Do you disable UAC?

When this thread first started I was reading along hoping I might learn something but now that it has turned into a mud slinging match I'm bored.

From what I have read I have now changed my UAC setting from the default to the max setting.

Thanks to @Martin_C plus some others.

 

Yeah, I've noticed that too. They will be closing the thread soon if it keeps up.

 

Dang guys, i'm surprised this thread hasn't been locked yet...I appreciate all the good info from the more advanced users...I may try out UAC for awhile on a VM to see if I can deal with it...regardless if I use it or not, I truly believe i'll be infection free because of my safe browsing habits and my installed security. Most people have no clue what UAC really is, and the sad thing is it will be ignored by most.

 

Up until a few years ago I disabled UAC. These days I just do the unthinkable and run from the built in Admin account with Windows 7. It's not as bad as it sounds at first though because I don't have to deal with any of the annoying prompts for anything I do from my actual account BUT I do take the extra steps of launching new or untrusted (internet) programs as a limited account I also have setup with a default deny setting in group policy. That doesn't take into account the other security programs I use but I no longer disable UAC as a result of the current setup. It's certainly not for everyone and still carries some risk if I were to be careless but at this point my setup has been fairly well refined.

 

What's important to mentions that with Windows 10 all internet facing run as Apps (in AppContainer). Low Integrity Level processes can't mess with medium level processes and medium level processes can't mess with high level processes. More vulnarable processes running in low, reduce the chance of making wrong decisions (also considering the fact that Smartscreen will warn you first for unknown programs) when faced with elevation prompts.

I have even raised the UAC setting to block elevation of unsigned programs and requiring password for elevation. I apply this tweak since 2010 without any problems. Programs I use a lot which require admin rights I have given admin rights through taskscheduler.

Everybody is free to his/her own opinion, but I disagree with "experts" advising on to disable UAC and often disable UAC on PC's of friends and relatives.

 

I concur with UAC@max&SUA; world is indeed not flat.
Seems quite silly to not take full advantage of integrity levels since Vista.

 

I did this as well on my admin account.

same here.

 

Great to log into Wilders today and see that it was possible to get the friendly, helpful and constructive posts back in this thread.

Big thanks to all of you

 

So what, you're daring me to turn on UAC, and to see just how brilliant it is in stopping malware attacks. Like I said you missed the point once again. And you do realize it depends on user input don't you? It only takes one click on "yes" and it's game over.

Backpedaling and putting up a show? You're the one who made this thread "entertaining". I've never seen a more pathetic post on any forum period. EDIT: Toned down a bit

 

And your point is? It's not my fault that people don't understand the difference between certain things. It's a pretty weird conclusion if you ask me, "more people are either not agreeing or not following him, so he's probably wrong".

 

Ludicrous...

 

Yes, I'm done with this thread. Come on guys we're talking about UAC, according to M$ it's not even a true security boundary.

Features that are way more interesting:

- Mandatory Integrity Control
- Kernel Patch Protection
- Device Guard
- SMEP

 

Ah, so after huge numbers of confused rambling posts by you @Rasheed187 about UAC in a tons of UAC threads, you now tell us this :

That was your strongest trump, when told to show us your superior intellect in action.

A big blank empty nothing.

Don't worry, @Rasheed187. You no longer have to prove anything. You have just showed us how much your statements are worth - in this thread and in every other thread.

 

I'm done with this thread because a moderator has asked me to tone down a bit. Speaking of "how much your statements are worth", it says a lot that not once have you tried to address my post about you "lacking technical know how". Come one Martin_C, stop acting so emotional, enough is enough. And if I'm correct you stated a few posts back that you was also done with it:

 

@Rasheed187, you repeatedly talk to me as if I'm a complete idiot.

In other threads you talk to other people as if they are a complete idiot.

There's no reason to talk to people that way.

In this thread and in pretty much every other thread you are represented in, we can see users repeatedly telling you to test things for yourself.

You always refuse.

And you always follow up on that by talking down to people, to turn the conversation away from you having to test anything.

I really don't care how much energy you spend on trying to portrait me as an idiot.
I have a colleague that suffers from Tourette's syndrome, so I'm used to ignoring such outbursts.

And considering how much time you have spent on telling me that I'm not intelligent enough to be on Wilders, you could instead have done the testing requested in both this thread and ten other threads you are represented in.

 

Oh, IMO it is. It all depends on how you configure it. Also UAC prompts never nag me because when I see those, I've triggered them on purpose, e.g when I install software or update them.
A HIPS is superfluous and complicates a security setup. And why introduce a new attack vector when you could work with Windows's built-in tools? Yes, tools as in plural. I don't think anyone has said UAC alone, especially in its default level and using it in an administrator environment/accountis going to make your system so much more secure. Use it in conjunction with a regular account, set UAC max & require an admin password & disable auto elevation - right there, you have what UNIX / Linux world has had for decades ; this is an equivalent to "-su" (to admin) that comes with a nice GUI as a bonus!

Years ago I tried HIPS for a couple of months and found the pop ups very annoying. At one stage, I started to simply ignore the warning messages and clicked yes to allow.
How do you determine, as a normal or should I even add, a reasonably savvy computer user to whether or not to allow those injections and whatnot that x wants to do to process y?
Google them up every time? It didn't work for me and it surely would not work for a regular guy that does not know much about computers to begin with.

I have forced my family to use a regular account, with UAC max + admin password, disabled execution in certain folders and they have never been infected with malware.

But, if you fully know your system, by that I mean having a deep, deep knowledge on how your OS works, I would say a HIPS + admin account could save you from being infected.
But for the rest of us? No way.

 

I think layered security is the best approach. One day HIPS may fail (or your judgement : to allow or not allow) and UAC could save your day.

 

Martin_C, with all due respect, you're the one who started with the personal attacks. You called me confused, I fired back and you obviously didn't like it, so you tried to portrait me as someone who doesn't know what he's talking about. But as you can see, it's actually the other way around, since you're the one who misinterpreted my posts in this and other threads.

And the fact that you continue to repeat that I should "do some testing" shows that you didn't understand the point of the conversations in those threads. Leading me to the conclusion that some of those discussions are over your head, but there's nothing wrong with that. So it's not me trying to portrait you as "an idiot", you're doing it yourself.

 

True, but I'm not willing to put up with the annoyance of the "expected alerts". Like I said, HIPS could easily implement an "elevation blocker" but it would be the first thing that I'd turn off. But the fact that they didn't implement it says enough.

People misunderstand why I keep bringing up HIPS, it's not because I expect UAC to work exactly as a HIPS, it's because I was trying to explain why I'm able to put up with HIPS alerts, but not with UAC alerts. But anyway, here are some interesting articles:

http://www.networkworld.com/article/2295224/lan-wan/microsoft--uac-not-a-security-feature.html
https://4sysops.com/archives/thoughts-about-user-account-controls-uac-primary-design-goal/

 

BTW, to clarify, I do not think that Martin_C is an idiot/not intelligent or anything, he does seem to know quite a lot about the UAC subject. It's just unfortunate that he misunderstood most of my posts in this and other threads.

 

I'm tiered of what's going on in this thread.
Already set the most annoying member to my ignore list,
but how do I mask the whole thread invisible?

 

@Hiltihome Why not click on Unwatch Thread so you no longer get notifications?

 

I can't understand all this treble when the fact is in the logic of the things. UAC is simply a blocking-alerter of low level, not too strong, not understanding and unthinking. HIPS monitor and understand all activities in the system, protect the system from unwanted consequences of process and applications working in, and many other things. No match.
As I already said, iust a simply anti-exe is much better than UAC.

 

That is pure logic.

You drive a car (OS), you have an airbag ( HIPS) but it doesn't mean the seatbelt (UAC ) is useless even if it is annoying and uncomfortable to wrap it around your body (alerts).

im sure no one here drive without a seatbelt.

 

We all know that Anti-exe or HIPS offer "better" overall protection (in experienced hands), they are designed to cover the whole system when UAC was designed just to block unwanted elevation requests.

The real debate is supposed to be: "Does UAC is useful or not?" (from beginners to experienced users).

- @Rasheed187 and some others said: "no , because i have other security tools i deem more reliable and UAC is annoying"
- me and some others said: "Yes, because it is another mitigation tool even if you have other protections, and it is more convenient for beginners than a HIPS or similar tools"

From that , it goes hot because the question was turned to: "Does UAC is useful on my system or not? " ( when it shouldn't)

We don't care about a specific systems (because each are different and can't be used a discussion basis, so it is pointless to talk about it) , we care about UAC usefulness in a default system (aka Win7/8/10 with built-in security tools : Windows Defender, Smartscreen, Integrity Levels, etc...).

Some average users don't even think to add any security softs , this thread is supposed to educate them about what they already have (and does it give them some malware countermeasures) before adding an AV or other softs. Many don't understand what is UAC and just see it as an annoying feature.

This forum is supposed to teach people (beginners and experienced alike); how can we help if we give conclusions that are based only on our own scenario and context?
Teaching is about understanding what the less knowledgeable person in the audience knows, so we can fill the holes.
If, us, experienced users start to give conclusions based on our own personal knowledge and security setup, then we mislead them and put them at risk.

If people can't understand that, better close this thread because it has no value.