Why do idiots disable UAC & claim it's not a security function?

Why do idiot tweak guide authors disable UAC & claim it's not a security function?

I'm not going to mention names specifically, but if you do a Google search for "Windows 7 Tweak Guide," you'll likely find what I am talking about.

Why do idiots disable UAC, suggest others to do the same, (claim they aren't suggesting it and that they are just giving you [incorrect] information,) and claim it's OK because it isn't a security feature. They then link articles from Microsoft folks and they misquote what was originally said and give the impression that Microsoft wants you to disable UAC and/or UAC will not make your computer any safer.

Let's get the facts straight...

UAC is and isn't a security feature. It is something that every multi-user operating system should have. It is a secure, controlled method of elevating user privilege tokens. Mac OS X has had something similar called Authenticate (the lock icon) even before Windows Vista came out, so it's nothing new. No conspiracies here; UAC is simply an elevation mechanism.

In the way UAC is implemented for a standard user, it is a convenience feature. It allows you to run full-time as a non-administrator to take advantage of the security benefits of using least user access, while elevating specific processes/applications to an administrative level only when you need to make such changes to system settings or install new software onto the machine. If you disable UAC and run as a standard user full time, you are just as secure, but you are going to pull your hair out eventually.

The way UAC is implemented for an administrator (Admin Approval Mode) is most certainly a security function. The local administrator is given an admin token and a standard user token. The standard user token is used for executing things unless it specifically requests admin privileges. The secure elevation process helps ensure that the user is specifically intending to allow a program, be it 1st or 3rd party, to borrow admin privileges, as these can be abused by drive-by malware installations. Some people argue this is a "line in the sand" concept, but so is any HIPS-type of measure. If the user is going to be ignorant and assume hitting "yes" to everything is the right thing to do, that's user error, not an issue with UAC. UAC, if used correctly, is a great security measure and is capable of stopping some threats from executing and installing dead in their tracks, thus allowing antivirus software to easily clean them up without having to fight them. Keep in mind, however, that I am mainly arguing for UAC on the "classic Vista" or "Always Notify" setting.

So, that's the facts. Now, let's apply the facts to what these "idiots" are recommending...

They are recommending turning UAC off because "it is not a security function" and they don't want to be prompted before making administrative changes because they irritates them. So given that explanation, we can infer that they are indeed running as an administrator, because if a prompt bothers them that much, there's no way they are going to be running as a standard user and dealing with having to log out to make any administrative changes.

So, these "expert tweakers of Windows" are promoting the idea of turning UAC off, and running full time as an administrator. Now do you realize how stupid what they are purposing is? Golly gee, if it weren't for the improved code mitigations in Windows 7, they might as well be running Windows XP all over again.

Recommendation: Stop reading tweak guides blindly. Only you know how you want your computer to run. Just because someone writes a tweak guide and seems to be smart and clever based on how he tells you to partition your hard drive, doesn't mean he knows what's best for you in terms of security. In fact, I find a lot of people know quite a bit about computers in one sense, but know next to nothing about security.

This tweak guide I read over-complicates some things, while it tells you to over-simplify your OS back to Windows XP on other things. Tweak guides...one of my pet peeves.

Another one of my pet peeves...troubleshooting for 3rd party software vendors that tell you to "disable UAC" as a step in troubleshooting. No vendor should ever advice that. UAC should be enabled fully and left on right when Windows is installed, as it controls registry virtualization. They need to design their software with UAC in mind, and stop telling people to disable it.

The phrase I like to employ is: Programs should be designed to run on Windows...Windows shouldn't be tampered with to run poorly written programs.

Peace out, sorry for the rant, someone needed to say it.

 

Because they click yes at everything, so they just disable it to not be annoyed.

 

Just because you think you'll click "yes" at everything doesn't mean that's how it will play out all the time.

There's been cases of people browsing a website and they click to visit another page (that has been hijacked) and all of the sudden a drive-by download has started and if their antivirus doesn't recognize it yet, UAC could step in and stop it from installing.

I would hope someone wouldn't click yes to something if they weren't even trying to install something or do anything. You see that's a big chunk of the point behind UAC - ensuring YOU started something versus NOT YOU.

And, like I said before, if they are disabling it to not be annoyed, that definitely implies they are running as an administrator, and therefore not only are they abandoning UAC but they are abandoning the concept of least user access, which is inarguably one of the best first layers of defense for Windows or any operating system for that matter.

I've seen people that disable UAC (among other Windows security functions), then install tons of realtime protection products. Oh the irony...all of those products are running at the same level as any malware that tries to install. Let's make it easier for the criminals, and bog our PC down at the same time.

 

Trick for click junkies

Just enable UAC to "only elevate signed programs", disable "Installer detection" and set UAC to "silently elevate"

Together with a decent (free) AV this keeps the badguys off

 

I was searching for a video on YouTube of a security expert who talked about this.

I know this goes without saying, but you are still making a considerable security sacrifice by doing that. However, that being said, if you absolutely cannot tolerate UAC on the presets Windows 7 offers, then that is MUCH better than disabling it altogether and losing registry virtualization and the other silent benefits.

But going back to my original point and complaint...

These "expert tweakers" aren't even mentioning any middle ground options. They are instead feeding people false information that UAC has nothing to do with security. They are also linking and technically misquoting and misinterpreting things Microsoft employees have said. Even worse, there are people so ignorant that they still believe UAC prompts exist only as a friendly reminder to let you know you are about to make a setting change. >_<

Read this, I actually don't believe I've read this article before (which is odd as I have read so much about UAC over the past year), but I just found it: http://www.zdnet.com/blog/bott/fixing-windows-vista-part-2-taming-uac/436

 

Many people hate to run as standard user. They just tend to run administrator account because of how XP was, I do wish that they learn how to harden their setup. To add insult to injury, some even disable Windows Firewall because their game can't connect to the server.

 

Hehe, you are so right on. I laughed at "add insult to injury."

Yup, let's not bother doing a simple Google search (or heck, start menu search) on how to open a port or allow a program, let's just turn the darn thing off, right?

Anyway, I guess I was more questioning why people claiming to "know a lot" about computers are trying to suggest and promote the idea that least user access isn't security. Because like...it's so totally about security. Are they joking?

I know there will always be people that turn it off just because they couldn't care less, and that's fine, they can enjoy their drive-by malware. It's not a matter of IF, it's WHEN.

 

From strong to weak IMO


Limited user

Admin, UAC on max, used with care

UAC (on Max) set to auto-elevate denying unsigned programs to elevate is hard devision between Admin and LUA for a subset, hoping the AV will catch malware which is signed

UAC on, blindly clicking away all pup-ups makes UAC useless in practises or UAC off

 

Back when Vista was originally released, didn't Microsoft emphasize that UAC was not a security tool but a convenience tool? I believe MS has changed their stance over the past few years and now claims UAC is needed for security reasons.

 

hitchhikers guide to "hack the planet"

 

Although I have UAC enabled, I don't remember saving me from anything dangerous. The antivirus is gone from my computer, I think the UAC will be next.

 

Ditto.

 

I have it disabled. It gets annoying, and when I got infected in 2008, there wasn't a peep from it. Plus I have AppGuard.

 

Because when does it really save you? I leave it on because it's tied to the Windows token system and I don't want to mess anything up now that I've installed my programs already.

The fact is that if I get an exploit in one of my programs and it asks for admin access I will probably know not to give it. 99% of the users out there will see "Oh, Firefox wants something, ok" and click yes.

It's a security mechanism that relies on
1) The user making a decision
2) The user being informed on the consequences of those decisions

Neither of those are very strong security imo.

UAC is best used as a developer tool ie: taking advantage of low rights or at the very least not hogging admin rights whenever possible.

 

You guys still are not getting the point, I'm afraid...

1. Some of you are claiming you turn UAC off only to replace it with another whitelist/HIPS technology that relies on the same concept - user knowledge.

2. Some of you are claiming it "does not seem to save you." Well guess what, I have had antivirus software installed and for the last 2.5 years and it has not needed to save me. Same goes for my firewall, least user access, and sandboxing. With my careful browsing habits, I have been lucky enough to not stumble upon any exploits. Does that mean I should disable my firewall, least user access, etc.? NO! Come on guys, we all are Wilders users, it should be common sense that...well...common sense online can only go so far. There are legitimate websites getting hijacked left and right. It is for this reason that "it does not seem to save me...yet" is not a valid reason to abandon security at all.

3. I am sick and tired of people using the "user error/click happy" excuse as a reason to turn UAC off. User Account Control is directly related to the exact, identical principles that state importance of least user access. If you are arguing or even considering that least user access is not a significant security measure, then I am sorry to inform you that you are not thinking correctly. If you need to look that up, go do that, and you will find countless Microsoft TechNet documentations and white papers, even from antivirus vendors, arguing for least user access.

Beyond that, by misunderstanding the purpose of UAC, you guys are essentially arguing that least user access is not needed. By suggesting that non-tech savvy users will just "click yes anyway", you are also insinuating that they might as well turn off UAC and run as an administrator full time. You could not make a more irresponsible recommendation - that is the worst thing to do for computer security. You are essentially downgrading and putting at risk all other layers you install to the system by doing that. Not a smart idea at all.

So in closing, if you do not find User Account Control to be convenient (which I find it highly convenient as I can run non-admin full time), and you wish to disable it, then your only other option to be just as secure by the means of least user access, is to run as a standard user full time and only switch to an administrative user when you need to make system changes or installations.

But it is clear that is not what you guys are implying. You are implying you don't want to deal with the least user access, and would rather install other technologies to rely on. I am a huge proponent of whitelist based measures like application sandboxing software, but I am a bigger advocate of utilizing the built-in measures of Windows first. You guys should know by now that when you run as an administrator full time without the Admin Approval Mode system of UAC, you run a considerable risk of malware running at the same level as your security software, and having an easier time disabling or corrupting it. This goes without saying.

All of this should go without saying. Least user access is one of the most rudimentary, yet also most effective first steps you can take for the security of any operating system. Yes, it is a first step still, and is not sufficient by itself, but it makes a huge impact on your security. There is no argument about that; it is pure fact and has been proven. All User Account Control does is aim to make that more convenient. If you disable UAC, you either just made your life as a standard user more irritating, or you made your admin account completely insecure. Your choice, your computer, but I would be highly opposed to recommending that to anyone.

IMPORTANT: I realize I need to add immediately the disclaimer that by "idiots" in the title I am NOT referring to you guys here on the forums. I am referring to the people who write such tweak guides and come off as "experts" when they are telling users to do things that have a considerable negative impact on their security. I am sorry deeply if it came off as me calling you guys idiots, as that was not my intent.

 

I personally turn UAC off on my machines .Most of my friends and family who have their own pcs have UAC enabled but dont know what it does or what its for other than being something that dims thier screen occasionally when they click certain things.They then go ahead and click anyway.The majority of my friends and family dont know what UAC is for and dont care.Personally I think UAC is badly implemented in its default state.For the majority protection is better performed invisibly without any user intervention ..imo

 

So then you are either going to be running as a standard user for your daily computing tasks, or running as an administrator insecurely and putting your other layers of security (like av) at risk.

 

Simply putting it, if people do not understand XYZ functionality - whatever it may be - and, if it's something that gets in the way, then they will seek for a way to disable it. Then, they'll spread the word. Those who hear it, will also disable it, and simply because they also don't understand it.

Note: I'm excluding those who know what they're doing, when they disable it.

For instance, let's take the example of Java updating mechanism. Java will add an autorun entry, so that from time to time it checks for updates. When this happens, it will ask administrative permissions to the user. My question is: Will MOST know that alert is for Java or simply something called Java? Oh, it must be Java wanting to update. Let me click Yes.

Guess what? It was a piece of malware, using a stolen digital signature. It wouldn't be the first time. With this people UAC is a false sense of security and nothing else.

They first need to know what's a digital signature and what each UAC alert means. Then, they also should be aware of the fact that malware has used stolen digital signatures before. So, what's the point of UAC for them, if they will probably and most likely just click OK/Yes?

These people are better off with other preventive measures. I'm not saying to entirely disable UAC. Not at all, otherwise those using IE9 will loose Protected Mode, but it's possible to teak UAC enough while still retaining Protected Mode.

There are other preventive measures, that won't demand as much from the user.

For instance, if one sets up somebody's system running Java to automatically elevate Java updater, and alerts the user for that, then the user will know if a warning appears about something called Java, then it's no good. And so on...

Install them a decent antivirus, install them some browser extension that will alert for malicious domains; educate them to check files with Virus Total as well. I have created a dedicated browser profile just for that task for a relative of mine; it makes it more "easy". My relative just needs to click the browser icon in the tray bar; nothing else.

You'll just have to understand some people simply do not want to waste their time with these kind of stuff. The same way I have no interest in wanting to know how to make pants.

-edit-

I'm excluding other security measures, such as isolation applications, etc.

 

I always run as an administrator( i personally dont think theres that much of a risk to my pcs) as do 99% of my family and friends who purchase a new pc/laptop and follow the new pc setup instructions.In fact I dont know anyone who has purchased a new computer and not setup as an administrator.Most dont know what that is anyway and just follow the setup prompts.If they did i guess all the security companies that we like to use would be redundant

 

UAC is only helpful for "superusers". They are the only users who understand the concept of admin rights or why a webpage shouldn't need admin rights.

For the other 90% of users, they will click ok without reading it. A disabled UAC is exactly the same as one that gets a yes click everytime.

Even still, I keep it active and don't recommend people turn it off. It would be better if more information was given so an average user could figure out the correct answer. If they would read it that is.

 

I do not recall UAC [either on Windows Vista or Windows 7] saving none of my clients [“clients” : people I've helped clean up PCs from infections] from getting infected by...let's say Fake Scanner Pages...They just see the fake page loading while relying on Java Script, telling them that they have “855 infections” and they soon click on it and download the trojan downloader who installs the fake AV and POOF !

Even UAC many times doesn't alert them about clicking on the fake AV because it doesn't require elevated privileges to install.


But...stupid as stupid does...there is no cure for stupidity...


People can have AV, FW, AS, anti-exe, anti--everything and even...get infected...


Carlos

 

UAC is pretty much useless.

Anybody who is click happy should have their own computer & suffer the consequences. Or run Linux and really be protected. Not the psuedo-protection of UAC.

 

No, UAC is not useless. To be useless, everyone would have to say it's useless. It's useful to me. It allows me to elevate whenever I need from within a standard user account; therefore it's useful.

Without UAC, IE9 would be running with full administrator rights, if the user is running as an administrator. In a standard user account would run with the same set of privileges a standard user would have. UAC forces IE to run in a very restricted environment.

The issue is the user him/herself. Let's not try to focus on Linux, and Windows is the issue, when it's not. But, allow me just to say that Anybody who is click happy should have their own computer & suffer the consequences could also be applied to Linux or any other O.S other than Windows.

If these problematic Windows users were using Linux, you'd be saying they should use a real secure O.S, such as Windows.

 

1) I've argued the same exact thing for noisy HIPS - they rely heavily on the user and it's the same reason as UAC that I don't use them.

2) I agree. Saying "Well it's never saved me" just means you haven't gotten unlucky enough to get into the situation where it would. That doesn't mean it's worthwhile.

3) UAC is based on least privilege but it's best used as a developer tool - not for users. If a user can know to deny and allow which programs every single time than sure it's a fine tool for users. The average user will never know nor can we expect them to care to know.

LUA is nice. Access restriction is at the basis of all security. UAC's "backend" MIAC system definitely plays to that thankfully. But the "frontend" that interacts with the user is fairly useless for anyone who doesn't understand it ie: the vast majority of users.

Again, UAC is a dev tool, it's protected mode. Applications should never give UAC prompts ideally and if you ever get a UAC prompt you should always be able to hit "yes."

I think that disabling it is a bad idea because it can screw with the ACL/MIAC system but I don't really like the concept.

 

UAC is one of those features I did use for a couple of weeks before disabling it. I don't think it is useless but it definitely is annoying.