UAC in windows 7

Discussion in 'other software & services' started by Badcompany, Apr 6, 2012.

Thread Status:
Not open for further replies.
  1. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Do you need UAC enabled when you have admin rights,and good antivirus & firewall.I get alot of pop-up's from programs when I have UAC on.Ccleaner, Mbam, Mydefrag, etc
    Badcompany.
     
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
  3. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
  4. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    personally, i leave it on.

    with UAC on at default or maximum it gives the same protection to Windows as running as a standard user, or very close.
     
  5. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    Yes, I agree. It's probably best just to leave it on. It's only as good as the user with Admin rights though.
     
  6. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    The first thing I do when I install Windows is disable this POS UAC!

    I click yes to anything anyway. I am the admin, I know what I am installing, I have a good security suite

    thanks bye
     
  7. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    not so fast.lol

    UAC does much more than warning when installing programs.

    with UAC on, IE runs 'sandboxed' (Protected Mode).
    also, using UAC virtualize/protect the registry, Program Files et C: Windows.

    someone please correct me if i'm wrong. :)
     
  8. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    sandboxed? there is no sandboxing involved, it just asks you if you would like to run or install the app as an administrator user...which most users (n00bs or pr0s) click yes to

    I have Kaspersky Internet Security which also offers Sandboxed run for an app...but I never used that feature either as Kaspersky Internet Security immediately informs me should it run across a suspicious or harmful file

    Maybe if you were running a system with no protection you would wanna turn it on...

    but UAC is the most annoying thing Microsoft has created

    I don't want to click YES for renaming a file in the C:\ directory or program files start menu for god's sake! I want a real security guar (ie. antivirus or security suite not a stupid UAC pop up annoyance)
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Wrong.

    There are already a few threads about it, but I can say that there's something called UAC Virtualization. This exists to provide compatibility to software (32-bit processes) that are either prior to Windows Vista or weren't developed from scratch to comply with how Vista/7 works.

    What I mean with this is that, since Windows Vista, by default any user will be running under what's called Protected Administrator account. This means that applications prior to Vista/7 or not developed from scratch to comply with how they work - a user cannot access HKLM, Program Files and Windows - won't operate as they normally would, considering they will be running with the same privileges the user has.

    Imagine you got X application that needs write access to HKLM, Program Files or Windows. It either will fail to work or malfunction.

    To prevent that situation, Microsoft added UAC Virtualization to Vista/7. So, whenever any of such applications try to write to any of those secured locations, outside of the reach of a standard user, UAC will redirect those attempts to other locations, called VirtualStore, both in the Registry and the file system, in the user's profie folder.

    It's all about compatibility for 32-bit processes. If a 64-bit process doesn't work as it would be expected, then it will simply fail to work, because there's no UAC Virtualization for 64-bit processes.

    But, UAC Virtualization, does come with an added security benefit. We can add any 32-bit process to run virtualized and any attempt to change any of those secure locations, will be redirected to VirtualStore.
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    -edit-

    If you disable UAC, applies will have all the rights they need (if they weren't developed to comply with how Vista/7 works); but, if someone runs as standard user account, then if they happen to use any of such applications, then there's a good change some apps will malfunction, or won't work.

    According to Process Explorer, even some Windows processes run with virtualized.

    For instance, Internet Explorer (32-bit process) runs virtualized. But, in this case, is to allow changes to user Documents, for example by extensions running under low integrity level, also known as Protected Mode. (-http://msdn.microsoft.com/en-us/library/bb250462(v=VS.85).aspx)

    Of course, if you disabled UAC, then Protected Mode is gone, and there will be no issues with Internet Explorer's extension not being able to write to user folders. But, users do lose Protected Mode.

    It's all about knowing why something exists, if we need it, etc.
     
  11. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    You're correct that "sandboxing" is not technically accurate but the implication of greater security is. With UAC On IE can (optionally) run in protected mode, which is "low integrity" (most apps run at medium integrity with UAC on). This provides better protection if malware manages to get into the system through the browser since it will also execute at a low integrity level.
     
  12. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,515
    Location:
    USA - Back in a real State in time for a real Pres
    I agree. Bye UAC. Besides single click, disabling UAC is one of the 1st things I do on any system.
     
  13. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    Exactly, with all those nice things said above about running in protected mode. I don't care about it really...

    I mean I am not some n00b user. But anytime UAC would pop up telling me yes or no... I always click yes.....

    If I try to install some app...then I get a pop up saying...xxx.msi wants to run.....yes or no..........i will choose YES always....since I know I am installing one of my apps......

    IMO, good antivirus is all you need....disabling UAC saves me a lot of time and useless clicks
     
  14. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    I keep it on. On highest setting too. Layers, all working for me
     
  15. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    I disagree, it actually made life easier when running with Standard User Account, which most people should be using. And invoke only admin rights needed.
    Like above, I have mine at highest settings :D.
     
    Last edited: Apr 8, 2012
  16. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,238
    I agree with you, I can't stand UAC. I always disable it on my own computers. On other people's computers I leave it on, but it a constant source of annoyance for me.

    For the average user however, I would recommend leaving it enabled.
     
  17. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    329
    With standard user account and password protected admin, windows behaves like linux. Asks password for every uac promt, i like it :D
     
  18. adrenaline7

    adrenaline7 Registered Member

    Joined:
    Apr 27, 2011
    Posts:
    128
    one of the worst posts I've seen on a security forum (particualarly since your a pr0 not a n00b :)

    do you know how easy AV's are to bypass? do you know the difference between full blown admin rights and protected admin rights? do you like reformatting machines?
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    You're not taking into account times when UAC may pop up when you're not installing an app, and not expecting it... when something unexpected may be going on....
     
  20. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    For years people have been complaining about MS lack of security specifically with XP. With Vista, UAC was introduced, and people started arguing about its efficacy.
    It may be annoying to some, but an important security layer built in the OS. Some years ago I read the results of an AVs test about rootkits, and interestingly enough, the testers had to disable UAC as it was blocking them all (sorry no link). Nowadays I've read that some rootkits manage to bypass UAC, quite possible, but running as Admin with UAC on I think it's a nice compromise.
     
  21. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    Even though it's not your own, for example a friend's or a client's? You should definitely stop doing that. LOL.
     
  22. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,515
    Location:
    USA - Back in a real State in time for a real Pres
    I can't stand double clicking. LOL
     
  23. guest

    guest Guest

    I don't need it, one reason I will not install Win 7
    that is what imaging your drive is for
    best anti-mareware there is, if you get infected
    just turn on your image drive and a few clicks
    go drink a cup of coffee come back to a mareware
    free computer:thumb: :thumb: :thumb:
     
  24. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    problem is that there is no 100% sure way to know if you are infected.
    some virus are made to operate invisibly.
     
  25. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Default UAC settings in Win7 can be 'bypassed' due to it's design:
    http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

    I'm not saying it is a must but I'd recommend those users who wish to keep UAC on to set it to "Always Notify". While UAC is no security boundary when compared to LUA, it helps those who wish to run as admin run more 'safely' as the admin now runs in Admin-Approval Mode with a standard user access token by default.

    All of these have been explained on these threads (take note of posts by Winchild and MrBrian especially):

    Is it necessary to run as Standard User on Win7 when UAC is enabled?
    Standard Account vs Admin Account

    I've been running with UAC on at max, and from my own observations, I have mostly been clicking Yes to UAC prompts too. However, that is because I'm purposely elevating to admin rights for trusted programs and when doing trusted changes to the system. If I'm always clicking No, it means there may be something wrong with my computing habits.

    Antivirus and UAC are not interchangeable...you don't replace one for the other as they're 2 different security technologies/ideologies. A person can run without UAC and without AV and still have a reasonably good security setup.

    You can remove "UAC" as a reason for not installing Win7 from your lists lol. You can always disable UAC on Win7 and revert things back to how admins work in XP. Btw, UAC isn't an antimalware.
     
Loading...
Thread Status:
Not open for further replies.