I wish they could have also figured out how this is possible. It basically means that either users give admin access without thinking twice, or they have simply disabled like UAC like myself. And in some cases, malware is also capable of simply bypassing UAC. So like I said in some other thread, LUA/UAC will not keep a system safe, especially if the user is not that knowledgeable, and is not worth the hassle.
Mostly the case. Admin Account + disabled UAC = ask for trouble Finally, all is about the user, you can give the best security software ever to him, if he is a reckless happy clicker, he will be infected one day or another. However, with an aware user , OS' built-in security can be just enough. Many people consider (wrongly) that security softwares are made to stop all attacks regardless the user's behaviors. With the OS at default setting, probably; once the OS is tweaked a bit, you hugely decrease the chance of being compromised.
@Rasheed187 : They (Microsoft) already fixed it. Happened back when UWP was introduced. Install a fresh Windows 10 build. 1607 builds are the newest currently. UAC on max, Standard User Account for all daily activities, install UWP applications as needed. That way everything you install runs individually sandboxed and you never need to grant elevated privileges to anything. So the security are already available in Windows 10. This works in SMB and Enterprise since system already locked down by sys.admin and employees can then install from the Windows Store for Business. This works for homeusers since they already knows the concept of a locked down account and Store app purchase/installation from their smartphones, and they can then install from Windows Store.
In fact, the real issue is that some 3rd party softwares are so primitively coded (winxp era style of coding) that they need admin rights to do their stuff when they shouldn't need it.
Yes, that's true. Even some software that supposed to be installed in user profile needs admin rights for installation. So it's all up to user and their knowledge.
The best security software and the best secure OS cannot protect the users from themselves, unfortunately.
@guest and @Minimalist : I agree with both of you. The problem has always been those of the third party developers with really lousy coding skills. Whenever you came across one of those, they could take down your entire system. Users without test systems, would have very unpleasant experiences. UWP are a huge improvement. Now the OS controls the sandboxing, lockdown and filtering of system access. Much cleaner and much, much safer.
This sounds interesting, I must do some reading about UWP. The goal should indeed be to reduce the need to elevate. I wonder how long it will take before all apps run sandboxed. And do UWP apps still need to be installed? Because that is the number one reason why you will get to see UAC alerts. And what about apps that need admin rights in order to function correctly?
