Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: UAC. Have you turned your's off?

10 Nov 2009   #61
macgyver2

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by pparks1 View Post
Quote   Quote: Originally Posted by macgyver2 View Post
when I had UAC running at high it didn't do anything to prevent that software from compromising the system.
Of course it didn't. That's not what it is supposed to do. The UAC system does NOT prevent a machine from being infected. The UAC system does not stop a virus. The UAC system does NOT prevent malware from being installed. You might was well have said, after running the UAC system my computer's hard drive still became fragmented over time.

The UAC system informs you, the admin, when an application is trying to elevate itself to have admin rights. If you have the slider bar all the way to the top, the UAC system will inform you, the admin, when you do something that needs to elevate to admin status. Either way, if you say yes, it elevates and does WHATEVER it was going to do. The UAC system does not step in and further try to prevent anything from happening.

I still cannot believe how many people think that UAC is supposed to stop these types of problems. It's a notification system, it allows you to escalate to an admin without switching user accounts. It does not provide the functionality of an AV application or an anti-malware application.
sorry for not being totally clean, it didn't inform me at all that the software was doing something that wasn't good like giving itself admin rights under a user account


My System SpecsSystem Spec
.
10 Nov 2009   #62
logicearth

Windows 10 Pro (x64)
 
 

Quote   Quote: Originally Posted by macgyver2 View Post
sorry for not being totally clean, it didn't inform me at all that the software was doing something that wasn't good like giving itself admin rights under a user account
If you didn't get a UAC prompt and you had it on, that could mean one of two things.

A) It doesn't do any system alteration instead it is a user level attack which only effect the user account. C:\User\[your-username] does not require any special priviliges as long as you are the user in question.

B) The permissions (could be file ACLs, or any ACLs) on the system have been compromised which allows the malware to write to select locations without provoking UAC.
My System SpecsSystem Spec
10 Nov 2009   #63
macgyver2

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by H2SO4 View Post
Quote   Quote: Originally Posted by macgyver2 View Post
...the biggest problems is always the USER. Now I run my computer as an admin account 100% of the time...
Mistakes

how is this a mistake, My account has admin rights, I normally do things that need those rights daily and changing accounts all the time is well time consuming. I take precautions like system restore, weekly full system back ups etc etc I have 20+ years of a secure system minus the issue with my router which really wasn't much of an issue as they didn't access anything since I caught the access before they could reach any files. I even test what virus do to my computer in VPC and not once infected the host. I even stalled software knowing it would get my system infected and couldn't get the results others got with infection.

logicearth, from what i have read in this thread UAC should warn me when software is trying to install somehthing beyond itself, this social networking ad software did just that installed a second program which gave it admin rights, I wasn't able to reproduce the same results on my system (didn't want to leave it infected for 2-3 months) but I do know it wanted internet access and tried to access my email and even changed my default programs. AV software reported the infection as a trojan. Granted after confirming infection etc I used a backup to restore my system.
My System SpecsSystem Spec
.

11 Nov 2009   #64
H2SO4

Win7x64
 
 

Quote   Quote: Originally Posted by macgyver2 View Post
Quote   Quote: Originally Posted by H2SO4 View Post
Quote   Quote: Originally Posted by macgyver2 View Post
...the biggest problems is always the USER. Now I run my computer as an admin account 100% of the time...
Mistakes
how is this a mistake, My account has admin rights, I normally do things that need those rights daily and changing accounts all the time is well time consuming.
The real title of this thread is "Do you use an admin account for daily tasks?" - a practice which is universally condemned by every noteworthy computer security specialist on the planet. UAC is a mere side-effect of that question.

In this context, "security" means having control over the movement of information on your computer. In an ideal world, your own information would never leave without your knowledge, and no code would ever enter your machine without your permission. Relying on an admin account for daily tasks reduces the level of control over the movement of information, and thereby lessens security.

Whenever you execute any code as an admin you are totally and completely entrusting your computer and all its information to the author of that code, as well as the authors of any code dependencies, and their dependencies in turn, and so on. From humble freeware to commercial apps costing thousands, all software is made up of imports and helper libraries whose complexity makes it difficult to discern the real author of a given app, let alone whether all of that imported code is entirely trustworthy and free from unintentional security defects.

Counter-intuitively, it is much harder to spot inadvertent security breaches than purposeful maliciousness. AV utilities aim for the latter - their sole purpose is to detect patterns representing known attack code. Where it gets really hard is when you try to understand how the presence of an app or a given code library and its dependencies may substantially reduce the level of security without intending to do so. That's part of what UAC does.

XP was designed and released before MS fully embraced LUA principles. While it was theoretically possible to stay with a non-admin account for daily use, in practice it was too impractical. There was no app and registry virtualisation, no UAC, and most developers still wrote code which assumed the user is an admin. Elevation had to be done so frequently and pre-emptively that it may as well have been permanent.

In Vista and Win7 the OS is designed to make LUA practical and UAC is a big part of that. By detecting and flagging attempts to use privileged functionality, UAC makes it possible to avoid reliance on admin accounts while still making use of software which assumes an administrative context.

With UAC disabled, you're most of the way back to XP in terms of LUA practicality; that is, it's impractical - you have to use an admin account for daily tasks. Personal testimonials about how through skill and good fortune you've managed to avoid getting pwned for 20 years are frankly neither here nor there. What matters is "best practices" stuff.

Until and unless you manage to find a computer security authority willing to advocate the use of privileged accounts for routine tasks, I'd suggest re-evaluating your stance. It's no accident that every major OS is either moving in that direction (Windows) or has been firmly in that camp from day zero (UNIX, Linux, every mainframe and minicomputer OS,...).
My System SpecsSystem Spec
11 Nov 2009   #65
Barman58

Windows 10 Pro x64 x3, Ubuntu
 
 

I will have to admit that I have changed my working practice since moving to Vista - With XP and Win200 & NT before them I would never think of running as an admin now I switch UAC on and use the convenience that gives me to run as an admin.

With previous operating systems you ran as a standard user and then logged in as an Admin, (domain or local dependent on needs), to perform admin tasks. The alternative was to run the "runAs" addon, (from the SDK), which involved entering your full username and password, what a relief the UAC was when I first ran Vista.

OK my background may not be the normal user background but I find that others with my type of usage history in secure systems will also not have an issue with UAC.

If a user decides to run with UAC disabled then that is their choice, on their own system, just don't expect to have the option on any system I manage

PS one of the first things I install on any XP system I install is Comodo's Defence+ which acts as a similar information source as provided by UAC
My System SpecsSystem Spec
11 Nov 2009   #66
Dinesh

Windows® 8 Pro (64-bit)
 
 

Quote   Quote: Originally Posted by brother View Post
One of the first things I did after installing Windows 7, was to turn the UAC completely off to stop getting those annoying messages.
I have just read in this months PCPlus magazine that you should alter the default settings in UAC and slide the thing right to the top to give yourself more protection!
I'm not sure what's best now?
Have you turned yours off?
Yes all the way to the bottom.
My System SpecsSystem Spec
11 Nov 2009   #67
macgyver2

Windows 7 Ultimate x64
 
 

I guess my issue is with restricting myself because of security it falls back to what do I want to give up for security and my personal answer is nothing. Granted my virus free stint may just be dumb luck but with a little thought about risk over gain I have been able to keep my personal info on my computer safe. So I guess my point is I am not willing to give up something to have a sense of security. I say sense because I know first hand as others may also that there will always be someone who finds ways around the security put into place, so I am not willing to live in fear of attack and if I have anything on my computer worth losing then no matter what security I have in place doesn't matter because I am still willing to risk it. So if someone wants my MRI scans my personal pictures they can have it, I don't have anything that would risk my money, so basically the only value my laptop has is the laptop itself.

Shoot I saw a news report about software that would allow a user to gain access to cell phones and be able to listen or see what happens with said phone, are we going to find ways to make cell phones more secure and give up ease of use to stop this type of attack? or are we not willing to give up the freedom of cell phones for the just in case of attack.

Security no matter on a computer, cell phone or your home its just a barrier that others can defeat if willing and I personally won't be held hostage to fear.
My System SpecsSystem Spec
11 Nov 2009   #68
H2SO4

Win7x64
 
 

Quote   Quote: Originally Posted by macgyver2 View Post
I guess my issue is with restricting myself because of security it falls back to what do I want to give up for security and my personal answer is nothing.
Everyone gets to choose to what extent they are willing to trade off short-term convenience for security. If I understand correctly, you're saying that you favour convenience in this context, and that is understandable given the statement below...

Quote   Quote: Originally Posted by macgyver2 View Post
So if someone wants my MRI scans my personal pictures they can have it, I don't have anything that would risk my money, so basically the only value my laptop has is the laptop itself.
If the value of the hardware far outweighs the value of the data on a given machine, then it makes perfect sense to move the convenience/security slider a little more towards "convenience".

By extension, disabling UAC is the inappropriate choice when emphasis is placed on the data and/or the time and effort invested in configuring a given software environment.

Thank you for an interesting discussion
My System SpecsSystem Spec
12 Nov 2009   #69
esteban

7 Ultimate, Debian Squeeze, #! Statler
 
 

Quote   Quote: Originally Posted by logicearth View Post
Quote   Quote: Originally Posted by esteban View Post
Single power user = nothing above initial account.
Yes there is. First of all the all powerful user on Windows is SYSTEM. It has even more power then the Administrator account. The Administrator account has more power then those accounts that are part of the Administrators group. And the permissions that are applied to the Administrators group can be revoked very easily because everything in Windows is governed by ACLs and those ACLs are configurable to micro levels.

I do not expect you to know the how deep ACLs really go in Windows or how user accounts are handled.
I played around in XP as SYSTEM. I know more than you think I do, but I'm done with this argument; it's not going anywhere.
My System SpecsSystem Spec
12 Nov 2009   #70
Zidane24

Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
 
 

Quote   Quote: Originally Posted by esteban View Post
Quote   Quote: Originally Posted by logicearth View Post
Quote   Quote: Originally Posted by esteban View Post
Single power user = nothing above initial account.
Yes there is. First of all the all powerful user on Windows is SYSTEM. It has even more power then the Administrator account. The Administrator account has more power then those accounts that are part of the Administrators group. And the permissions that are applied to the Administrators group can be revoked very easily because everything in Windows is governed by ACLs and those ACLs are configurable to micro levels.

I do not expect you to know the how deep ACLs really go in Windows or how user accounts are handled.
I played around in XP as SYSTEM. I know more than you think I do, but I'm done with this argument; it's not going anywhere.
...Or you cannot argue to the contrary...

Hit and Run I suppose...
My System SpecsSystem Spec
Reply

 UAC. Have you turned your's off?




Thread Tools




Similar help and support threads
Thread Forum
HDD partition turned RAW!!!
Hi everyone, I have one internal HDD with five partitions that I am using it as external HDD using SATA to USB casing. It is from my previous laptop which is dead long ago. Till now the HDD was working fine but last night 2 of the partitions turned RAW. Its asking me to format the partitions but...
Hardware & Devices
Windows could not be turned on...
I am not sure that this should be in system security,if so,an admin/mod can move it. I am recieving a pop up with an icon which hase 2 keys stating that "Windows could not be turned on" Here is an atachement with the window that turns up when I click the icon. Thanks!
Windows Updates & Activation
MSE is Turned off?
I just updated MBAM and I'm currently running a full system scan. All of a sudden, this pops up in my Action Center: So, I open MSE and see this: What is going on?
System Security
Jumplists Turned Off?
Hey Guys, I've got an odd thing happening.. it seems the Jumplists feature has been turned off and I can't for the life of me figure out how to turn them back on. When I right click an icon in the taskbar all I get for options are the following.. {Program Name} Unpin from taskbar Any...
General Discussion
Win 7 turned back into XP!????
Ok so just now my win7 machine turned back into XP. I have no idea why or how and it will not let me login. it asks me to authorize online, i try it but it can not reach the internet (which it is connected to). Anyone have an idea on what is going on? I just used my machine last night and it...
General Discussion
MSE turned off
On a couple of occasion recently after booting up there is a flag that MSE is turned off. I use MSE and Windows firewall as my protection with no other programs installed. Why would MSE be turned off if I did not do it?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:23.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App