Another example of adware introducing security risks.. http://www.kernelmode.info/forum/viewtopic.php?f=11&p=25995#p25995
I am assuming that UAC set to always notify... would at least notify. From there I guess it's on the user.
I will never use UAC, because the way it's implemented right now is retarded. On top of that, it's easy to bypass. UAC = fake and dumb security.
So running as an unrestricted admin is better? Or do you use a limited user account with UAC off? I certainly wouldn't encourage the idea of the unrestricted admin. Convenient but too dangerous for average folks.
In Win 8, you always run in LUA, but apps can of course auto-elevate when UAC is turned off. Most users will turn off UAC because it's so annoying. In some other thread I already came up with some ideas to make it more logical and less annoying.
They do ?? That's odd. I see a lot of PCs, and I have NEVER seen one where a user has turned UAC off. We must be in touch with very different user segments. There's nothing wrong with UAC. Use a standard/limited account and have UAC on max, and it does exactly what it was designed to do.
Well, I haven't done a survey, but I'm sure you know that when UAC was first introduced with Win Vista, it didn't exactly receive a warm welcome. MS tried to fix it in Win 7 and 8, but apparently it's still annoying enough for me to turn it off. What means that I (as admin user) lose some of the UAC benefits that it can provide. Here a couple of articles: http://www.maketecheasier.com/4-reasons-why-windows-uac-is-useless/ http://news.cnet.com/Microsoft-Vist...oy-users/2100-1016_3-6237191.html?tag=cd.lede http://www.makeuseof.com/tag/stop-a...ate-a-user-account-control-whitelist-windows/
It didn't receive a warm welcome because people didn't want to deal with it. Which is the reason they were running as full admin on XP. People want the OS to know what to run and not run without effort or thought on the part of the user. This is not possible. As for the article that claims "4 reason why UAC is useless", the first 2 they gave are about the end user, and the second 2 complain that it doesn't stop malware, which is not what it is intended to do. When MacOS or Linux prompts for credentials for a process that requires admin privileges everyone compliments them on their security, but Windows does it and they suck. Again, the people complaining about it want an effortless experience and then want to complain the security sucks. I probably encounter a UAC prompt maybe half a dozen time a week with an average of 10 hours a day of time in front of a computer. It's not a perfect solution, but the gripe seems to be that "Oh, no! This stupid annoying UAC prompt wants me to verify that I want this process that requires admin to run and I have to click Yes or No" when the same people would jump through many more hoops to upload pics to instagram or upload a youtube video. I believe UAC is a major reason why the more common exploits today are for things like Flash and Adobe Reader and Java than for Windows.
Don't get me wrong, if you're a limited user then UAC does exactly what it's designed for, but it was supposed to give you an extra security layer even when running as admin. Because of the way it's implemented I decided to turn it off. And besides, if you're already running security tools, you don't really need it. If you're installing some app, you're most likely to give it admin rights, so you will click on "yes". And if you're worried about exploits, you're better of with specialized anti-exploit tools, I wouldn't rely on UAC.
True, if you do install some app the end result is the same. But if you get hit by a silent malicious installer, UAC will prompt (hopefully) and give you an opportunity to stop it. If your solution works well for you, I have no reason to argue that point. But I can't recommend it to others. When someone is in doubt I recommend using it. If you want it off, your choice and you know what you are getting into.
Yes correct, I was talking from my own point of view. I wouldn't recommend to disable it to "normal" users. But like I said before, I don't believe it provides any real security. You're better of with security tools.