How to get rid of "Do you want to allow..."?

Set User Account Controls to lowest setting. It previously wouldn't allow Gadgets then, but think it will now.

Or after install, Enable Hidden Administrator then delete named User account created during install. This requires setting up a whole new desktop and file system, which is why I only do it when first installing. But you are never second-guessed again.

When I last posted this, someone replied that the same thing can be achieved by turning off User Account controls, so I mentioned it first.

Only do this if you know what you're doing. (You know who you are.)

The problem with UAC isn't just that viruses could add themselves to whitelists, it's that they could sniff the whitelists and run themselves as a program from that list - which is even harder to prevent.

Sure it would be simple for MS to implement the safe program list, which requires user input "Are you sure you want to add <program name> to the safe programs list?", but now viruses could scan that list and fork a process as a program from that list to trick the kernel, thereby nullifying that list.

I agree it is annoying, though. I keep trying to run things like CPU-Z and HWMonitor, only to find that popup on a trusted program that is run routinely. I never had Vista, but it was my understanding that UAC didn't really change from Vista to Win7 - the only thing that changed was the default security level.

I don't really mind it, but as others have said, it's not an end-all-be-all. You can do without it if you're a safe user and have other security protection (firewall, virus/worm/trojan/malware scanner).

vol7ron

vol7ron said:

The problem with UAC isn't just that viruses could add themselves to whitelists, it's that they could sniff the whitelists and run themselves as a program from that list - which is even harder to prevent.

Sure it would be simple for MS to implement the safe program list, which requires user input "Are you sure you want to add <program name> to the safe programs list?", but now viruses could scan that list and fork a process as a program from that list to trick the kernel, thereby nullifying that list.

I agree it is annoying, though. I keep trying to run things like CPU-Z and HWMonitor, only to find that popup on a trusted program that is run routinely. I never had Vista, but it was my understanding that UAC didn't really change from Vista to Win7 - the only thing that changed was the default security level.

I don't really mind it, but as others have said, it's not an end-all-be-all. You can do without it if you're a safe user and have other security protection (firewall, virus/worm/trojan/malware scanner).

vol7ron

Yup. Vista introduced this UAC and 7 is carrying on the legacy. I personally just leave it. I only have 1 or maybe 2 programs that require the UAC permission on a daily basis, and find I can live with the few extra seconds it adds to my day, but if you are constantly having to allow, day after day, time after time, it could get annoying.

I enabled the Hidden Super administrator in Vista, but chose to leave 7 as is.

link:

Enable the (Hidden) Administrator Account on Windows 7 or Vista - How-To Geek

Something to keep in mind if it suits your fancy.

Sorry for bumbing an old threat, but it comes up first on Google and I have indeed found a solution for this...

You have to open the program that you want to stop opening the confirmation window first -> leave the program open then go to it's install folder and right click on it's executable -> goto properties -> and toggle "run this program as in administror" (you should toggle it on ones and finally leave it off) -> close the program and restart it again.

Works for me, it no longer pops up the confirmation window for some reason. Don't know why this works but it does.

That does not work for me. After I click to allow to run (like I have 50,000 times before) I look at the settings and the "run as administrator" box is already checked. Let's just all agree that MS has created in literature what is called a tragedy, which means the effect you wanted turns out to be the exact effect you didn't want. To wit, we're tired of constantly clicking that asinine box for programs we always run and so we set UAC off-now we have effectively no UAC checks, the same as not even having it installed. Congratulations Micro-brains, you just made Windows less secure by trying to make it more secure.

What is so hard about having the ability to white list certain programs? If it's a security concern, then give us the option to "allow for xx times then revert" "never check again" "only ask when program changes" (as in updates and patches). I know it's a hard concept to grasp, but I have confidence you can do it.

In the meantime, my friend is writing a .Net program to do just that. Really hard Micro-brains, really hard.

Ktl said:

Sorry for bumbing an old threat, but it comes up first on Google and I have indeed found a solution for this...

You have to open the program that you want to stop opening the confirmation window first -> leave the program open then go to it's install folder and right click on it's executable -> goto properties -> and toggle "run this program as in administror" (you should toggle it on ones and finally leave it off) -> close the program and restart it again.

Works for me, it no longer pops up the confirmation window for some reason. Don't know why this works but it does.

Some rather odd logic there. If you turn off security settings because they somehow annoy you, and that makes your system less secure,that has nothing to do with Microsoft, it is your own fault.

Systems like Windows 7 are not built primarily for people who then attempt to disable or change various parts of them in order to make things more convenient for themselves. They are built primarily for people who want trouble free and secure operation, with the least personal effort.

If you are confident in disabling or changing things that you find annoying, then go ahead and do so, nobody is stopping you, but don't whine that it is somebody else's fault when something goes wrong.

Some things may well annoy you, but the same things might well save somebody else a lot of problems.

Regards....Mike Connor

dwdallam said:

To wit, we're tired of constantly clicking that asinine box for programs we always run and so we set UAC off-now we have effectively no UAC checks, the same as not even having it installed. Congratulations Micro-brains, you just made Windows less secure by trying to make it more secure.

I have to question who has the more "micro" brain. You can't be bothered to click "yes" once in a while to protect your security, and you want to blame others and call them stupid for it.

dwdallam said:

What is so hard about having the ability to white list certain programs?

Nothing is hard about having a white list. What's hard is having a white list that isn't trivial to exploit. Just remember, anything you can do, an app can do. That's why the UAC screen goes dark, because it's putting UAC prompts in a different "window station" that apps running as the current user can't access. Thus, a rogue app can't push the "yes" button for you.

What's even harder is that users who can't be inconvenienced a little will tend to put anything that asks for elevation into the whitelist, thereby making it useless. They'll just automatically add whatever virus or spyware wants to be installed because it claims to be naked pictures of paris hilton.

dwdallam said:

If it's a security concern, then give us the option to "allow for xx times then revert" "never check again" "only ask when program changes" (as in updates and patches). I know it's a hard concept to grasp, but I have confidence you can do it.

Sadly, I have no confidence that you understand the security implications of what you're suggesting. It's not hard to add those functions. But doing so basically makes running in locked down mode pointless, and trivial to exploit.

dwdallam said:

In the meantime, my friend is writing a .Net program to do just that. Really hard Micro-brains, really hard.

Why don't you come back when he's actually done it. I know people writing all kinds of things, few of them actually succeed.

Those of you who trust "a run of the mill" security software suite to protect your system if and when the UAC is disabled, consider this.

The very first step the malicious software performs is to disable third-party protection, such as Symantec, McAfee, etc., or at the very least, adds itself to the exception list. I used to think that using a lesser know product, such as Vipre, would make it harder to disable protection by the malicious software. Boy, was I wrong...

While UAC cannot protect against everything, especially against the end user, it does prevent software to run in escalated privileged level without notifying the end user. Unfortunately, the level of access provided by UAC is about the same a the *NIX platforms "su" instead of the "sudo". In another word with the UAC, there's no way limiting privileged access based on a list of UIDs.

The UAC in itself can be bypassed by malicious software, especially when the default UID created during installation with administrator level access used as a standard logon ID. The more secure way to use UAC to protect the machine is to use a standard user account and separate administrative account. This will force entering account/password as well, if and when the UAC pops up.

<RUNT>
While people who use some type of *NIX have no issues with using "su", "sudo", or within the GUI using "kdesudo" or "gksudo", they seem to have issues with UAC. Maybe be if they'd apply their security knowledge "between the ears" to Windows 7, they wouldn't have much of an issue with the UAC.
</RUNT>

The constant barrage of UAC requests, basically limits the benefit for those that actually need protecting, because they will quickly numb to the process and nearly autoclick for anything that asks.

It should be simple to create a high security whitelist. Clearly MS allows some files on the whitelist, it's own.

There should be levels of security like Yellow/Orange/Red. RED should be placing something on the whitelist. You only do this for completely trusted programs, and it requires advanced intervention, not an auto request and it would require a maximum security (RED) UAC to pass. Thus nothing could sneak onto the list and it would greatly cut down on pointless request for the same trusted programs day after day.

I would greatly desire such a feature to cut down pointless routine UACs and make legit concerns more obvious.

It isn't naive to expect both better and more user friendly security.

Endless UAC request are both annoying and a security problem in themselves.