How safe is UAC within a Standard User Account?

Discussion in 'other anti-malware software' started by HAN, May 5, 2010.

Thread Status:
Not open for further replies.
  1. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I know there are supposed to be ways to breach UAC from the Admin accounts. Does the same hold true for a Standard User? Does it make any difference if the Standard and Admin accounts are password protected?
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Han,

    A standard user denies access while and Admin will get an UAC prompt. The whole idea of the secured desktop pllus password is to minimise risk of intrusion. It helps when they are password protected.

    Vista UAC is one level higher than the default Windows 7 UAC (you have to raise the slider on on WIndows 7 to have same coverage as on Vista),

    I am passed the stage of worrying about theoretical threats. Normally I would say, that with UAC full (+password and safe desktop prompt), running mail in more restricted internet zone and running browser or tabs in Low Rights mode is very secure for average use, when you add
    - facebook PrevX freebie
    - Trusteer Rappor
    ==> both protect the browser process. Running Low rights mean that one can't infect higher right sobjects (of normal user, admin and system)

    or use stronger containment (PrevX, Comodo, Returnil etc)

    Regards Kees
     
  3. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Thanks for the answer. :)

    The main reason I am asking is that with my XP PC, I am running Sandboxie, Avast AV and will soon be adding DefenseWall. I am satisfied it is a solid means of keeping the bad things out.

    But for my new little Win 7 netbook, it's more sensitive to what is running (much, much more limited resources.) I have Avast on it, have UAC set to the highest setting, and also run Sandboxie. I intend on doing the bulk of my internet activities under a Standard User account. I'm thinking that DefenseWall may be a bit of overkill. Am I right??
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From a security standpoint, the strongest protection is to use UAC at its highest setting with a standard account (with a password) but never actually elevate. Instead, use fast user switching to switch to an admin account to do only admin activities while avoiding potentially risky activities such as Internet browsing, viewing PDFs, etc. If fast user switching is too inconvenient, you can use various programs to avoid typing passwords in response to a UAC prompt while in a standard account.

    Some related threads:
    https://www.wilderssecurity.com/showthread.php?t=250816
    https://www.wilderssecurity.com/showthread.php?t=258012
     
  5. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
Loading...
Thread Status:
Not open for further replies.