User Account Control: Good or bad?

Discussion in 'other security issues & news' started by kurchatovium, Nov 24, 2007.

Thread Status:
Not open for further replies.
  1. kurchatovium

    kurchatovium Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    89
    I am using a new laptop with Vista and have left the User Account Control option on. So far its not so annoying that I want to turn it off. I have heard its a good way to help stop getting hit by any nasty malware. Anyone have any opinions on this?
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Keep it enabled :)
     
  3. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    If it does not interfere, keep it. FWIW, I disabled it.
     
  4. attila4000

    attila4000 Registered Member

    Joined:
    Feb 7, 2005
    Posts:
    51
    Location:
    Rahway, NJ, USA
  5. kurchatovium

    kurchatovium Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    89
    Yea I intend to keep it enabled. Answering the UAC panel now and then seems to be well worth the trouble of potentially avoiding some nasty malware.
     
  6. dalepres

    dalepres Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    3
    Absolutely keep it. It prevents any malware installation from occuring without your express permission.

    Vista is, and largely because of UAC, the first Windows operating system where I have let my kids and my grandkids freely use my home office PCs. I have no worries about them installing something without their knowledge and without my knowledge.
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    If you are confident in your "other" security apps then turn it off.

    It's a pain why it has to keep prompting for the same things to run.If it had a "Remember This Action" then it wouldn't be so bad.
     
  8. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    http://www.tweak-uac.com/
     
  9. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    How do you prevent that they click "YES" on every prompt? Do they know exactly what happens when UAC jumps?
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    In vista 64 it is really good.

    I configured it in this way for my son, see https://www.wilderssecurity.com/showpost.php?p=1075022&postcount=1

    What you won't get is the annoying LUA pop-ups, because an Admin is elevated silently

    What it will give you
    a) running IE in protected mode
    b) file and registry virtualisation of LUA
    c) start ups programs in LUA mode
    d) does not elevate installers automotically
    e) only elevates programs from the safe directories (C:\Windows and Program Files, Program Files X86)

    Keep signed driver requirement on (is not waterproof but at least a integrity check before allowing drivers to load), eneable DEP for all programs and run IE in protected mode. Downloaded programs will have a security restriction (check with properties) when they are downloaded through IE, so they won't install properly. LUA programs are not allowed to install drivers anyway. Also memory access/placings hooks of processes with lower security intergity is not allowed. Try for yourself with some malware test programs.

    Although you run in quiet mode, only when you explicitely start programs from an unsafe directory in admin mode it will install, otherwise it will fail to install.

    So in this way UAC in quiet mode is as strong as the Defense+ of Comodo
    see: https://www.wilderssecurity.com/showpost.php?p=1124892&postcount=165
    and: https://www.wilderssecurity.com/showpost.php?p=1125040&postcount=172

    So I would say yes UAC is usefull (as DEP protection) and can be made silent
     
    Last edited: Nov 28, 2007
  11. kurchatovium

    kurchatovium Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    89
    What is DEP protection? Not sure if I have heard of the term. :D
     
  12. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Data Execution Protection which I also turn off.:D

    MS Article
     
  13. kurchatovium

    kurchatovium Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    89
    Ahhhhh thanks for defining the term and for the link. :D
     
Loading...
Thread Status:
Not open for further replies.