UAC in windows 7

Do you need UAC enabled when you have admin rights,and good antivirus & firewall.I get alot of pop-up's from programs when I have UAC on.Ccleaner, Mbam, Mydefrag, etc
Badcompany.

 

There are a number of good discussions about the pros and cons of UAC. Have a look at this one. It may help you decide.

https://www.wilderssecurity.com/showthread.php?t=320552&highlight=UAC

 

Thanks for the link, After reading, I'm even more confused.
Badcompany.

 

personally, i leave it on.

with UAC on at default or maximum it gives the same protection to Windows as running as a standard user, or very close.

 

Yes, I agree. It's probably best just to leave it on. It's only as good as the user with Admin rights though.

 

The first thing I do when I install Windows is disable this POS UAC!

I click yes to anything anyway. I am the admin, I know what I am installing, I have a good security suite

thanks bye

 

not so fast.lol

UAC does much more than warning when installing programs.

with UAC on, IE runs 'sandboxed' (Protected Mode).
also, using UAC virtualize/protect the registry, Program Files et C: Windows.

someone please correct me if i'm wrong.

 

sandboxed? there is no sandboxing involved, it just asks you if you would like to run or install the app as an administrator user...which most users (n00bs or pr0s) click yes to

I have Kaspersky Internet Security which also offers Sandboxed run for an app...but I never used that feature either as Kaspersky Internet Security immediately informs me should it run across a suspicious or harmful file

Maybe if you were running a system with no protection you would wanna turn it on...

but UAC is the most annoying thing Microsoft has created

I don't want to click YES for renaming a file in the C:\ directory or program files start menu for god's sake! I want a real security guar (ie. antivirus or security suite not a stupid UAC pop up annoyance)

 

Wrong.

There are already a few threads about it, but I can say that there's something called UAC Virtualization. This exists to provide compatibility to software (32-bit processes) that are either prior to Windows Vista or weren't developed from scratch to comply with how Vista/7 works.

What I mean with this is that, since Windows Vista, by default any user will be running under what's called Protected Administrator account. This means that applications prior to Vista/7 or not developed from scratch to comply with how they work - a user cannot access HKLM, Program Files and Windows - won't operate as they normally would, considering they will be running with the same privileges the user has.

Imagine you got X application that needs write access to HKLM, Program Files or Windows. It either will fail to work or malfunction.

To prevent that situation, Microsoft added UAC Virtualization to Vista/7. So, whenever any of such applications try to write to any of those secured locations, outside of the reach of a standard user, UAC will redirect those attempts to other locations, called VirtualStore, both in the Registry and the file system, in the user's profie folder.

It's all about compatibility for 32-bit processes. If a 64-bit process doesn't work as it would be expected, then it will simply fail to work, because there's no UAC Virtualization for 64-bit processes.

But, UAC Virtualization, does come with an added security benefit. We can add any 32-bit process to run virtualized and any attempt to change any of those secure locations, will be redirected to VirtualStore.

 

-edit-

If you disable UAC, applies will have all the rights they need (if they weren't developed to comply with how Vista/7 works); but, if someone runs as standard user account, then if they happen to use any of such applications, then there's a good change some apps will malfunction, or won't work.

According to Process Explorer, even some Windows processes run with virtualized.

For instance, Internet Explorer (32-bit process) runs virtualized. But, in this case, is to allow changes to user Documents, for example by extensions running under low integrity level, also known as Protected Mode. (-http://msdn.microsoft.com/en-us/library/bb250462(v=VS.85).aspx)

Of course, if you disabled UAC, then Protected Mode is gone, and there will be no issues with Internet Explorer's extension not being able to write to user folders. But, users do lose Protected Mode.

It's all about knowing why something exists, if we need it, etc.

 

You're correct that "sandboxing" is not technically accurate but the implication of greater security is. With UAC On IE can (optionally) run in protected mode, which is "low integrity" (most apps run at medium integrity with UAC on). This provides better protection if malware manages to get into the system through the browser since it will also execute at a low integrity level.

 

I agree. Bye UAC. Besides single click, disabling UAC is one of the 1st things I do on any system.

 

Exactly, with all those nice things said above about running in protected mode. I don't care about it really...

I mean I am not some n00b user. But anytime UAC would pop up telling me yes or no... I always click yes.....

If I try to install some app...then I get a pop up saying...xxx.msi wants to run.....yes or no..........i will choose YES always....since I know I am installing one of my apps......

IMO, good antivirus is all you need....disabling UAC saves me a lot of time and useless clicks

 

I keep it on. On highest setting too. Layers, all working for me

 

I disagree, it actually made life easier when running with Standard User Account, which most people should be using. And invoke only admin rights needed.
Like above, I have mine at highest settings .

 

I agree with you, I can't stand UAC. I always disable it on my own computers. On other people's computers I leave it on, but it a constant source of annoyance for me.

For the average user however, I would recommend leaving it enabled.

 

With standard user account and password protected admin, windows behaves like linux. Asks password for every uac promt, i like it

 

one of the worst posts I've seen on a security forum (particualarly since your a pr0 not a n00b

do you know how easy AV's are to bypass? do you know the difference between full blown admin rights and protected admin rights? do you like reformatting machines?

 

You're not taking into account times when UAC may pop up when you're not installing an app, and not expecting it... when something unexpected may be going on....

 

For years people have been complaining about MS lack of security specifically with XP. With Vista, UAC was introduced, and people started arguing about its efficacy.

It may be annoying to some, but an important security layer built in the OS. Some years ago I read the results of an AVs test about rootkits, and interestingly enough, the testers had to disable UAC as it was blocking them all (sorry no link). Nowadays I've read that some rootkits manage to bypass UAC, quite possible, but running as Admin with UAC on I think it's a nice compromise.

 

Even though it's not your own, for example a friend's or a client's? You should definitely stop doing that. LOL.

 

I can't stand double clicking. LOL

 

I don't need it, one reason I will not install Win 7
that is what imaging your drive is for
best anti-mareware there is, if you get infected
just turn on your image drive and a few clicks
go drink a cup of coffee come back to a mareware
free computer

 

problem is that there is no 100% sure way to know if you are infected.
some virus are made to operate invisibly.

 

Default UAC settings in Win7 can be 'bypassed' due to it's design:
http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

I'm not saying it is a must but I'd recommend those users who wish to keep UAC on to set it to "Always Notify". While UAC is no security boundary when compared to LUA, it helps those who wish to run as admin run more 'safely' as the admin now runs in Admin-Approval Mode with a standard user access token by default.

All of these have been explained on these threads (take note of posts by Winchild and MrBrian especially):

Is it necessary to run as Standard User on Win7 when UAC is enabled?
Standard Account vs Admin Account

I've been running with UAC on at max, and from my own observations, I have mostly been clicking Yes to UAC prompts too. However, that is because I'm purposely elevating to admin rights for trusted programs and when doing trusted changes to the system. If I'm always clicking No, it means there may be something wrong with my computing habits.

Antivirus and UAC are not interchangeable...you don't replace one for the other as they're 2 different security technologies/ideologies. A person can run without UAC and without AV and still have a reasonably good security setup.

You can remove "UAC" as a reason for not installing Win7 from your lists lol. You can always disable UAC on Win7 and revert things back to how admins work in XP. Btw, UAC isn't an antimalware.