UAC in Vista prevents access to Temporary Internet files

[JustaGeek]

I have been using the IE Privacy Keeper on the XP platform for over 3 years.

It is a great free program that allows to erase certain "unwanted" cookies, while keeping the cookies you "check" you want to keep, to save your User names and/or passwords.

It would also erase all the Temporary Internet Files, Temporary Files and other "history" related items in MS Word, WMP, Adobe Reader etc.

Well, not with the UAC enabled in Vista 32 and 64.

With the UAC enabled, the Internet Temporary Files folder is inaccessible to this utility, and the only option is to go and erase these items with Vista built-in "Browsing history" module in the Internet Properties. But I can't keep the cookies that I don't want to be erased!

Also, the "Cookies" folder becomes split in two, with only some cookies being directed to the "Cookies/Low" subfolder, invisible to the user.

My question is - why...? Why can't I use a simple utility and decide, in the "Run as Administrator" mode, to delete my temporary Internet Files...?

I believe it is a serious flaw, to have to go deep to Internet Properties to clean the Temp files, and certainly does not help security.

With the UAC disabled, the problem disappears. The C:\....\Cookies folder is in one piece, and I can erase all the Temp and Temp Internet files, and keep only selected cookies on my computer.

The question is - why is UAC so intrusive that it disallows access to these folders...?

Also, on my not-too-powerful laptop, there was a huge performance hit with the UAC enabled.

My conclusion - UAC is too intrusive, a serious performance hit on a system, and it should be redesigned to be effective.

 

[loup garou]

Dude, that product hasn't had any updates in 2 YEARS. Ever think of looking for a similar product written with Vista in mind?

Also, I have never heard of nor experienced a performance hit by keeping UAC enabled -- and I run Vista on machines much less powerful than the laptop in your sig.

 

[bsobel]

The question is - why is UAC so intrusive that it disallows access to these folders...?

Sorry if this sounds harsh but this sounds like yet another person who knows little about security talking about how security should work. First off, your running a system utility designed for another OS on Vista. Tell the authors you'd like a Vista version (or see if there already is one).

You have multiple cookie folders because by default and with UAC your running the broswer in a low privledged mode. That basically means any browser exploits cant infect your machine. By turning off UAC you've made yourself vulnerable to these type of attacks. And before you say you don't go to such web sites, the Miami Dolpins site was hacked and had such an exploit on it before the super bowl last year.

Also, on my not-too-powerful laptop, there was a huge performance hit with the UAC enabled.

Sorry, UAC enabled or disabled doesnt cause a performance hit like you describe. If you really think there was your imagining it.

Bill

p.s As far as 'having to go deep into internet explorer options, getting to 'delete my history' is two clicks on IE7. Tools then Internet Options.

 

[JustaGeek]

Guys - let me make one thing clear before you make any statements about my "limited knowledge".

I LIKE VISTA.

Now, if you can explain why the Low folder is made invisible, and Norton finds "tracking" cookies there, I would really appreciate it.

Now - this old "System Utility" performs perfectly fine without the UAC. And it "cleans" the Temporary Internet files. It can't do it with the UAC enabled.

It is the ERASER afterall - how much "up to date" do you want that to be! The pencil hasn't been updated in over 100 years!

And I deeply apologize for making this "slightly" negative comment about Vista.

Hope you all forgive me... 😉

EDIT: And my Laptop felt decisevely more sluggish with the UAC enabled - period.

 

[bsobel]

When you log into Vista your most likely an administrator, lets pretend your account is called JustaGeek. With UAC enabled the system strips most of your rights and gives you limited use token. Your running unelevated at that point. Most of your actions that dont require a permananet change to the system are just allowed to occur.

However, if you make a system changing action (like running an installer) the UAC prompt comes up and you run that code as your 'true' administrator account.

For various security reasons (which I can go into if you like) there has to be a seperation between the low privleged files and the higher privledges files. Thats why you see the IE 'low' directories. Files created by IE in that mode are stored in that sandbox. The reason for the seperation is if you didn't split the files up there are attacks I can come up with that involve placing the file on your machine when you don't have rights and then waiting until you do to activate.

Now, if you can explain why the Low folder is made invisible, and Norton finds "tracking" cookies there, I would really appreciate it.

The folder isnt' invisible when your elevated, its just that you have two cookies folders. The one your 'elevated' personality sees and the one your normal unelevated personality sees. In XP this was in one directory. Your tool hasnt been updated to understand there is now two.

Now - this old "System Utility" performs perfectly fine without the UAC. And it "cleans" the Temporary Internet files. It can't do it with the UAC enabled.

Actually it sounds like if you ran it twice, one normally one time elevated it would do what you want (at least from your description).

It is the ERASER afterall - how much "up to date" do you want that to be! The pencil hasn't been updated in over 100 years!

Yes, but now your asking for your eraser to erase both sides of the page at the same time.

 

[JustaGeek]

Thanks bsobel. Actually, if I manually enter the path, it does erase the cookies in the Low directory. You are correct about erasing "two pages at the same time".

I still believe that the Temporary Internet files folder should be accessible to a user without "elevating" the privileges. A user with the "administrative" privileges should be able to do what thay want - and they are, if they go to the Internet Properties.

I hope that Norton IS protects me from any "unauthorized activity" though, and WinPatrol will let me know if any other "System changes" are made.

Otherwise, the UAC makes a lot of sense for the people that "do not care" about the "trash" in their Temp folders.

I like to clean them every time I exit the Internet Explorer, and have not had any problems in the past 3 years (hope it continues!)

 

[bsobel]

I still believe that the Temporary Internet files folder

They are, its just the low privledges version of them that is. You need to elevate to see the one your thinking is the 'true' one. Trust me when I say their are exploits this avoids, there is no way to make both directories available to an unprivledges user safely.

Bill

 

[JustaGeek]

Originally posted by: bsobel

I still believe that the Temporary Internet files folder

They are, its just the low privledges version of them that is. You need to elevate to see the one your thinking is the 'true' one. Trust me when I say their are exploits this avoids, there is no way to make both directories available to an unprivledges user safely.

Bill

Makes sense.

Thanks again.

 

[nerp]

Thank god for people like bsobel to keep these forums from getting out of hand. Everywhere else, threads like these spiral into the abyss, but here, someone who actually knows wtf they're talking about chimes in with some facts.

 

[JustaGeek]

Originally posted by: nerp
Thank god for people like bsobel to keep these forums from getting out of hand. Everywhere else, threads like these spiral into the abyss, but here, someone who actually knows wtf they're talking about chimes in with some facts.

See my friend, that's why people like him are the "Elite Member, Security Moderator,
Programming Moderator".

And people like YOU or me can come here and ask questions.

Or voice their opinions off the topic... 😉

 

[VinDSL]

Hrm...

Nobody has mentioned the obvious, soooo I'll probably get flamed for this, but... 🙂

Why don't you try CCleaner aka CrapCleaner?

I use this utility on every PC I own, including Vista, and it works great! 😉

 

[M0RPH]

You sound like an experienced computer user. Why don't you just disable UAC?

 

[bsobel]

Originally posted by: M0RPH
You sound like an experienced computer user. Why don't you just disable UAC?

Because real experienced users understand that UAC is one of the best lines of defense against malware protection available to them.

Bill

 

[M0RPH]

Originally posted by: bsobel

Originally posted by: M0RPH
You sound like an experienced computer user. Why don't you just disable UAC?

Because real experienced users understand that UAC is one of the best lines of defense against malware protection available to them.

Bill

I don't get malware. I know what to look for when installing software. I'm careful of what I download and install. Anyways, there are antivirus and spyware scanners to find that stuff if by some remote chance it did get installed.

BTW, most inexpereinced users who would benefit most from UAC end up getting in the habit of clicking through the UAC prompts without reading or understanding what they're clicking, regardless. So I'm not sure I see the benefit, really?

 

[bsobel]

BTW, most inexpereinced users who would benefit most from UAC end up getting in the habit of clicking through the UAC prompts without reading or understanding what they're clicking, regardless. So I'm not sure I see the benefit, really?

Thats your theory but in actual fact it works, and well. Vista infection rates are lower than XP. Im sure your carefull, but there are classes of attacks that you simple need to visit the wrong site (until patches are available) to get. Great example was the hacked Miami Dolphins site last super bowl. Thats not the kinda of site people presume they will get an infection from.

 

[JustaGeek]

Originally posted by: M0RPH
You sound like an experienced computer user. Why don't you just disable UAC?

I did. 🙂

However others might not agree, I prefer to erase all the temporary files and temporary internet files myself.

My IE Privacy Keeper works perfectly now, keeping the cookies I want to be kept.


@Vin - I do not think the CCleaner has a capability of selective cleaning. It just erases it all.


But again, UAC is great for anyone that does not care about the temp files and cookies, and bsobel's explanation of the "Low" functions helped me understand their purpose.

 

[VinDSL]

Originally posted by: JustaGeek
@Vin - I do not think the CCleaner has a capability of selective cleaning. It just erases it all.

It'll do 'selective cleaning'... 😉

Lots of things are 'ghosted' by default. Plus, there are certain cookies I don't delete in Firefox - certain other things (like IE & Google Search history) that my wife doesn't want cleaned, yada, yada, yada.

Works great! Give it a try... 🙂

 

[JustaGeek]

Originally posted by: VinDSL
Works great! Give it a try... 🙂

I will - thanks!