New
#61
If you didn't get a UAC prompt and you had it on, that could mean one of two things.
A) It doesn't do any system alteration instead it is a user level attack which only effect the user account. C:\User\[your-username] does not require any special priviliges as long as you are the user in question.
B) The permissions (could be file ACLs, or any ACLs) on the system have been compromised which allows the malware to write to select locations without provoking UAC.
how is this a mistake, My account has admin rights, I normally do things that need those rights daily and changing accounts all the time is well time consuming. I take precautions like system restore, weekly full system back ups etc etc I have 20+ years of a secure system minus the issue with my router which really wasn't much of an issue as they didn't access anything since I caught the access before they could reach any files. I even test what virus do to my computer in VPC and not once infected the host. I even stalled software knowing it would get my system infected and couldn't get the results others got with infection.
logicearth, from what i have read in this thread UAC should warn me when software is trying to install somehthing beyond itself, this social networking ad software did just that installed a second program which gave it admin rights, I wasn't able to reproduce the same results on my system (didn't want to leave it infected for 2-3 months) but I do know it wanted internet access and tried to access my email and even changed my default programs. AV software reported the infection as a trojan. Granted after confirming infection etc I used a backup to restore my system.
The real title of this thread is "Do you use an admin account for daily tasks?" - a practice which is universally condemned by every noteworthy computer security specialist on the planet. UAC is a mere side-effect of that question.
In this context, "security" means having control over the movement of information on your computer. In an ideal world, your own information would never leave without your knowledge, and no code would ever enter your machine without your permission. Relying on an admin account for daily tasks reduces the level of control over the movement of information, and thereby lessens security.
Whenever you execute any code as an admin you are totally and completely entrusting your computer and all its information to the author of that code, as well as the authors of any code dependencies, and their dependencies in turn, and so on. From humble freeware to commercial apps costing thousands, all software is made up of imports and helper libraries whose complexity makes it difficult to discern the real author of a given app, let alone whether all of that imported code is entirely trustworthy and free from unintentional security defects.
Counter-intuitively, it is much harder to spot inadvertent security breaches than purposeful maliciousness. AV utilities aim for the latter - their sole purpose is to detect patterns representing known attack code. Where it gets really hard is when you try to understand how the presence of an app or a given code library and its dependencies may substantially reduce the level of security without intending to do so. That's part of what UAC does.
XP was designed and released before MS fully embraced LUA principles. While it was theoretically possible to stay with a non-admin account for daily use, in practice it was too impractical. There was no app and registry virtualisation, no UAC, and most developers still wrote code which assumed the user is an admin. Elevation had to be done so frequently and pre-emptively that it may as well have been permanent.
In Vista and Win7 the OS is designed to make LUA practical and UAC is a big part of that. By detecting and flagging attempts to use privileged functionality, UAC makes it possible to avoid reliance on admin accounts while still making use of software which assumes an administrative context.
With UAC disabled, you're most of the way back to XP in terms of LUA practicality; that is, it's impractical - you have to use an admin account for daily tasks. Personal testimonials about how through skill and good fortune you've managed to avoid getting pwned for 20 years are frankly neither here nor there. What matters is "best practices" stuff.
Until and unless you manage to find a computer security authority willing to advocate the use of privileged accounts for routine tasks, I'd suggest re-evaluating your stance. It's no accident that every major OS is either moving in that direction (Windows) or has been firmly in that camp from day zero (UNIX, Linux, every mainframe and minicomputer OS,...).
I will have to admit that I have changed my working practice since moving to Vista - With XP and Win200 & NT before them I would never think of running as an admin now I switch UAC on and use the convenience that gives me to run as an admin.
With previous operating systems you ran as a standard user and then logged in as an Admin, (domain or local dependent on needs), to perform admin tasks. The alternative was to run the "runAs" addon, (from the SDK), which involved entering your full username and password, what a relief the UAC was when I first ran Vista.
OK my background may not be the normal user background but I find that others with my type of usage history in secure systems will also not have an issue with UAC.
If a user decides to run with UAC disabled then that is their choice, on their own system, just don't expect to have the option on any system I manage
PS one of the first things I install on any XP system I install is Comodo's Defence+ which acts as a similar information source as provided by UAC
I guess my issue is with restricting myself because of security it falls back to what do I want to give up for security and my personal answer is nothing. Granted my virus free stint may just be dumb luck but with a little thought about risk over gain I have been able to keep my personal info on my computer safe. So I guess my point is I am not willing to give up something to have a sense of security. I say sense because I know first hand as others may also that there will always be someone who finds ways around the security put into place, so I am not willing to live in fear of attack and if I have anything on my computer worth losing then no matter what security I have in place doesn't matter because I am still willing to risk it. So if someone wants my MRI scans my personal pictures they can have it, I don't have anything that would risk my money, so basically the only value my laptop has is the laptop itself.
Shoot I saw a news report about software that would allow a user to gain access to cell phones and be able to listen or see what happens with said phone, are we going to find ways to make cell phones more secure and give up ease of use to stop this type of attack? or are we not willing to give up the freedom of cell phones for the just in case of attack.
Security no matter on a computer, cell phone or your home its just a barrier that others can defeat if willing and I personally won't be held hostage to fear.
Everyone gets to choose to what extent they are willing to trade off short-term convenience for security. If I understand correctly, you're saying that you favour convenience in this context, and that is understandable given the statement below...
If the value of the hardware far outweighs the value of the data on a given machine, then it makes perfect sense to move the convenience/security slider a little more towards "convenience".
By extension, disabling UAC is the inappropriate choice when emphasis is placed on the data and/or the time and effort invested in configuring a given software environment.
Thank you for an interesting discussion :)