bit viruses need some signed drivers, but I'm not sure about it.
My System SpecsSystem Spec
Reply

 Getting back my security by "fixing" User-Account




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:21 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33