UAC (User Account Control) discussion thread

Discussion in 'other security issues & news' started by MrBrian, Jan 3, 2015.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From https://www.wilderssecurity.com/thr...er-account-control.371439/page-3#post-2443592:
    I think a poll would be worthwhile.
     
  2. guest

    guest Guest

    I set it to "Always Notify". But in all honesty, for all of its purposes, UAC's mechanism needs to be evaluated. It is rather pointless to have UAC if all the users are admin by default.
     
  3. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,526
    Location:
    USA - Back in a real State in time for a real Pres
    I set it to "Never Notify". The MS mother may I crud is not for me. I know what I'm doing & know how to recover when I screw up (seldom). Many tasks I perform require rapid selections, trial & error, & UAC gets in my way. My memory for almost all my computer knowledge can at times be up to 90% muscle memory driven.

    When I help somebody fix or solve computer problems in remote locations (not TeamViewer etc). I rapidly take the actions, stop & explain to the person. Whereas others can explain off the top of their heads all the time.
     
  4. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,640
    Location:
    Toronto, Canada
    Thank you all, I appreciate that. And I hope that I didn't create a misunderstanding with my post. But what I meant was that I wanted to see first in this thread whether the users here think a poll will be worthwhile, also of course accepting any input or suggestions for the poll as well so that it can be very meaningful and have data that will last quite some time here. And then with that feedback, if users are mostly for it and not against the idea, then I will go ahead to the proper sub-forum here at Wilders and create the poll where everyone can find it.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    What UAC-related tools and techniques do you folks use?

    My Windows 7 system runs RunasRob free version at login to start a program launcher (Folder Menu) without a UAC prompt in my standard account. I then use the elevated program launcher to launch other programs without a UAC prompt. The technique is described at Avoid UAC prompts by using an elevated program launcher; I have since replaced RunasSpc with RunasRob.

    I have UAC set to max. level, and I use a standard account as my everyday account.
     
  6. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,640
    Location:
    Toronto, Canada
    MrBrian,

    Do you use the paid version of RunasRob? Current version or older? I remember reading a lot of your older posts here regarding these types of tools as well. And it seems there used to be many of them. But I guess a lot of them started out being free and then went to a paid version once they realized there was a lot of users wanting to skip UAC with trusted software.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I use the free version of RunasRob v1.0.0.7; that was the latest version at the time that I installed it. Once in awhile, the free version displays a nag upon startup.
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    @WildByDesign: For the poll, maybe a single-choice poll with the 4 UAC slider values. There could be another yes/no poll asking whether user did any UAC customizations; users can describe any customizations via comments.
     
  9. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,640
    Location:
    Toronto, Canada
    Excellent idea with the discussion thread MrBrian, that way the other thread stays clean and to it's own point. Great ideas as well for keeping the poll simple. Do you know if one thread in the poll sub-forum can hold two polls? Or would each thread be it's own poll?

    Also, what are your thoughts on adding Standard User or Admin account into the poll? It would obviously add double the options. Or that could always be it's own separate poll as well. I don't want to create too much clutter either. Whatever will present itself in the most clean and professional way in which any of the Wilders users view the poll(s) data for the long-term.
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I just tried to add another poll question onto an existing thread but I didn't see a way to do it.

    For standard or admin, I would recommend a separate poll, perhaps a reprise of this one.
     
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Or perhaps instead a new single-choice poll with these choices:
    -I use a standard account, and have UAC slider set to "Never notify me"
    -I use a standard account, and have UAC slider set to something other than "Never notify me"
    -I don't use a standard account, and have UAC slider set to "Never notify me"
    -I don't use a standard account, and have UAC slider set to something other than "Never notify me"

    Edit: I changed the poll choices.
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Mine's set to "Always Notify" and I also have the Group policy setting "Require trusted path for credential entry" enabled as well.
     
  13. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  14. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,089
    I think that poll would be great. I would create one poll with all possible combinations (user account + UAC level).
     
  16. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,640
    Location:
    Toronto, Canada
    Thank you all for your input and suggestions. I've got the UAC poll started in the poll section here at Wilders. I wanted very much to somehow include the Standard User vs. Administrator with UAC options in one single poll. But I tried many which ways to go about that and no matter what it seemed cluttered and messy. I think MrBrian was right initially about doing those polls separately to keep them simple and clean so that there is no confusion and that we get better results in the end.

    EDIT: The Administrator Account vs. Standard User Account poll is up now as well.
     
    Last edited: Jan 4, 2015
  17. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From Windows 7 standard user vs admin:
     
  19. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,640
    Location:
    Toronto, Canada
    My pleasure. And thank you for your help and suggestions as well.

    The polls are playing out nicely already. It will be interesting to check it as more time passes by. It certainly doesn't say much with regards to the everyday casual computer user who doesn't put any thought into security, but it does give us a pretty good idea so far where security conscious user's minds are at such as members here at Wilders. Security conscious users who have the knowledge and the tools to fill in the gaps (if any) when going more toward convenience of use, or those who have the patience to deal with the most stringent of security practices. Whether any method is better or more secure than any other method, of course, is always up for discussion and that is the beauty of Wilders.
     
  20. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Has anyone seen evidence of malware that bypasses UAC when the UAC slider is set to "Always Notify"?
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    Yes of course, as soon as the user clicks on "yes", UAC is bypassed. :D
     
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    A UAC bypass method has been found by Google researchers that immediately bypasses UAC on Windows 8.1 even with the UAC slider set to max, and Microsoft won't fix it! :eek:

    Edit: I've verified that the POC does as claimed with UAC set to max on Windows 8.1 Update.

    Edit: This was publicly made known on January 16, 2015.
     
    Last edited: Jan 16, 2015
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,089
    Just great. So in this case Windows 8.1 is less secure than Windows 7.
    And we should all run as Standard user since UAC is not a security boundary. :rolleyes:
     
  24. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The POC did not elevate privileges when I tested it with a standard account on the same Windows 8.1 computer.
     
  25. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,089
    Yes I know. I just don't like the fact that I should run as Standard user to mitigate from this exploit (that's why roll eyes).
     
Loading...