Do you disable UAC?

Disabled, unless you click on stuff by error, or other people uses your pc in an admin account.

I don't need a popup to know that I'm installing something that is placing files is windows folders

 

I never touch UAC, it is enabled and at defaults on my win 7 machine...

 

Yes might wait until pumpernickel works OK. i Will allow chrome in user data and set an block write on that folder (with exception of updater)

Thx

 

Standard account + UAC on max here.

// I find it rather interesting that some users would spend quite a bit of time setting up EMET and/or HIPS-based applications and/or various restrictions policies, and/or who knows what elseetc., and then spend more time adjusting and tweaking them constantly. Yet they cannot be bothered to click "Yes" 1-2 times a day in a UAC prompt. Really?!
I mean, how many common applications actually trigger a UAC prompt?

 

Yes correct, it's active in the background, but apps will be able to auto-elevate when UAC is disabled.

I don't know anything about Linux, but on Windows it's not implemented logically.

The thing is, if you're using security tools, you don't actually need UAC, it's just another useless alert. UAC can protect against exploits, but security tools will do a better job.

 

@Night_Raven I have UAC disabled and only have just stated using VoodooShield to provide some extra protection. My antivirus has no proactive protection. I like my security setup to be a simple as possible, and to keep any prompts from security software to an absolute minimum.

Since disabling UAC was one of the first things I did after installing Windows 7 (I'm running Windows 10 now, but I upgraded from 7 rather than doing a clean install), I don't know how often I would get UAC prompts. Considering that I install new software just about every day, I presume it would be a lot. I can live with occasional UAC prompts, and becuase of that, on some of my othe computers, I have left it enabled. But, I also rarely install new softare on my other laptops.

I find anything more than very occasional security prompts to be very annoying. I get some prompts from VoodooShield, but at least it remembers my choices, so I won't be pompted again for the same programs. I can live without the extra security provided by UAC, so that I do not have to deal with the prompting.

 

UAC and EMET can serve different purposes. For example, UAC can miss exploits that don't require Admin privileges, but EMET might catch them.
Another example is that, if for some reason a legitimate program becomes compromised (like Firefox), it's likely that UAC prompt won't show up at all, while at the same time it's likely that EMET catches the exploit (if you've included the compromised program on EMET's list).

I don't agree with setting up EMET but not UAC, but I can understand such practice if the user knows 100% what he and the OS are doing. One can have EMET and a HIPS program (like what COMODO offers), so any suspicious behavior that comes from an unknown program can be controlled 100% without UAC.

 

My "clueless" comment is probably over the top and unnecessary, but the UAC prompt isn't just an annoying pop-up asking if you want to elevate to the administrator access token. The prompts actually offer some information about the process attempting to elevate. In this link scroll down to UAC elevation prompts for more info. You will also see that dimming the desktop is a good idea because it protects it by allowing only Windows processes to access it during a UAC prompt.

 

I have to disagree. When installing software, all apps need admin access AFAIK. So in other words, the alert is pretty useless. You will also see the UAC alert when running software that you already gave admin rights with the "Run this app as admin" setting, so again useless. UAC is mostly useful when trying to block exploits, but security software like anti-exploit are the way better option. Not all malware need admin rights anyway.

 

Oh well, I tried. I'm guessing you didn't navigate to the link and read about the information the UAC prompts provide?

 

It isn't relevant. Of course I understand the idea about UAC, I'm just saying that in practice it's pretty useless, especially when you're running as admin and are using security tools like AV, HIPS, sandboxing and anti-exploit.

Normally I wouldn't have responded in this thread, because I have said the same stuff in similar topics, but I had to configure a friends new laptop and once again it got on my nerves.

 

Yes I have it disabled.

 

Yes it can be useless if you're only thinking about yourself and not the threat landscape as a whole. And it results in better written software, so that one bug on something that doesn't even need the privileges cannot ruin the whole system.

It definitely can be implemented better, but the technical feasibility of remembering the prompts securely (SHA256 checksums for example) is not exactly easy. Of course there are bypasses, but very few (if any at the moment) work against the highest settings without at least admin privileges beforehand.

I personally don't view UAC as a security measure, but rather something every OS should have in one form or another. It's the best compromise for the vast majority of users who do not need admin rights all the time (but still need the convenience sometimes). Not all software should be given free reign to the OS.

 

These additional SRP rules in XP worked well for me...CryptoLocker

 

My take when I discover that UAC has been disabled on (often older) relatives PC's

1. Check whether they have disabled it themselves

"When a friend has done it"

2. Check whether they use unsigned software

When unsigned software exists (nearly 10 year after Vista UAC introduction all main stream software is signed)

3. Check whether they have installed it themselves

"When a friend has done it"

4. Ask how often they have installed software the last year

"When zero"

Set UAC to silent elevation
Set UAC to block unsigned software
Protect UAC keys in registry with an ACL

5. Educate the relative (3 minute brief maximum)
- using the UAC explanation of the link provided by Watt0114 (in post #59).
- showing it is still possible to run an unsigned program
- showing them the prompt when unsigned software is blocked

I know it is not as good as ENABLING UAC, but it is the second best option.

I have this also on my wife's laptop. Being an ex IT-er, I tend to keep a low profile on PC's to prevent being asked to setup friend's PC's. So when I had installed Vista Business on my wife's PC, she complained about the UAC pop-up's and a friend disabled it for her.

It took me some time to figure out how this 'friend' had managed to disable UAC (see also my first post as Kees1958 in 2007 when I had found the registry keys which controlled UAC).

note1: Rasheed was the first to respond and said he wanted to keep UAC on.

note2: When you look at the advice I gave at that time (set it to silently elevate), you have to consider my opinion on "ValidateAt evah uodminCodeSignatures" also (put it ON in about a year from 2007).

note3: My security setup has not changed a lot

 

Yes, I disable it. I always wondered how it's really effective, and anyway in the past - I believe even now - it could be bypassed. Anyway I use a multi layered defense in my pc, and UAC could create problems.

 

I'm not saying UAC is designed or can be used to replace any third party security application. I'm very far from this notion.
What I was saying was that the argument "it's annoying me with popups/dialog boxes" seems utterly stupid to me when it comes from people who advocate the use of security applications that require setup and/or continuous tweaking (like EMET, HIPS, firewalls with outbound rules, etc.). If these users don't mind spending all this time setting up and tweaking security tools, a couple of UAC popups should not be such an annoyance.
And I do realize that with multiple additional security applications in place UAC isn't all that necessary, but still it's another layer or protection at virtually ZERO extra cost.

 

Always UAC max and also require ctrl+shift-del sequence + admin password.

I see UAC prompts rarely. Only when I install software - which is very rare to begin with, and on patch Tuesdays.
As a side note, I have never seen an unexpected, malware induced UAC prompt.

 

Smart combo

 

I disable the UAC since I use VooDooShields ..on my other systems without VS I still disable UAC because it's anoyance IMO.

 

Testing malware in a virtual machine on windows 10, I generally have to allow the malware through either Smart Screen or UAC in order to continue each executed sample for testing. Let that sink in for a minute.
I keep UAC on max settings myself.

 

Yes correct, but they should have implemented some form of white-listing. If you're about to install some trusted tool it doesn't make sense to alert about it. You should only see UAC alerts when it really matters, like during some exploit attack. Fact of the matter is, security tools are way more important than UAC, no matter if you run as admin or limited user.

We already discussed this. UAC could have been useful if implement in a different way.

Yes and because you know it's malware you will block it. But what if you think it's a legitimate tool? You will simply allow it to get admin rights.

 

A lot of these security products mentioned in this thread that users are replacing UAC with also ask the user for input. I deem this not a valid reason to not use UAC. Not to mention it is built into the OS and free as others have stated. I mentioned what I did, to point out, that it is far from useless.

 

@illumination I use VoodooShield, and it remembers your choices, so you will only get prompted about something once, unlike with UAC. I can live with occasional one off prompts, but not with repeated pompts like with UAC.

Prior to installing VoodooShield, I was using nothing to replace UAC. I've kept UAC disabled ever since was Vista released 9 years ago, and for the vast majority of that time I've used nothing as an alternative. Having said that, I am careful about what I let run on my systems, so the chances of me running a malicious files are negligable. As a result, I don't believe there is any significant security risk in my case, from having UAC disabled.

 

Yes exactly, but those alerts actually make sense, UAC doesn't even let you know why some app needs admin rights, or what settings it's trying to change. So comparing UAC with security tools is like comparing apple and oranges.

Ones you give some app admin rights, all bets are off. But HIPS will still try to protect the system. During some exploit attack, a UAC alert might pop up, but less knowledge people will probably not recognize that they are under attack. So anti-exe or anti-exploit tools that auto-block the malware, are once again the better choice.