Windows UAC question

Corrine · 11 May 2010

zzz2496,

Although written based on Windows Vista, I refer you to UAC: Desert Topping, or Floor Wax? an article by Crispin Cowan, Program Manager on Microsoft's Security Team. The conclusion:

UAC, in all of its forms, including Silent Mode, provides some obstacles to attacks, and so so it is always a security feature. UAC in operation does nothing other than to say “no” to some access requests, and so it cannot be anything but a security feature.

Also see the more recent User Account Control: Inside Windows 7 User Account Control by Microsoft Technical Fellow Mark Russinovich where he provides a excellent information on UAC.

In particular note that although it is true that the primary purpose of elevation is not security, unlike Windows XP where it was necessary for a standard user to log on to an Admin account or use Fast User Switching, with UAC enabled, all user accounts—including administrative accounts—run with standard user rights.

This does indeed provide a significant layer of security!

hackerman1 · 11 May 2010

no way, it´s absolutely NOT safe to turn off UAC.

install Winpatrol too, and let both UAC & Winpatrol keep an eye on your system.

exia · 11 May 2010

Seems like a lot of work to change the UAC for one program. I will let things be. I rarely run Ace Utilities anyways, thought I would save an extra click by turning off UAC for that program.

I won't be install WinPatrol, too many programs, I will let the OS take care of itself.

Bare Foot Kid · 11 May 2010

exia said:

Seems like a lot of work to change the UAC for one program. I will let things be. I rarely run Ace Utilities anyways, thought I would save an extra click by turning off UAC for that program.

I won't be install WinPatrol, too many programs, I will let the OS take care of itself.

That's a very good decision.

severedsolo · 11 May 2010

Bare Foot Kid said:

exia said:

Seems like a lot of work to change the UAC for one program. I will let things be. I rarely run Ace Utilities anyways, thought I would save an extra click by turning off UAC for that program.

I won't be install WinPatrol, too many programs, I will let the OS take care of itself.

That's a very good decision.

+1 totally agree

zzz2496 · 11 May 2010

Corrine,

I have personal reasons to disable UAC, and yes I know how UAC works. As UAC as security feature, honestly... I find that statement ridiculous. See, to limit an Administrator so that it looks like a standard user is silly, putting locks and limiters and blockers and sandboxes EVERYWHERE literally, IMHO is beyond ignorant imbecile levels... The proper way to practice security is -> just lock the user, plain and simple. Security is "paid" not "given". You'd lose some flexibility when implementing proper security practice, it's a price you have to pay, and in time - you must educate your users to practice proper "secure conducts". I'd prefer to use (or forced to use) a standard user, and have my resources to be used by my applications, rather than it's used to BLOCK/CHECK/LOCK/ASK/HINDER everything I do to the system. The UAC sandbox, as efficient as MS told to customers, it's still a sandbox - meaning it does more and more checking and blocking on top of NTFS ACL/Object ACL, user token security checks, it's redundant and wasting processing power, it's horrible, just horrible...

Force Windows user to use standard user type, and only make ONE Administrator that is password protected BY DEFAULT at system install (you can optionally add another Administrator class user later, after many system checks), that is the correct way. Everything that needs a system administrator privilege will invoke a dialog box containing username/password textboxes (similar to what Linux/MacOS does). The problem here is, Windows is still using the old design, to be used as a single user, administrator friendly, -kernel/driver hooks access directly from user space applications- operating system. The usage model is still focused as old Windows is, single user...

Standard user security level is what UAC wants, so why not just use a standard user instead? The problem is, in Linux/UNIX, there is SUDO (and it's variance), that will run a process as different user, practically easy. In Windows on the other hand, "run as different user" doesn't act like SUDO, it still limited in some ways, and isn't as predictable -limited by how Windows is designed-, again back to the "design" problem.

But then again, there's few hundred millions Windows users that will get cranky when their beloved OS changed drastically by Microsoft, yes I understand this factor. But let's look at other OS vendor, let's say Apple. They drastically change the way their OS work when they announce that Mac OS X is coming. They again change drastically as killing PowerPC support in 10.6, they kill classic (OS 9 virtualization layer) in OSX (I forgot the exact version). For the sake of progress, some legacy MUST GO, it has to. Microsoft in this sense is the slowest of them all, Linux is even crazier than Apple, the software stack is changing in daily basis, kernel gets upgraded by the hour, and yet - the most complaint prone market in the world, the corporate users, are sitting happily with their Linux servers...

So, IMHO, UAC is useless, a technological mess orchestrated beautifully by Microsoft engineers, disable it if you know what you're doing, by that I mean that you'll use the standard user account instead for day to day use plus a dose of common sense, and an updated AV/malware scanner, and fast user switch to admin account to do admin works...

zzz2496

Creer · 11 May 2010

Hi zzz2496,

Please note that on Windows OS you have something like mentioned by you SUDO for unix - it's called SuRun.
There are also other bulit-in mechanisms in Windows like DEP, SRP, LUA, UAC and 3rd party software called PGS - Pretty Good Security for managing SRP policy.

Also please remember that from security point of view, there is no one GOLD rule which will allow create so called 'perfect and 100% bullet proof setup' - it's impossible.
Security setup should to be optimal for eg. torrent user and only Internet web-browsing person, they needs different level of protection for what they do. There will be no one 'gold' setup for everyone, it depends on also level of their knowledge about pc's, networking, etc... What will work for you or me won't work for others.
The point is... you will not find the one true perfect security setup for everyone. Absolute security doesn't exist, however rational risk management does. Although there are no guarantees of absolute protection against future threats.

zzz2496 · 11 May 2010

Creer said:

Hi zzz2496,

Please note that on Windows OS you have something like mentioned by you SUDO for unix - it's called SuRun.
There are also other bulit-in mechanisms in Windows like DEP, SRP, LUA, UAC and 3rd party software called PGS - Pretty Good Security for managing SRP policy.

Also please remember that from security point of view, there is no one GOLD rule which will allow create so called 'perfect and 100% bullet proof setup' - it's impossible.
Security setup should to be optimal for eg. torrent user and only Internet web-browsing person, they needs different level of protection for what they do. There will be no one 'gold' setup for everyone, it depends on also level of their knowledge about pc's, networking, etc... What will work for you or me won't work for others.
The point is... you will not find the one true perfect security setup for everyone. Absolute security doesn't exist, however rational risk management does. Although there are no guarantees of absolute protection against future threats.

Hi Creer,

IIRC, SuRun is the console version of "Run as different user" context menu, but I can be wrong on this one... As I said earlier "Run as different user" doesn't behave consistently (I've bumped to several issues with it in the past).

Yes I know there are other security protections in place other than UAC, and yes, there is no 100% secure in computer security. What I mean is, UAC is a mess, the concept of "underpowering a super user" is flawed from the very fundamental of the concept. If we want security, we need to use something that's limited by default, then fine tune the "limiter" - it can't go "over limit" when the "limiter" failed. Start with a "no limit" then put "limiters" can results in a failure of the "limiter" which then resulting a "no limit" situation, which is bad...

I'm not after the "gold" standard, it'd be too constricting for a regular user to use, but you get what I mean, UAC is a mess, it's fundamentally flawed concept is NOT a security feature, though in some cases it can safe our arse. Still, it's "in some cases it can safe us" - which can mean "in some other cases it can't"...

zzz2496

Ps. In a standard user situation, my last statement will be like this: "in any case, it WILL safe us", which is FAR better than "sometimes it will, sometimes it won't"...

Corrine · 11 May 2010

UAC is only one factor. DEP is another as are the firewall, antivirus and anti-malware software programs. I have yet (*knock on wood*) been hit by a drive-by attempt. Should that happen, I certainly hope to be alerted by one if not all of the above to prevent, or at least limit, the damage.

So, for myself, I'll keep UAC active on my computer.

hackerman1 · 11 May 2010

zzz2496: "Standard user security level is what UAC wants, so why not just use a standard user instead? "

a good security starts with ALWAYS running on a "normal" USER-account !
then when you need elevated privilege, UAC let you have it.
you should only run on an ADMIN-account when it´s absolutely necessary,
fx. when you are doing system maintenance and don´t want to enter your password several times.

exia: get Winpatrol, it´s a good addition to your safety, it uses very little memory and adds security to your system.
it has saved my A-S-S several times.
Winpatrol is FREE, so you have nothing to lose on getting it....