Do you disable UAC?

detailed infos there: https://insights.sei.cmu.edu/cert/2015/07/the-risks-of-disabling-the-windows-uac.html

Article from July 2015 , so i guess valid for Win10.

 

Thanks again guest

 

No I don't. I'm saying when you're already using tools like anti-exe, sandbox, AV, and HIPS, you don't need to see UAC alerts, because it won't provide you with extra security.

I will give an example: You download Geek Uninstaller which is good-ware and Nerd Uninstaller which is a trojan. AV both flags them as clean, so you don't know one of them is malware. You run Geek Uninstaller and UAC pop ups, you will allow it to elevate and all is good. Now you run Nerd Uninstaller, is there any reason why you wouldn't allow it to get admin rights? No there isn't, so how did UAC help you?

 

I want to clear things up. On Win Vista and 7 it's indeed not a good idea to turn off UAC because "integrity levels" are also turned off. My comments are all based on Win 8, on this OS you can't disable LUA, you can only disable UAC alerts. Also, with this subject, nobody is right or wrong, it all depends on preferences. I'm just trying to figure out why people seem to think that UAC alerts play a crucial role in keeping their system safe.

 

I don't think they seem to think that UAC alerts play a crucial role, just one role in a multi layered setup. It can stop malware that needs admin privileges and perhaps people don't like the idea of malware or even any software to be able to obtain admin rights automatically.
For me the prompts are no problem, and you could always use a setup like Kees with auto elevation of signed software.

 

Is better S.U.A.:

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3851#p28028

 

Well, perhaps they don't think it's crucial, but they sure think it's quite important to say the least. The idea of malware getting auto admin rights might sound scary, but I already explained why in fact it's not.

Another UAC bypass?

 

The UAC window is in "Admin Account".

 

i mean UAC not being a full-fledge security tool.

UAC helped me , it flagged the elevation request, that is all it is supposed to do (i said it earlier), now your common sense , research , will tell you which is good to allow. As i said earlier, UAC isn't a standalone tool , to use it as "security tool" , it must work in concert with Smartscreen and Windows Defender; Smartscreen works via reputation of the executable, it "should" flag Nerd as suspicious when you downloaded it.
In case of a FUD encrypted malwares some 3rd party softs won't even detect it and without UAC your system may be done. UAC is another method of mitigation.

Let me give you another example: you are watching a video after downloading it from the web then despite your security softs being present, suddenly UAC popup out of the blue, what you do? allow or deny? at this point do you think UAC is pointless?

Of course, everybody would be happy if UAC work as you want, i won't be upset by more infos but lacking this feature doesn't make UAC pointless.

I think our discussion start to enter a loop, we said all we think already, so to resume our point of view:

- You find UAC pointless (if other security tools are present) because it doesn't tell you what modifications the wannabe elevated process want to do.
- I find UAC useful because it alert me when any elevation requests are made whatever 3rd party tools are present or not.

i will let other people meditate about our opposed point of view

 

Exactly, and it even provides some basic, color coded information on the elevation requests by analyzing the executable to determine if it's a Windows, Publisher signed, Publisher unsigned, unknown or blocked Publisher, not to mention the path of the executable. People need to take a few moments at most to read them and think before allowing an elevation request pop-up out of the blue. My wife some time ago had a similar unexpected elevation request on a drama video sight that looked highly suspicious and did not allow it, so UAC did come to the rescue in her case. To call UAC useless is absurd. As for downloading and installing a trojan, why would anyone in their right mind do that!? To repeat like a broken record, download and install from known, trusted sources and that is highly unlikely to happen.

Finally, to eliminate or mitigate against UAC bypasses, set it to Always notify.

 

Exact

yes most researchers testing UAC told that no bypasses was effective when UAC was set at max.

 

Thanks, I really hope this is true

 

Me too

Most bypasses were done when UAC was at default level; like AV test-labs test products at default setting.

 

If i get an elevation request out of the blue, i always deny it.
If i install software, or do things that requires elevation then i look closely at the UAC-prompt (Publisher / Path) and then i decide what to do.
I think in general UAC helps a lot.
UAC @ Max and especially this setting: "Validate Admin Code signatures"

 

@mood I agree 100%.

 

Anti-exploit will block it in an earlier stage, so you wouldn't even get to see the alert. Plus there is no chance of UAC being bypassed.

Yes exactly, there is no right or wrong.

 

In my case it's useless, so I'm speaking for myself. Also, you must have missed the part about the AV not being able to identify the trojan. And it's always possible that hackers are able to replace goodware with a trojanized version. It happened to GOM Player, Ammyy Admin and Transmission on the Mac.

But that isn't even the point, the point is that it wouldn't have mattered whether you got to see the UAC alert or not. But now that I think of it, in fact you guys are using UAC as a form of anti-exe, which leads me back to the conclusion that you don't need UAC, when your system is already protected.

 

Sure, I guess it can happen, but in literally 20 years of using Windows it's never happened to me when I download from known, trusted sites. The only malware I ever installed - not knowing it was malicious at the time - was back when I used XP and I deliberatly downloaded a crack version of software that bit me in the rear end. Completely my fault in that case.

I don't use it as a form of anti-exec, but it's already included in my version of Win 7 so it's a nice way of alerting me to unexpected file elevation requests. No way would I expect it to scan downloaded files for malicious content.

 

if you have an anti-exploit... now all my post assumed you just have the basics, Average Joe has UAC, Windows Defender and Smartscreen; with maybe an AV suite like Kaspersky, Avira or Avast.

Anti-exploit and anti-exec are the realms of geeks like us wandering in security forums, very few users...

 

My main point is that if the system is protected by advanced security tools, you don't need UAC (on Win 8 and 10), so no wonder I mentioned anti-exploit. And Kaspersky also offers advanced exploit protection, for the record.

Correct, but as you probably already know, it was a fictional scenario in order to get my point across. However it's not pure science fiction as it has already happened in real life. Plus the fact that software is digitally signed doesn't mean that much, see link.

http://www.networkworld.com/article...-signed-with-legitimate-digital-certific.html

 

What I meant is that whenever I install or run software I will also have to click on at least one alert (from HIPS or anti-exe), so I sure as hell don't need to see an extra useless UAC alert. I call it useless, because the fact that an app requests admin access doesn't tell me anything about the trustworthiness. As you mentioned, SmartScreen and Win Defender should take care of that. But you're correct about the unexpected part, only in case of an exploit attack it might help, but anti-exploit or sandboxing is a way better solution.

 

Understood you use HIPS so UAC is irrelevant for you and others using it. But currently and likely moving forward, HIPS will appeal to only a small niche market, so a simpler solution such as a basic anti-executable or even just relying on UAC at "Always Notify" could be better options for the les security-savvy folks. Of course we all know the so called "Holy Grail" of anti-malware solutions, the one that the majority of people are only aware of, is antivirus products. Security-aware folks such as ourselves are able to think outside that box, and as such know of vast and uniquely different ways of applying security, far more effective than that of the incumbent antivirus solution.

 

@Rasheed187 :
Seems like you are fighting a private war against windows security features...
It's up to you, to disable or not, for yourself.
You must admit, that your suggestions are counterproductive.

But whom are you fighting for?
Who pays you?

 

I say for me, not for Rasheed obviously, but I definitely don't trust Windows security features. " Security " ? The Windows history and the users experience prove that they - the features - don't protect the system. So, personally I'm not at war against Windows security features, I simply know that they are not effective against real cyber threats.

 

Anyway nothing is safe against a targeted attacks, for those who lurk a bit in the dark side of the net (aka Hackers forums) , they have plenty of dedicated tools and other kernel exploits that render any security software useless.I remember some guys there laughing at HIPS (Comodo in that case)...
But it is not a reason to make their life easy
The only viable option i found is to load a clean system every time you log in your computer.