• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Is there anything worthwhile to UAC in Vista?

phexac

phexac

Senior member
Basically are there any true benefits to it if you are not completely clueless about computers, or is it really nothing more than an annoying pop-up that asks you whether you REALLY want to install the program that you just said you want to install? Or one that makes you confirm 2ce that you really want to copy a file from one folder to another?

Is there any aspect of it that adds security to IE7? And would IE7 become anywhere near a vulnerable as IE6 without it? (I use FF btw..so just wondering).
 
Yes. I dont care aware you think you are, a trojan can weasle its way into your registry and install with no knowledge. Alot of the new trojans have not so obvious names, and dont show up under installed programs. It's simply a way to avoid it.

It really isnt that big of a deal.
 
The first time I turned off UAC I had at least one application that would not install until I re-enabled UAC.
 
Here is a pretty decent basic writeup on UAC from a guy who knows his stuff (to say the least). It's worth a read. A lot of people out there are throwing a monkey wrench in the works by disabling UAC. Vista is the first secure Windows version that you can realistically run from a regular user account. IMO it's a really, really, really terrible idea to discard that huge improvement in the way this OS works.
 
Originally posted by: phexac
Basically are there any true benefits to it if you are not completely clueless about computers, or is it really nothing more than an annoying pop-up that asks you whether you REALLY want to install the program that you just said you want to install? Or one that makes you confirm 2ce that you really want to copy a file from one folder to another?

Is there any aspect of it that adds security to IE7? And would IE7 become anywhere near a vulnerable as IE6 without it? (I use FF btw..so just wondering).
Click to expand...

The split use token that UAC provides is probably the best security improvement in Vista. One your installed you will rarely see UAC prompts (less so with SP1)

Bill
 
Yes, UAC has major benefits. Yes, UAC improves IE7's security, by enabling Protected Mode, which keeps the browser operating at an even lower Integrity level than your non-Admin processes (such as your Explorer shell), so the browser can't be used to mess with even your account's personal Start menu, etc (unless you just approve every Protected Mode override you see, which would be the wrong thing to do).

If you're getting UAC prompts when copying stuff from folder to folder, you might need to make some changes to your file-system permissions. If so, post more specifics so people can help you with that.
 
Originally posted by: bsobel
Originally posted by: phexac
Basically are there any true benefits to it if you are not completely clueless about computers, or is it really nothing more than an annoying pop-up that asks you whether you REALLY want to install the program that you just said you want to install? Or one that makes you confirm 2ce that you really want to copy a file from one folder to another?

Is there any aspect of it that adds security to IE7? And would IE7 become anywhere near a vulnerable as IE6 without it? (I use FF btw..so just wondering).
Click to expand...

The split use token that UAC provides is probably the best security improvement in Vista. One your installed you will rarely see UAC prompts (less so with SP1)

Bill
Click to expand...

Whilst I like and use UAC saying

Once your installed you will rarely see UAC prompts
Click to expand...

Is not true.

I get two every time I start windows (rivatuner and lifeextender).

Now you can argue that its the applications fault but they are still there.

It's not a big deal however.


 
Originally posted by: WelshBloke

Is not true.

I get two every time I start windows (rivatuner and lifeextender).

Now you can argue that its the applications fault but they are still there.

It's not a big deal however.
Click to expand...


Those applications have not been designed for Vista and very few people know what they are or will even use them. So yes, it is true for most people that UAC will rarely bother them.
 
Eh I read that article that crookbloke linked, but all it talks about there is how UAC allows to isolate processes that you allow to use admin rights. However it does not give an objective reason for why that is desirable for someone who is knowledgeable enough about computers to not do dumb things.

I mean I used XP and never had a single virus in years, which I am sure is also the case for most people on this board. I routinely use several programs that require to be run as administrator, and it's getting annoying to click allow every time. Also changing folder ownership to allow UAC-free copying and file creation within those folders seems a bit too much to go through just to get your system to work the way it would without UAC.

Could someone please link the article that describes actual real-life benefits of using UAC for a knowledgeable user.
 
IMO, a knowledgeable user would do everything to avoid running full time as an administrator. Nobody worth anything runs as root on a Unix or Linux box, and it has always been like that. It's unfortunate (to put it mildly) that Microsoft took hold of the market with an OS that was designed to run as administrator all the time, because people took that for granted. Both normal users and the bad guys out there that exploit it.

UAC is the first step to getting Windows completely moved over to the mindset of running as a standard user full time. When you have a userbase of a billion people, an ecosystem (sorry, I hate that word...) of devs, OEMs, ISVs, etc that have depended on that administrator access for more than a decade, it takes a little while to make that kind of fundemental change. And in the end, it isn't really about the "knowledgeable users" who may or may not know enough to avoid all the threats. It's about everybody else, the ones that don't know phishing from fishing, and a worm from a Trojan Horse. They WILL keep getting burned if they continue running as administrators.
 
To fit what Bsobel said, since I installed Vista SP1, I have not seen a single UAC pop-up.
 
I see. Thanks for your help guys.

By the way, as I understand it, SP1 has not yet been downloaded and installed with windows update automatically, right? MS is still working on that?
 
Originally posted by: phexac
Eh I read that article that crookbloke linked, but all it talks about there is how UAC allows to isolate processes that you allow to use admin rights. However it does not give an objective reason for why that is desirable for someone who is knowledgeable enough about computers to not do dumb things.
Click to expand...

Scenario: you visit a nice normal safe website like this Forum, and let's hypothetically say that today our advertising-banner supplier has been hacked by the Russian Business Federation (a criminal malware gang that does bad stuff that makes them piles of money). Their maliciously-rigged banner advertisement executes a zero-day exploit in, oh, let's say it's RealPlayer's browser plug-in, or some other browser plugin that you have installed (QuickTime, Java, FaceBook uploader, whatever). Result: a multipronged exploit assault on your system, using the privilege level that your browser is running at. this happens all the time nowdays.

Did you do anything dumb? No. Do you need protection from this attack anyway? Yeah. Will your "experience" give you any chance to stop the attack? No. UAC will, though... if you're using IE7 in Protected Mode (which requires UAC to be enabled), your browser is running at the lowest possible integrity level and is under severe constraints. If you're using FireFox, then you give up Protected Mode, but if UAC is enabled, at least the exploits won't have unrestrained Admin privileges lying around to do anything they please.


I mean I used XP and never had a single virus in years, which I am sure is also the case for most people on this board.
Click to expand...

The problem is, "that was then... this is now." There was a time I had a Win2000 SP1 system hosting an FTP server naked on Comcast broadband, and got away with it (out of ignorance). Today that system in that condition would be pwned in less than ten minutes, possibly less than one minute. Malware today is a crime business that reportedly makes more money than the worldwide illegal drug trade. It didn't used to be like that. The bad guys are probably delighted at all the people who think they're too experienced to need proactive mitigations such as UAC and WIC.

Could someone please link the article that describes actual real-life benefits of using UAC for a knowledgeable user.
Click to expand...

You can start with this one: FireFox's lack of low privilege heightens ANI patch urgency The underlying vulnerability has been patched since then, but hopefully the point is made: proactive mitigation is a good thing to have, sort of like seatbelts in a car. Sorry to hear that you've got software which can't cope with a non-Admin privilege level 🙁

There are other attack vectors worth noting, such as removable media (CD, DVD, flash drive, MP3 player, external drive, memory card, digital picture frame, digital camera). Ever let someone plug in a flash drive, memory card, or lend you a burned CD? With UAC enabled, at least an AutoPlay attack from one of those won't be awarded Admin privileges on your system.
 
Will your "experience" give you any chance to stop the attack? No. UAC will, though... if you're using IE7 in Protected Mode (which requires UAC to be enabled), your browser is running at the lowest possible integrity level and is under severe constraints. If you're using FireFox, then you give up Protected Mode, but if UAC is enabled, at least the exploits won't have unrestrained Admin privileges lying around to do anything they please.
Click to expand...
UAC is not intended to "stop attacks." UAC is not a security boundary, and even integrity levels are not security boundaries. UAC and ILs do not eliminate the possibility of malware spoofing the elevation process.

What UAC single purpose in life is (and this hasn't been clear at all thanks to some very mixed messages from MS) is to shift the Windows world into the concept of running as standard user FULL time. Not part time with a split token. Within a single user session, split tokens, UAC elevations, integrity levels, etc...none of them are boundaries against potential malicious elevation of privilege. There IS a boundary between a user session running as a true standard user and a user session running as an administrator with a split token.

So again, like I said in my first post in this thread, UAC is designed to make it easier to run Windows as a standard user. And that's it.

Highly recommended reading: http://blogs.technet.com/markr...2007/02/12/638372.aspx
 
Originally posted by: stash
Will your "experience" give you any chance to stop the attack? No. UAC will, though... if you're using IE7 in Protected Mode (which requires UAC to be enabled), your browser is running at the lowest possible integrity level and is under severe constraints. If you're using FireFox, then you give up Protected Mode, but if UAC is enabled, at least the exploits won't have unrestrained Admin privileges lying around to do anything they please.
Click to expand...
UAC is not intended to "stop attacks." UAC is not a security boundary, and even integrity levels are not security boundaries. UAC and ILs do not eliminate the possibility of malware spoofing the elevation process.

What UAC single purpose in life is (and this hasn't been clear at all thanks to some very mixed messages from MS) is to shift the Windows world into the concept of running as standard user FULL time. Not part time with a split token. Within a single user session, split tokens, UAC elevations, integrity levels, etc...none of them are boundaries against potential malicious elevation of privilege. There IS a boundary between a user session running as a true standard user and a user session running as an administrator with a split token.

So again, like I said in my first post in this thread, UAC is designed to make it easier to run Windows as a standard user. And that's it.

Highly recommended reading: http://blogs.technet.com/markr...2007/02/12/638372.aspx
Click to expand...

I was off on the IE7 Protected Mode tangent, which requires UAC as a prerequisite, and seems like it would be a worthwhile enhancement even to a Standard account. But you would recommend people go the whole way and use a Standard account (plus UAC of course), and not Admin+UAC, then?

(why, that's crazy talk! 😉 j/k)

The gripe I've heard a couple times about Standard + UAC is "oh noes, I have to type teh Admin password, it's Too Hard?!"

/me goes off to read Mark's article
 
But you would recommend people go the whole way and use a Standard account, and not Admin+UAC, then?
Click to expand...
I'm not saying I would recommend it, and in reality that is not quite going the whole way 🙂 Going the whole way is having two separate accounts and FUS'ing between them. Using the UAC prompt to enter a different (admin) account while running as a standard user has the same risks as elevating when using a split token. Although this can be mitigated somewhat by requiring a switch to the secure desktop AND a ctrl-alt-del. I'm not saying I would recommend either of those options either 🙂

So clearly the gap between real security boundaries and convenience in Vista is, well, kind of a chasm. And that's what the consent dialogs provide, convenience. But if we (security minded folks) describe UAC as something more than that, we (and "regular" users) will get burned someday. And getting around UAC and ILs like that isn't a bug or a vulnerability, so there won't be any patches if it happens. The underlying foundations of Windows security haven't really changed much in any of the versions of NT. So unless there are some non-trivial changes to the fundemental architecture of Windows, running code as two different users or ILs within the same session is going to be a problem.

So my recommendation for most people is to leave UAC at the defaults and use a split token. The main thing it will do is force devs to stop and think about writing better apps instead of being lazy. Because like it or not, the battle is shifting to their turf now. The number of vulns being found in apps rather than the OS is skyrocketing and it's going to get worse.
 
I disable UAC, the firewall, Windows Defender, I don't use antivirus and I don't do updates, but I won't get infected because "I know what I'm doing."

The above sentence is meant to sound so ridiculous that i must be joking, however I've heard people say essentially the same thing and swear by it.
 
Originally posted by: blackangst1
Yes. I dont care aware you think you are, a trojan can weasle its way into your registry and install with no knowledge. Alot of the new trojans have not so obvious names, and dont show up under installed programs. It's simply a way to avoid it.

It really isnt that big of a deal.
Click to expand...

oh..wow. So UAC is the final solution against Trojans, hu? 🙂

Of course not.
 
Almost 90% of the world use PC's and it is more likely to get hacked than any other OS so it would be wise to assume any type of security layer whether at a user or a system level is really necessary. Operating Systems like Mac and Linux are not widely used so we cannot scale their level of defense from external attacks, infact is it not necessary to add extreme security layers to these OS's.
 
Operating Systems like Mac and Linux are not widely used so we cannot scale their level of defense from external attacks, infact is it not necessary to add extreme security layers to these OS's.
Click to expand...

Yea, there's very few if any servers out there on the Internet running Linux...
 
Originally posted by: Aberforth
Almost 90% of the world use PC's and it is more likely to get hacked than any other OS so it would be wise to assume any type of security layer whether at a user or a system level is really necessary. Operating Systems like Mac and Linux are not widely used so we cannot scale their level of defense from external attacks, infact is it not necessary to add extreme security layers to these OS's.
Click to expand...

As Nothinman alluded to, computers that are actually reachable from the internet are a majority of Linux and Unix based systems. Even the few Windows computers you can get to are most likely proxyed or firewalled by a device that uses Linux. The thing is, these "extreme security layers" have been a standard design in *nix since the beginning. Vista still has a lot of catching up to do to catch up with the "extreme security layers" of Linux.

Originally posted by: flexy
Originally posted by: blackangst1
Yes. I dont care aware you think you are, a trojan can weasle its way into your registry and install with no knowledge. Alot of the new trojans have not so obvious names, and dont show up under installed programs. It's simply a way to avoid it.

It really isnt that big of a deal.
Click to expand...

oh..wow. So UAC is the final solution against Trojans, hu? 🙂

Of course not.
Click to expand...

I don't think that is what he is saying at all. It's a part of the overall defense that will continue to expand. Just looking at things Linux already has, Vista could still add Mandatory Access Controls and separate, restricted user accounts to run services. Linux, in addition to sudo which is like UAC, uses all of these, not just one or the other, because they all provide a different area of protection. And I'm sure the future will bring about other "solutions against Trojans" that will provide other layers of protection.

Originally posted by: thegorx
I just run live CD's now and haven't had any problems.
Click to expand...
Now THAT is an extreme security solution. I'm thinking you are joking about it, as it seems to me that would be horribly inconvenient. Though it would guarantee you a clean system on every boot.

I could see systems moving towards an approach similar to this - keep your base system on physically unalterable media and just save user files and configuration settings on regular, writeable media*. Windows System State is actually VERY similar to this, and I've toyed with the idea of actually using Windows System State to lock the harddrive on my daily-use PC. It doesn't use physically unalterable media, it uses the hard drive so theoretically it could probably be circumvented, but the concept is a big step in that direction.

*I know it's already possible to do this with several Linux LiveCDs, I just mean I could see it becoming more mainstream, and probably move to something faster and more customizable than LiveCDs.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top