ManBearPig
Diamond Member
its getting kind of annoying, and im pretty damn sure i can handle the programs on my own...any opinions? if so, how would i go about doing this?
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
should i get rid of UAC?
- Thread starter ManBearPig
- Start date
mechBgon
Super Moderator<br>Elite Member
My opinion is that it should be left enabled. Disable UAC, and you throw file-system and Registry virtualization out the window, give up Protected Mode, and cast away a valuable proactive defense against exploits and malware that you won't be able to stop by yourself. The people who suggest disabling UAC, are almost always the ones who don't know anything more about it than the Continue/Cancel prompts.
If you're having non-stop UAC prompts that are bugging you, maybe post the situation so people can help you solve it, instead of shooting the messenger (UAC).
Quiksilver
Diamond Member
If you consider yourself a tech savvy person, then you shouldn't even need this question... just saying.
(I personally don't use UAC...)
(I personally don't use UAC...)
chronodekar
Senior member
I agree with Quiksilver.
If you are tech-savvy enough to be able to handle yourself, you won't need to ask this question. The very fact that you are asking it, makes me say you're better off leaving it on.
But, there is one thing you should know. When running a program for the first time, you can set the UAC to permanently allow the feature or app. That way it will never bother you again, even if you run it multiple times.
In your case, leave it ON.
If you are tech-savvy enough to be able to handle yourself, you won't need to ask this question. The very fact that you are asking it, makes me say you're better off leaving it on.
But, there is one thing you should know. When running a program for the first time, you can set the UAC to permanently allow the feature or app. That way it will never bother you again, even if you run it multiple times.
In your case, leave it ON.
ManBearPig
Diamond Member
I actually consider myself decently savvy, ive just been using xp for a really long time and heard that oblivion mods were having trouble w/ it. Thanks for your concern, ty for the advice, guess ill see how the game goes.
MrChad
Lifer
There are programs out there to tweak UAC while leaving it enabled, such as Norton's UAC Management Tool.
ManBearPig
Diamond Member
how can i set it to remember programs i have authorized??
Red Squirrel
No Lifer
Definably disable. in fact it's probably worse for non tech people then tech people as they'll just call you up complaining all the time and want a solution NOW. thing is it wont really stop malware. Malware will just bypass that whole process and go do it's stuff directly on the system. the same way a virus can leak through IE even as a non admin user. I see it happen all the time. Malware is coded to bypass all that type of security.
Crusty
Lifer
:laugh:
UAC is a LOT more then just prompts for installing software.
I suggest reading some of mechBgon's posts about all the extra security enhancements UAC brings to the table like Registry virtualization and IE Protected mode(which he already mentioned in this thread).
One thing you can NOT protect against are users, if they want to install malware they'll find a way, but using UAC properly is a giant step towards protecting end users.
Red Squirrel
No Lifer
So if you turn off UAC it turns off all the other stuff too? that's kind of silly they should just give the option to disable the popups only. That's the part that is super annoying to users. Yes I'm sure, that's why I clicked there!
Crusty
Lifer
So if you disable the popups... then when a piece of malware comes along and attempts to install the user won't be notified? Sounds like a plan to me.....
The point is that UAC prevents bad things from happening to your OS, and when you ARE going to be performing an action that will alter the OS you need to confirm that it's you wanting to do it and not some other application trying to delete your entire C:\Program Files\ folder.
chronodekar
Senior member
These appear to be popular links on the subject. (I use XP so I can't verfiy them)
Inside Windows Vista User Account Control
http://technet.microsoft.com/e...magazine/cc138019.aspx
Understanding and Configuring User Account Control in Windows Vista
http://technet2.microsoft.com/...b18ff918c2811033.mspx
User Account Control
http://technet.microsoft.com/e...owsvista/aa905113.aspx
mechBgon
Super Moderator<br>Elite Member
Actually, it stops malware quite well, in my considerable experience :camera:. Nothing has ever successfully subverted IE in Protected Mode in the course of my malware hunting, let alone day-to-day use.
If you actually know of any malware that "is coded to bypass all that type of security" in a real-world scenario, I'm certainly interested in hearing the specifics.
Can you be specific? What software do you use that cannot function without Admin rights?
chronodekar
Senior member
THAT looks interesting. Do you have your experiments published online somewhere? Can I see them? How did you test anyway?
mechBgon
Super Moderator<br>Elite Member
Here's an analysis of just one of many, many batches I collected: http://www.antisource.com/arti...ntispyware-comparisons Originally posted here as a thread, later turned into an article. The real point is that people shouldn't get cocky just because they have antivirus software, because it's not a cure-all.
As for methodology, I have three main methods. One is to run a highly-vulnerable Win2000 virtual machine while monitoring it with Microsoft Network Monitor 3.2 to see what's happening, where it's getting the malware from. If necessary, I can send the host system (Vista) directly to grab copies of the files using IE7 in Protected Mode, unless they've got referrer monitoring. I can also set up the VM's Temp folders and Temporary Internet Files folder in "flypaper" mode, where stuff can be written to them, but not deleted from them.
Another variation: use a real Win2000 system, set up with tons of vulnerable out-of-date stuff, as a honeypot. This helps when the malware is designed to detect virtual machines and play dumb in a VM. When the session's over, Acronis TrueImage recovery reverts the system to its original state. Some malware, notably NewMediaCodec variants, are also time-delay bombs that require setting the clock forward a day after executing the trojan... crafty :evil:
With either of those two methods, the usual malware-detection tools can be used to harvest the samples unless the system becomes unbootable or unresponsive.
Lastly, I can take the direct "I dare you" approach by sending Vista directly to the malicious site to see what's there, and/or to download malware files directly, with or without antivirus protection. I'll never recommend such behavior, but the reality is that IE7 is a pretty tough cookie in Protected Mode. This is the least productive approach since it offers little attack surface, but if my VM is blue-screened or unresponsive, plucking the malware URLs from Network Monitor and harvesting them with IE7 Protected Mode is worth a shot. The closest I've seen to a successful compromise here, is scripted clickjacking (example: MSI's site got hijacked) that daisy-chains a bunch of site visits to make search revenue... this can be controlled with IE's security Zones if desired.
/rambling
I used to be a bit OCD with the malware-hunting gig... I typically submitted more malware per day than the entire CastleCops MIRT. It wasn't exactly healthy, so now I just do it when needed, such as when a first-time poster posts a suspicious link here.
Regarding the original topic here... I think I'm pretty compotent, and know what attack vectors to expect, but I still see value in UAC. One secondary benefit is that file-system and Registry virtualization humors old software and helps it run on Vista, even when it's breaking the rules... for example, my Mechwarrior4 games absolutely will NOT run as a non-Admin on WinXP, but they work fine as a non-Admin on Vista 😎
chronodekar
Senior member
Thanks for that mechBgon !
Gives me something to ponder about for the coming weekend. 🙂
Gives me something to ponder about for the coming weekend. 🙂
The Boston Dangler
Lifer
i remember pre-SP1 (or whatever it's called) UAC, with non-stop cascades of pop-ups. it seriously hampered my use of my computer. i'm sure it's better now, but i still leave it off. my perception of it is it's another hamfisted and useless effort, like readyboost and system restore.
Maximilian
Lifer
Ditch UAC it sucks in vista. Windows 7 may impliment it in a less annoying way, that remains to be seen, but for now just disable it.
Start --> control panel --> user accounts and family safety -- > user accounts
Theres an option there to turn off UAC, you need to restart afterwards though.
Maximilian
Lifer
It wont.
Crusty
Lifer
How can you be so sure about that? Without preventive protection you're at the mercy of heuristics and definition signatures to find your malware, so if they don't have the latest rules you won't find your malware. Now if you had UAC on, the user would have the opportunity to prevent the piece of malware from installing/altering your system.
Ignorance is bliss I guess :disgust:
Gooberlx2
Lifer
I've never experienced the irritation that fuels the complaints against UAC. I don't mind being prompted for credentials every now and then when installing/updating software or editing protected folders. It's been a fundamental procedure of *nix OSes for a long time now.
I don't game on the PC, so maybe that's part of the problem. I've never installed software that doesn't cooperate well with UAC.
Perhaps these Oblivion mods are trying to write to the game folder inside Program Files or something? Maybe you can just edit that particular folder's permissions to take care of it.
What I can say about UAC is that when my BIL lived with us, it 100% protected my system from the loads of malware and junk software he attempted to install so many times.
I don't game on the PC, so maybe that's part of the problem. I've never installed software that doesn't cooperate well with UAC.
Perhaps these Oblivion mods are trying to write to the game folder inside Program Files or something? Maybe you can just edit that particular folder's permissions to take care of it.
What I can say about UAC is that when my BIL lived with us, it 100% protected my system from the loads of malware and junk software he attempted to install so many times.
ManBearPig
Diamond Member
its kind of annoying when i want to open any program it asks me...like when i want to extract something from winrar it asks every time...if i open up rivatuner it asks every damn time, etc...getting kind of annoying.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
