Universal Win7/8/8.1 UAC bypass via Win10 Upgrade app (GWX)

Discussion in 'other security issues & news' started by BoerenkoolMetWorst, Jun 15, 2015.

  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
  2. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,628
    Location:
    Toronto, Canada
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    I am assuming that UAC set to always notify... would at least notify. From there I guess it's on the user.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    That it's easy to bypass UAC is old news.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Much like you can bypass sudo... Which doesn't mean you shouldn't use it.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    I understand it the same way. Those who really want to use UAC should set it on max anyway.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I will never use UAC, because the way it's implemented right now is retarded. On top of that, it's easy to bypass. UAC = fake and dumb security.
     
  8. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,764
    Location:
    Mexico
    Couldn't agree more with you!
     
  9. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    So running as an unrestricted admin is better? Or do you use a limited user account with UAC off? I certainly wouldn't encourage the idea of the unrestricted admin. Convenient but too dangerous for average folks.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    In Win 8, you always run in LUA, but apps can of course auto-elevate when UAC is turned off. Most users will turn off UAC because it's so annoying. In some other thread I already came up with some ideas to make it more logical and less annoying.
     
  11. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    219
    They do ??
    That's odd. I see a lot of PCs, and I have NEVER seen one where a user has turned UAC off.
    We must be in touch with very different user segments.

    There's nothing wrong with UAC.
    Use a standard/limited account and have UAC on max, and it does exactly what it was designed to do.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Well, I haven't done a survey, but I'm sure you know that when UAC was first introduced with Win Vista, it didn't exactly receive a warm welcome. MS tried to fix it in Win 7 and 8, but apparently it's still annoying enough for me to turn it off. What means that I (as admin user) lose some of the UAC benefits that it can provide. Here a couple of articles:

    http://www.maketecheasier.com/4-reasons-why-windows-uac-is-useless/
    http://news.cnet.com/Microsoft-Vist...oy-users/2100-1016_3-6237191.html?tag=cd.lede
    http://www.makeuseof.com/tag/stop-a...ate-a-user-account-control-whitelist-windows/
     
  13. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    It didn't receive a warm welcome because people didn't want to deal with it. Which is the reason they were running as full admin on XP. People want the OS to know what to run and not run without effort or thought on the part of the user. This is not possible.

    As for the article that claims "4 reason why UAC is useless", the first 2 they gave are about the end user, and the second 2 complain that it doesn't stop malware, which is not what it is intended to do.

    When MacOS or Linux prompts for credentials for a process that requires admin privileges everyone compliments them on their security, but Windows does it and they suck. Again, the people complaining about it want an effortless experience and then want to complain the security sucks. I probably encounter a UAC prompt maybe half a dozen time a week with an average of 10 hours a day of time in front of a computer.

    It's not a perfect solution, but the gripe seems to be that "Oh, no! This stupid annoying UAC prompt wants me to verify that I want this process that requires admin to run and I have to click Yes or No" when the same people would jump through many more hoops to upload pics to instagram or upload a youtube video.

    I believe UAC is a major reason why the more common exploits today are for things like Flash and Adobe Reader and Java than for Windows.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Don't get me wrong, if you're a limited user then UAC does exactly what it's designed for, but it was supposed to give you an extra security layer even when running as admin. Because of the way it's implemented I decided to turn it off.

    And besides, if you're already running security tools, you don't really need it. If you're installing some app, you're most likely to give it admin rights, so you will click on "yes". And if you're worried about exploits, you're better of with specialized anti-exploit tools, I wouldn't rely on UAC.
     
  15. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    True, if you do install some app the end result is the same. But if you get hit by a silent malicious installer, UAC will prompt (hopefully) and give you an opportunity to stop it. If your solution works well for you, I have no reason to argue that point. But I can't recommend it to others. When someone is in doubt I recommend using it. If you want it off, your choice and you know what you are getting into.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes correct, I was talking from my own point of view. I wouldn't recommend to disable it to "normal" users. But like I said before, I don't believe it provides any real security. You're better of with security tools.
     
Loading...