Do you disable UAC?

@guest : I hear you and I know what you mean.

However the problem with these average/advanced discussions are that are whole debate becomes screwed.
You will have users that think of themselves as advanced because they found the site that holds the debate, and you will have users that has misunderstood everything, but they will just say : "No, no - they are merely advanced", and you will have users who has disabled everything because they are on a suicide mission through cyberspace.

Two pages into such a mix and the debates has fifty heads and tails and no longer a meaningful purpose.

To claim that UAC are basic and HIPS are advanced, are fundamentally wrong. They have nothing to do with each other.

The OS are built to separate userland and system areas and does so perfectly with UAC on max and using a standard user account. This is the foundation in every major OS.
It has nothing to do with being basic. It's a fundamental design in every OS.

The default UAC level however in this implementation on Windows are the sad consequence of back in early days of Windows, where someone took the wrong decision and made default user admin in the Windows ecosystem.
Microsoft has been fighting ever since, trying to get away from that.
It's a slow move due to the size of the Windows ecosystem and the fact that there's this constant ridiculous desire to be backwards compatible due to a slow-moving enterprise sector that refuse to accept that sometimes you simply have to update the binaries from 20 years ago.
So default UAC level are this bridge between the right way of doing it and the wrong way of doing it.

But with UAC on max and when using a standard user account, then the fundamental security in the OS works as intended.

HIPS are an addition to this, if a user likes to micromanaging their setup.
It's not a substitute.

That is where this UAC debate goes wrong every single time.

To claim that a fundamental design structure of a OS are basic and only for novices are wrong.

Never in all my life has I heard a UNIX or Linux user claim that the fundamental security in their OS are just a set of training wheels to be used by novices, and when advanced then they run as admin.
Never ever, ever heard of that.

This disillusion about being able to reach a level of expertise where a user are suddenly above and beyond the design of the OS, are a disillusion that only exists in the Windows ecosystem and the sole reason why marathon debates like this on pops up ever so often on tech forums.

 

@guest : And I fully agrees with you that one reason why threads like this one becomes a war zone, are because there will be users that has chosen a specific setup and then stand firmly on defending that, that is right and everything else are wrong.

It will never benefit other users, no matter if registered or the many times bigger crowd that are just passing through.

That is the case in most IT threads.

We share the view, that discussions such as this one should never be about one specific system and the chosen risk level of that system.

That is the choice of the individual user and will never have any meaning/value to the next user, if someone else has chosen to live on the edge or not.

 

This can be used in every future UAC thread.

And yes, a nix user claiming to be able to run root due to his HIPS knowledge would be a novelty. Or some XKCD joke.

 

Ok.

Again, the "security bug" mentioned in the article is highly dependant don how you configure UAC. And the rest of the system.

When I read some of the posts (not necessarily this subforum) plenty of drivers disable both the airbag and disconnect the seatbelt and claim accidents never happened to them!

 

Well, perhaps there should be no debate at all, since it all depends on user preference. I already said numerous of times that I'm speaking for myself, and everyone should decide what's best for them. They don't need me telling them what to do. People who install lots of apps will become annoyed, others won't.

At the end of the day, if you need to protect "normal users" against malware attacks, UAC should be the last thing you think about. It's stuff like AV, anti-exe and sandboxing that keeps the system safe. Also, don't forget that UAC relies on user input, it's not designed to auto-block attacks, like some security tools.

 

Yes I agree. But that wasn't the point that I was trying to make. But I did come to the conclusion that it's pointless to come up with ideas to make UAC less annoying and more of a security tool, because M$ never intended it to be like this. The main idea was to force developers into writing apps that don't need to run with high privileges, except if it's truly needed. That's why they already have said numerous of times that UAC isn't a true security boundary, and that's why they downplay UAC bypasses.

 

I was not going to post in this thread again, because Lord knows I have seen where these type of threads go enough times to know, it is an absolute waste of oxygen. That said, I would like to personally nominate this post by you @guest as the best post I have read in this entire Thread. This is the bottom line, guests reading these type of threads are quite likely to disable their UAC thinking it is an annoyance to them as well, and do it "because that guy did" and he said it was useless, not realizing that they are simply allowing everything on their system to run unrestricted period.

 

There are plenty of other sites where you can find info about the pro's and cons of UAC and other things. I think people are smart enough to make their own decision. This debate isn't new, since it was introduced back in 2006 (Win Vista) you already had lots of people complaining about it. Again, UAC isn't even meant to be a security tool, so all in all it's a pretty silly discussion, if you ask me.

 

All this post on how great UAC is and we should use an Standard user account and a layered setup, otherwise, we are dummies and we are going to get infected, is kind of turning me off and its got the rebel in me to come out. As of this moment, I am turning UAC off. And continue to live happily ever after running as an Administrator as I always have, and without using a layered setup.

Bo

 

And I ll add something. The best security setup is the one that YOU, the user, the individual, get to it on your own, you discover it on your own, not the one that's best for the masses.

Bo

 

What works for one user does not work for another.

Insistence that one's own point of view is the only correct one - and getting everyone else to agree - is the face of stupidity.

There is no right or wrong to anything IT; it all depends upon what the user wants, what works for them, what they're willing to tolerate and not tolerate, etc.

I find it ludicrous that, on certain Wilders threads, simple discussions always seem to turn into absolute obnoxious bedlam...

 

From what I have read from you is that you have never used anything else than an admin account as a real user, maybe test of course. And SBIE is to safe all you from past when you always got infected. Of course from past we did not have any UAC.

Myself I don't disable it and have seen it popup on a few cases that were a hack, so not allowing it was good!

 

My opinion as well.

Bo

 

So simple that it is absolutely brilliant... innit ?

 

When I first started using W7, I turned it off and then later, I decided to turn it on to see what happens. And even though I don't like popups, I found the prompts rare and few so I left it on. I know exactly when I should get the prompt and I have been using UAC in a way that if I get a prompt while I dont expect it, then I know something might not be right. In my case, I never had a UAC popup for something that made me wonder.

Bo

 

If a user doesn't download and install apps after they have clean installed their OS and installed their desired softs - virtually all of this discussion is moot.

 

Thats pretty much my case use of the computer. I hardly ever install anything new in my real system. My computers are static. I test a lot of programs but only temporarily and to see how they interact with Sandboxie, to check if they conflict with SBIE. I usually keep them for a few minutes or hours. If I am using the W7, I get the UAC prompt, as expected.

Bo

 

Have you ever seen a "blocked by publisher" UAC pop up? How about this file is not digitally signed? How about "You have been blocked by your system administrator from running this program" pop up from UAC? Sounds very much like it could very well be perceived as a security tool, really depends on ones perspective really.

As I stated earlier, if you chose to not use it, that is your business and system. For the general masses, which "yes that is exactly what these type of forums are for" this needs to be kept in mind, that many people looking for advice or just to learn a little will be reading these as guests. I'm stepping back out of this thread as it will just go on and on, same things repeated/reworded.

 

@Rasheed187:
You have been reading up upon UAC since yesterday I can see, because I know exactly what blog post from 2009 by Mark Russinovich that you have been reading.

That is good and I'm glad you have picked up interest in the background on this.

However, you are Binging/Googling the wrong cue words.
If you want to read up and understand these principles, then it's "Privileges" you need to research. Not "UAC".
Start reading up on UNIX, things are a bit more square there and amazing documentation. Then move on to Windows.

The blog post you did read however, you misunderstood.

What you have misunderstood are what I have already said several times - UAC are a convenience to lessen the burden of running as a limited user.

UAC are NOT a security boundary.

Standard user account (a limited user account) on the other hand ARE a security boundary.

This is where so many go wrong when reading up on this. Yet this is the essence that are important to understand.

UAC are implemented to facilitate granting elevation from your limited account, without switching accounts.

You are not the first to find this confusing, so PLEASE, PLEASE don't be mad at me again for saying this.

It's not the prompt that are the security boundary.
It's the separation between admin and user accounts that are the security boundary.

Anything that can cause a privilege escalation are hit down upon with zero tolerance. Not just by Microsoft, but in any OS by any vendor.

The default UAC setting are a compromise that doesn't take full advantage of the separation possible.

The part you have read about UAC and developers needing to learn to not take elevated privileges for granted, does not mean that UAC was implemented to teach developers a lesson.
As part of UAC several parts of file system and registry are virtualized.
This is done for two reasons. One is backwards compatibility, since programmers took admin rights for granted in the past on Windows. So in order not to break the majority of programs of the time, the areas they expected to be able to access was virtualized.
The other reason are security. The virtualization means that less actions will require admin rights and changes done are contained in that account.

So in short, UAC on default on a Protected Admin account are a hindrance to malicious actions.

UAC on max on a standard user account are a security boundary.

That is the big difference and that is why it's important to turn up UAC to max and use the limited account.

The UAC bypasses you mention, are mitigated when UAC on max combined with standard user account.

That is the basics.

Things has then been refined with the introduction of SmartUAC in Windows 10 that for a big part will mitigate malicious elevation, but I have already touched upon that in an earlier post so no need to repeat that.

Anyway, long story short - take some time and read about privileges. That is what all of this boils down to.
It's a huge subject, but I'm sure you will enjoy it.

 

Principle of "Least Privileges."; run as much as you can with least privileges.

UAC just a means to alert to privilege escalation.

That's it...

However, Microsoft has stated in the past (years ago) that UAC has been disabled in Standard User Account at maximum settings by certain malwares; UAC and SUA\LUA at that time were not absolutely "bullet-proof." Probably still the case... nothing is absolutely "bullet-proof."

 

Well, no, it does more than that. When you logged into a Win XP administrator account, you were running as Administrator. With UAC enabled in Win Vista and up, you run with a Standard user token in an Administrator account. There is also file and registry virtualization. There are lots of articles on UAC, the best of which are probably written by Russinovich.

 

@hjlbx :

NO. You are mixing things up that has nothing to do with each other.

UAC bypasses in PA accounts - one thing and already addressed further up.

Privilege escalation bugs - another thing and already addressed further up.

You post seems mostly aimed at trying to start a new mess/fight in this thread with some unbacked claims from ancient times.

Sorry, @hjlbx. I'm not gonna bite your bait.
I prefer Wilders to be calm and pleasant.

 

I'm usually one of the more tolerant participants here at Wilders, but now I'm gonna let you have it... LOL.

Don't tell me my intent.

Unbacked claims ? - M$ made those statements years ago - not I. So I have no need to back anything up - to you nor anyone else.

UAC bypass in PA or privilege escalation bugs - I know the difference - and it doesn't matter which - a bypass is a bypass.

There are those that assert that UAC is "bullet-proof" in a SUA\LUA while M$, at one time, stated it is not.

It makes me laugh when people start to toot that this or that is 100 % reliable - when, in fact, there isn't anything IT that is 100 %.

M$ has maintained the position that UAC is not "bullet-proof" for years.

Anyone who doesn't like that M$ "truth" can take it up with them directly - as I have nothing to do with - it's not my opinion - I'm just repeating what M$ has stated in the past and they have never reversed or modified that statement.

Don't kill the messenger...

 

Your forgot one very important thing ! you post in a PUBLIC forum ! many average users comes here to seek advices/confirmations , if they see people saying UAC is useless, what do you think they will do?

It is what i and others do in Malwaretips, we have a feature for that.

That is what i kept saying since the beginning "dont compare UAC and security softs" when i saw you compared it with an HIPS and wanted UAC to have some HIPS features; you even quoted me on this later.

Like everything in the world, before going deeper in security , one MUST know the basics ; UAC is one of the basics , if the average user took time to understand its mechanic, pros and cons, then decide to disable it , then i'm ok.
BUT if the same person don't know what it is, how it works and disable it just because he read somewhere some people saying UAC is pointless and add no value in a security setup, then it is wrong.

"a small value is better than no value"

That is an obvious truth , but how many among the average users have the will, dedication and time to do that. Most of them will stay in the mass, so MS had to do something to "protect" them. It is why UAC, Windows Defender, Smartscreen had been introduced in Windows. Not the strongest security, sure, but better than nothing and every year it got better.



Now, i have a question for all of you :

On a system, without using any 3rd party security softs, would you disable UAC?

(many people don't even knows what is an AV)

 

I don't.

Never mind. I misread the question.