User Account Control: Good or bad?

I am using a new laptop with Vista and have left the User Account Control option on. So far its not so annoying that I want to turn it off. I have heard its a good way to help stop getting hit by any nasty malware. Anyone have any opinions on this?

 

Keep it enabled

 

If it does not interfere, keep it. FWIW, I disabled it.

 

i agree with lucas1985, keep it enabled.

read here for more info:

http://www.microsoft.com/windows/products/windowsvista/features/details/useraccountcontrol.mspx

 

Yea I intend to keep it enabled. Answering the UAC panel now and then seems to be well worth the trouble of potentially avoiding some nasty malware.

 

Absolutely keep it. It prevents any malware installation from occuring without your express permission.

Vista is, and largely because of UAC, the first Windows operating system where I have let my kids and my grandkids freely use my home office PCs. I have no worries about them installing something without their knowledge and without my knowledge.

 

If you are confident in your "other" security apps then turn it off.

It's a pain why it has to keep prompting for the same things to run.If it had a "Remember This Action" then it wouldn't be so bad.

 

http://www.tweak-uac.com/

 

How do you prevent that they click "YES" on every prompt? Do they know exactly what happens when UAC jumps?

 

In vista 64 it is really good.

I configured it in this way for my son, see https://www.wilderssecurity.com/showpost.php?p=1075022&postcount=1

What you won't get is the annoying LUA pop-ups, because an Admin is elevated silently

What it will give you
a) running IE in protected mode
b) file and registry virtualisation of LUA
c) start ups programs in LUA mode
d) does not elevate installers automotically
e) only elevates programs from the safe directories (C:\Windows and Program Files, Program Files X86)

Keep signed driver requirement on (is not waterproof but at least a integrity check before allowing drivers to load), eneable DEP for all programs and run IE in protected mode. Downloaded programs will have a security restriction (check with properties) when they are downloaded through IE, so they won't install properly. LUA programs are not allowed to install drivers anyway. Also memory access/placings hooks of processes with lower security intergity is not allowed. Try for yourself with some malware test programs.

Although you run in quiet mode, only when you explicitely start programs from an unsafe directory in admin mode it will install, otherwise it will fail to install.

So in this way UAC in quiet mode is as strong as the Defense+ of Comodo
see: https://www.wilderssecurity.com/showpost.php?p=1124892&postcount=165
and: https://www.wilderssecurity.com/showpost.php?p=1125040&postcount=172

So I would say yes UAC is usefull (as DEP protection) and can be made silent

 

What is DEP protection? Not sure if I have heard of the term.

 

Data Execution Protection which I also turn off.

MS Article

 

Ahhhhh thanks for defining the term and for the link.