• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

UAC replacement alpha

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Originally posted by: bsobel
Originally posted by: Genx87
Originally posted by: Smilin
Originally posted by: bsobel
MS has the same issues, in fact we pointed out a bunch of the holes in the current system 😉
Click to expand...

Ok, I'm curious.
Click to expand...

I am also curious.
Click to expand...

Google must be down for you guys 🙂 Here is a place to start <a target=_blank class=ftalternatingbarlinklarge href="https://forums.symantec.com/syment/blog/article?message.uid=305919">https://forums.symantec.com......message.uid=305919</a>
Click to expand...

I don't think I would consider that any sort of flaw in UAC. The law of security that states that if someone can get you to run a program on your computer then it's no longer your computer comes into play here. UAC just tells you when you are about to do such a thing.

If you allow a malicious program to run (following a UAC prompt) even once then the game is over. There is theoretically no behavior that could be stopped after that. This includes displaying false UAC prompts, false antivirus scan results, bypassing this new UAC enhancement, everything.
 
Originally posted by: bsobel
And if a trojan/etc is whitelisted, than what?
Click to expand...

The user has to allow the application the first time, this current alpha only collects data and offers the 'dont prompt on this again'. If your worried about something being malware, if it was it would most likely finish its attack the first time you ran it not later.

The same issue exists with all whitelists (including digital cetificate systems, like for drivers). Whitelist revocation is how you deal with it as all lists will need maintenance.
Click to expand...

Is this app going to use something similar to a CRL (or OSCP since talking about Vista) to check in realtime for revocation?

Also lacking digital signatures how are you verifying the app is the same? (I'm a bit fuzzy on your hash process).
 
Now if Microsoft would do this, this would be cool and add CRC/hash/etc.... verifications on the actual program code to check for changes. Norton on my system? no thanks LOL
 
Originally posted by: bsobel
Reread the section on RunLegacyCPLElevated.exe...
Click to expand...

He did, all that did was trick the UAC to display a different color and display something different. The user is still required to hit yes and execute the code. It is a minor flaw that should be addressed but in no way a huge security hole provided users dont go about clicking yes to things they dont know about.

And of course if they run with user rights it will prompt for a user name and password. The only difference between this and a typical prompt is it can be displayed as benign. Users as always are part of the defense system.

No system can save itself from the users, including this 3rd party app from Symantec.
 
Genx87 said: "No system can save itself from the users"

unless you use DeepFreeze or MS SteadyState
 
would this program make it so i don't get prompted for device manager? cant it make certain programs run with elevated privileges all the time? task manager for example. i hate getting the uac prompt to show all processes.


 
While I must admit that I've wanted something like this, I can't say I'm sold on the idea that it's safe (for reasons largely redundant with what has been said previously). I don't claim to be a security genius, so when the great minds behind Unix have never done something like this, I'm left wondering if there's a problem I'm not immediately seeing.
 
Originally posted by: bsobel
As is shown by this forum, there are lots of people who do not like the current UAC implimentation. Id much rather them using this with a controlled whitelist than turning UAC off.
Click to expand...

I think that's pretty much what it comes down to. There's no question that it's a security compromise... if you whitelisted something like cmd.exe, and the attacker knew this, then it's game over. So it becomes a matter of how much access a whitelisted app would provide (i.e., does it provide a mechanism to run arbitrary commands) and whether attackers would bother looking for these opportunities or just aim for easier targets.

In the hands of a capable user, it's definitely better than running with UAC disabled. That said, it still has the potential to result in a serious downgrade in the security that UAC provides, depending on the circumstances. I wouldn't want to risk it, personally... but like you said, many would gladly trade the increased risk for convenience, and this gives them a better middle-ground to do so.
 
Originally posted by: VirtualLarry
So how do you permanently bypass UAC, and automatically default everything to "allowed"? 🙂
Click to expand...

Isn't it obvious?

Go to the control panel and select User Accounts. (This is in classic view. Under the default view it would be select User Accounts and Family Safety, then select Add or remove user accounts. After this select "Go to the main User Accounts page".) Then select turn User Account Control on or off. Remove the check mark from " Use User Account Control (UAC) to help protect your computer".

In other words, turn UAC off. Any more dumb questions?
 
Originally posted by: soonerproud
Originally posted by: VirtualLarry
So how do you permanently bypass UAC, and automatically default everything to "allowed"? 🙂
Click to expand...

Isn't it obvious?

Go to the control panel and select User Accounts. (This is in classic view. Under the default view it would be select User Accounts and Family Safety, then select Add or remove user accounts. After this select "Go to the main User Accounts page".) Then select turn User Account Control on or off. Remove the check mark from " Use User Account Control (UAC) to help protect your computer".

In other words, turn UAC off. Any more dumb questions?
Click to expand...

no need to be a jerk
 
Originally posted by: LumbergTech
Originally posted by: soonerproud
Originally posted by: VirtualLarry
So how do you permanently bypass UAC, and automatically default everything to "allowed"? 🙂
Click to expand...

Isn't it obvious?

Go to the control panel and select User Accounts. (This is in classic view. Under the default view it would be select User Accounts and Family Safety, then select Add or remove user accounts. After this select "Go to the main User Accounts page".) Then select turn User Account Control on or off. Remove the check mark from " Use User Account Control (UAC) to help protect your computer".

In other words, turn UAC off. Any more dumb questions?
Click to expand...

no need to be a jerk
Click to expand...

It's Virtual Larry. He knows good and well what the answer is. He's just being asinine and the 'jerk' response was an obvious result. The guy has a history.
 
Originally posted by: soonerproud
Originally posted by: VirtualLarry
So how do you permanently bypass UAC, and automatically default everything to "allowed"? 🙂
Click to expand...

Isn't it obvious?

Go to the control panel and select User Accounts. (This is in classic view. Under the default view it would be select User Accounts and Family Safety, then select Add or remove user accounts. After this select "Go to the main User Accounts page".) Then select turn User Account Control on or off. Remove the check mark from " Use User Account Control (UAC) to help protect your computer".

In other words, turn UAC off. Any more dumb questions?
Click to expand...

I don't want to turn UAC off. I want to leave it on, and always default to allow. UAC controls things like registry virtualization. I want to keep those.

I saw the solution posted months ago, some registry hack or another, but I neglected to save it.
 
Originally posted by: Smilin
Originally posted by: LumbergTech
Originally posted by: soonerproud
Originally posted by: VirtualLarry
So how do you permanently bypass UAC, and automatically default everything to "allowed"? 🙂
Click to expand...

Isn't it obvious?

Go to the control panel and select User Accounts. (This is in classic view. Under the default view it would be select User Accounts and Family Safety, then select Add or remove user accounts. After this select "Go to the main User Accounts page".) Then select turn User Account Control on or off. Remove the check mark from " Use User Account Control (UAC) to help protect your computer".

In other words, turn UAC off. Any more dumb questions?
Click to expand...

no need to be a jerk
Click to expand...

It's Virtual Larry. He knows good and well what the answer is. He's just being asinine and the 'jerk' response was an obvious result. The guy has a history.
Click to expand...

Funny, you have a history of misdirection too. And no, I don't know the answer. I'm not asking to disable UAC. That would be obvious. I'm asking for the non-obvious solution of leaving UAC enabled, but automatically defaulting the answer to "allow", such that one is not prompted.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top