Do you disable UAC?

I agree, on purpose, I avoided talking about Sandboxie, but other posters did. And I had to reply. Read my posts from Saturday, my posts were about running as Administrator and having the freedom to do security as you wish, without being called a dummy. They had nothing to do with SBIE. Not once I mentioned SBIE.
https://www.wilderssecurity.com/threads/do-you-disable-uac.384223/page-16#post-2579457
https://www.wilderssecurity.com/threads/do-you-disable-uac.384223/page-16#post-2579500
https://www.wilderssecurity.com/threads/do-you-disable-uac.384223/page-16#post-2579611

Bo

 

Rasheed. We all can agree that nothing is unhackable, including SBIE. But the write up or article were he took the picture is not about malware but about a non malicious test tool that shows in the case of SBIE, that programs in the sandbox can easily detect they been run sandboxed. In the case of Sandboxie, all they have to do is detect SbieDll. I really dont want to continue going over this, Safeguy iis correct in his post. And I am a little tired.

I posted in this thread not about SBIE but about being free to do what you want to do with your computer without getting intimidated or quite it down about saying what you or I or anyone have in their mind or called a dummy or something or gang banged like you were earlier in the thread for speaking your mind. Later.

Bo

 

1 thing I would like to say is that annoyance and usefulness are not interchangeable terms. UAC is without doubt annoying - but surprise surprise...it is meant to do so.

One needs to dig deep behind the purpose of UAC to comprehend why this is so. Look up the concept of privileges, file and registry virtualization (redirection) to understand that Microsoft intended developers to code their programs so as not to request for escalation unnecessarily.

%ProgramFiles% has been the conventional directory in which programs are installed and is only writable by admins because programs installed there are available for all user accounts. However, it is not necessary for all installers or programs to run from there...it can install to or run from user profile or user level directories instead. A standard user is supposed to be able to run and install most programs/apps without elevating. Look at the Chrome installer. Look at Universal apps. It's an entire shift to a safer software ecosystem.

You are supposed to receive elevation requests only when the said program or task needs high privileges. Programs that require high privileges constantly can run as a service (think of AVs and Windows Update).

No 3rd-party security program replaces what UAC is meant to do. Sure, run as admin and disable UAC if you want...call it annoying...but nope, it is NOT useless.

 

All I'm saying is that there is no need to be annoyed, because you, me and guest are actually agreeing with the fact that this hacktool can most likely not bypass SBIE. So it's a silly argument.

 

Well, it's useful for people who feel they are more secure when they run in LUA, or as Protected Admin. It's useless for people who feel they don't need it to keep the system safe, and are annoyed by it, it's as simple as that. To clarify, I'm specifically talking about the UAC alert. Obviously you still need stuff like "integrity levels" for sandboxing but that's not what this topic is about. It isn't about the idea behind UAC, it's about whether you can tolerate it or not.

 

UAC is more than just the alerts. I have been trying to say that but in vain. I am not going down the rabbit hole again so let's just agree to disagree.

 

Nicely written @safeguy and I agree with your post.
Unfortunately I don't know how many developers release installers for SUA. From software that I'm using Chrome and uTorrent can be installed in user space and portable apps off course. For other I didn't try to run installations without admin rights. Maybe some of them would install, but I never tested it.

 

Safeguy, I have UAC on in my W7. It doesn't bother me. I hardly ever see a prompt. And I use it as a warning tool. If I ever see a UAC prompt when I am doing something that I shouldnt get one, like when I am browsing or opening a PDF, that would be like a red flag telling me to be aware. To this day, I never gotten one prompt like that but it can happen. Personally, I would never call UAC or any security tool useless.

Bo

 

Actually, it seems you need to read some of the replies again, because we already agreed that UAC isn't just about the alerts. But that's not the point, fact of the matter is even when people understand the security benefits of the whole UAC system, they might choose to disable it, purely because of the annoyance factor.

 

@Minimalist

It will take time for developers and users to adapt.

My guess is that desktop programs will mostly remain the same...requiring admin privileges to install.

I do see potential with Universal Apps on Win10 though. With Windows Store as the repository and AppContainer as the sandbox, Microsoft is moving in the right direction while still retaining backwards compatibility. Too bad they still require you to register an online account for Windows Store (even if you use a local account) but one can always create a disposable account for the purpose.

 

@bo elam whatever you think. My screen wasn't supposed to prove that Sbie is bypassable or not, just showing the array of options modern keyloggers have at disposal. We are not in Sandboxie thread but in UAC one. So stick on the topic and stop twisting the meanings of my posts to fuel your desire to promote sandboxie's invincibility...

 

I just did and I still see the same conflation of terms between annoyance and usefulness coming from you which I have already touched upon in my prior post. I totally get it that "UAC is annoying and people choose to disable it". The point of contention here is whether UAC is useful and I have already agreed to disagree...

This begs the question: will you do the same as you told me to? Will you take the time to actually read and research the subject in detail or at the very least try to understand and clear up all the pre-conceived notion and confusion (which is evident in prior replies)?

I doubt so...after all...

"Bottom line"...or "conclusion" (as you always like to do), I have realized that I am not interested in engaging a discussion with a person who would never reconsider his position on something. I find that both annoying and useless...far worse than dealing with UAC.

P.s. Apologies to other members...I fell down the rabbit hole. Trying to climb back out of it.

 

Thats it. What I think? you doing good by being honest. Enjoy your day, guest.

Bo

 

We may have shared differences before but as far as this is concerned, we agree.

 

This is getting ridiculous, I just said that we already agreed on the fact that UAC is useful to some people, and to others it's not. But seems like you're not satisfied with this conclusion.

Then why keep responding? The thing that's probably annoying to you is that you want to be right, when that's not always possible.