Why do idiots disable UAC & claim it's not a security function?

It's not SUA or UAC that are useless; it's everything. Any operating system and their security measures are useless against social engineering, and phishing by the way.

 

To an extent. AVs and SmartScreen are good for social engineering because they give definitive results (for the most part.)

 

This is why I've said again and again that SUA and UAC are the best first steps in PC security you can take, next to proactive user education. It is not the only step by any means. I am not, nor will I ever argue that a SUA or UAC is all you need. That's certainly not true.

I have said, however, that failing to take those first steps puts your other security layers at risk, whether they be OS enforced or from 3rd party applications. I stand by that statement. It's been proven.

 

UAC also has one additional benefit many neglect, including Microsoft - Virtualization.

You can virtualize x86 processes, and any changes to important file system and registry areas will be redirected to VirtualStore folder and to a dedicated place in Registry, without affecting the real file system and registry. How beautiful is that?!

UAC virtualization is meant as compatibility mechanism for x86 applications that weren't developed complying with how Vista/7 etc works. Microsoft demands x64 applications to work properly, and therefore no virtualization for such processes.

Tough luck!

 

I thought it was just registry virtualization. There's file system as well?

 

Of course, sir. Search for UAC virtualization and you'll find info about it.

 

What UAC needs is definitely a user-defined whitelist, and maybe blacklist. Without that, many people will get annoyed by it and disable this function, therefore making their Windows systems less secure. That leads to a world with more malware. A better configuration without needing to resort to gpedit.msc would be nice as well.

 

J_L that's the idea behind Windows 7's default setting. All signed applications elevate automatically. This allows developers to make use of protected mode and users to answer some prompts without being so annoyed that they turn it off.

 

Signed applications, but nothing else a user can choose. The process of whitelisting an application is way too cumbersome.

 

Who are you calling a idiot?
Maybe some people do not want the blout
and perfer to install their own security measures
who are you to say who is right or who is wrong

 

x1

Agree

 

I think the raised concern was that, some bloggers who consider themselves knowledgeable, are advising people to disable UAC.

Now, if you are knowledge and advise to disable, BUT are aware and know how other solutions work and can educate others on how to use them, then by all means do it, for the end goal is the same - to help as many people as possible.

However, if you advise others to DISABLE something you got no idea how it works, then for sure "you"'re an idiot.

For instance, if I install some HIPS application and I don't know how it works, and I advise others not to use it, simply because I don't know how it works, then what does that make of me? An idiot.

I only advise about what I'm familiar with; anything else, I'll shut my trap. This is an advise many bloggers out there should follow.

I've seen some bloggers even suggesting to disable Windows Vista/7 Secure Desktop!!!

 

What is blout? Assuming you mean "bloat", turning UAC off is not likely going to make ANY noticeable difference in resource usage on your computer, especially for modern hardware let alone 64 bit systems. If that's your reason for turning it off, turning off visual effects would be better and even that makes less of a difference nowadays. You are much more likely going to get MORE "bloat" from any 3rd party UAC-imitators, than you would by using the native Windows elevation system.

As I have said multiple times now, I am NOT calling anyone here at Wilders an "idiot". The title was misleading and for that I sincerely apologize again. As m00nbl00d has stated in the post above this one (thanks, by the way!), my title was directed directly at people proclaiming they are "experts" or "knowledgeable" and writing tweak guides that give UAC a bad name, define it incorrectly, or place emphasis on advantages to disabling it without clearly, and fully explaining why it is much more beneficial to leave on. (And for the record, the tweak guides I read did not advise installing anything else instead of it; they simply advised running as an administrator full time for convenience, which is what made me mad!)

So again, please don't "x1" his post because I was NOT calling anyone on here an idiot.

Thank you for your understanding.

THREAD UPDATE: I apologize again for the silly, angry title, that was also misleading. I had forgotten that Wilders allows you to change your titles; so, I went back and changed the title to make it clear I am calling the tweak guide authors "idiots". Thanks and sorry again!

 

^On 'Thread update'; Tough luck.
Sure, you can change the title but that will only be the first post title, not the thread title or any of the replies titles.

Just curious, why are you calling all of us 'idiots'? (j/k!)

 

The people who make those articles really are dumb - they have no idea what they're talking about. I don't love UAC but I'm not going to write an article sayin g"Oh man it's so annoying get rid of it!"

 

UAC is a pain in the rear when installing trusted software. Don't need extra clicks.
Why would you install ?? software?

 

First thing first. When you install something, and if that something requires administrator privileges (for instance, Google Chrome standard installer doesn't), then it only takes one prompt to install. What's the big deal?

If some installer is made of more than one installer, and if the UAC prompts more than once, then it only means poor developing on who ever created the main installer, which should be the one calling all other installers. The main installer would already be running with full permissions, and it wouldn't be required no additional prompts.
That said, I've never faced any such problematic installer. They all only required one UAC prompt - the initial prompt. Simple.

What do you mean by this?

 

I am not sure what you mean.

I am calling tweak guide writers who write ignorant stuff and claim they are knowledgeable (which is sort of implied by writing a tweak guide in the first place) "idiots."

If it takes one more time for me to say it, will: I am NOT calling Wilders users "idiots."

Thank you.

EDIT: Oh...I see what you mean now. You meant refrain from using the term "idiots" in the future. Got it. I will honor that request and I apologize again. Probably was a bad move on my part.

 

I apologize too, I should had read the thread a little better and realize
what you were trying to say

and I do have to agree with you

 

Thank you, but it was my fault for using the word "idiot." I should know better; I took a course on Peace Studies and Conflict Resolution just last semester. If I wanted positive reactions I should have used positive language.

I am generally in agreement with the idea that Windows 7 UAC "slider" is implemented in a manner that could definitely be better. I do like the idea of a slider that which offers some "presets" of configurations Microsoft deems useful for home users that don't have access to every single tweak offered in gpedit.msc. However, in my opinion the way it is currently implemented, specifically the fact that the in between options only whitelist Windows stuff, needs to be improved.

If I was Microsoft, I would change it to something more intuitive like this:

Windows allows you to customize your level of security by changing the way you are notified about changes to your computer while running as an administrator.

* Maximum - UAC will notify you whenever you, or a signed or unsigned 3rd party program tries to make changes to Windows settings and requires administrator privileges. (This should be the default in case of exploits upon release, but Getting Started screen should offer intuitive configuration options w/ explanation. Lesson learned from Windows 7 Release)

* Medium - UAC will notify you whenever an unsigned 3rd party program tries to make changes to Windows settings and requires administrator privileges. You should only allow it if you trust the source from which you obtained the program.

* Minimum - UAC will notify you whenever an unsigned 3rd party program tries to make changes to Windows settings and requires administrator privileges. It will not utilize the secure desktop (screen will not dim). You should only use this setting if your computer experiences a long delay while dimming the screen.

* Silent - UAC will not notify you when you or programs try to make changes to Windows settings. Programs will be granted administrative rights as they request them, however, protected mode and other related security features will remain enabled. (Highly recommended as an alternative to setting below.)

* Off - UAC will be disabled and will not protect your Windows settings from tampering. Protected Mode and other security features will be disabled as they depend upon the UAC system. (Not recommended!)

There we are.

 

I think most people turn it to silent, not off. No guide tells you to turn it off, just to turn it silent.

I think Medium is the best setting. I leave mine on Max because I'd like to think that I can make better decisions than the average user. But MS made the right decision having Medium as the default.

 

Any tweak guide I have read tells users to disable UAC because "it is annoying" / "draw a line in the sand security". I've already stated my opinion on such advice. I have only seen one YouTube video where a knowledgeable person recommends using gpedit.msc to make UAC silent, but that only works if you have Professional edition of Windows.

My post above is NOT how UAC currently is, just to be clear; I am recommending how Microsoft SHOULD make it in the future.

 

I've never seen anyone say to disable UAC - only to turn it silent by bringing that "bar" down all the way.

 

There is no such thing as "silent" mode, other than what can be achieved by manually tweaking registry/group policy settings...

"Silent" mode, again, is a non-existant feature! The User Account Control settings page in Control Panel that Windows 7 provides, furthermore, offers only 4 configurations, and the bottom-most one is Never Notify, which shuts off the UAC system entirely, including protected mode and virtualizations.

I was recommending that Microsoft implement a "silent" mode that is one notch above the full "off" position, so that people could still get the benefits of protected mode/virtualization, but it does not currently exist.

In a sincere effort to make this more clear, the current Windows 7 User Account Control settings that are available in the Control Panel are:

* Always Notify
* Notify me only when programs try to make changes to my computer
* Notify me only when programs try to make changes (+ no secure desktop)
* Never Notify (This is the same thing as turning UAC off)

Hope that helps...and sorry for the confusion!