Vista UAC at TI start?

Hi,

every time I start TI, Vista UAC asked me, if I'd like to start the Programm.

Bug or can I deactivate this question?

peterpeter

 

UAC is one of the most annoying features of Vista ... to deactivate it, go into the Control Panel/Users.

 

I've been using TweakUAC since I started using Vista. It's a small exe (no installation required) that let's you easily turn UAC on/off or "silent mode" which leaves the security on but without prompts. This is the setting I use.

 

UAC may be annoying but it is very effective at preventing damage from viruses, worms and rogue programs. You can disable it if you want but then your Vista system may be no more secure than XP. Better have good antivirus software if you do this!

Personally, I'm used to this from running Linux so UAC doesn't bother me on the rare occasions when it pops up. On Linux, you have to type a password to do anything with elevated privileges. On Vista, all you have to do is click a button.

In fact, I find the UAC mechanism to work well enough that I've completely removed antivirus and antispyware software from my Vista machine and enjoy a faster machine without the typical AV drag on performance. So, do what you want but remember the tradeoffs.

Back to the original question, a program like TI has the potential to completely remove the entire Windows partition if you so choose, so you will get a UAC prompt to allow it to run. This is by design.

 

Yes, I do keep my AV up-to-date. And run with a firewall up. All necessary items these days.

 

On the rare occassion when it pops up? If it were rare, it wouldn't be so darned annoying. At the very least, it should be able to recognize instances fo programs that have been granted permission previously so it doesn't have to ask again -- sort of the way Kaspersky keeps track of which files have been scanned or granted permission. After all, sometimes the lock is so inconvenient that everyone just leaves the gate open. I'm afraid that's what's going to happen with what's become known as User Annoyance Control.

There has to be a better way.

 

You can change user permissions as a workaround for things that are personally annoying. For example, I frequently rearrange my Start menu. If you move shortcuts that are in the All Users profile then UAC will prompt you for every change that involves writing to this profile (since it's not your personal profile that's being modified). I solved this by adding my name to the permissions list for this folder, so now I can rearrange the Start menu without triggering a UAC prompt. Do this with care; there isn't much of a security risk to granting yourself write permissions to this particular folder.

However, overriding the permissions for an executable that can wreak havoc on a system may not be a good idea, since if you as a normal user can make the program start without prompting, so can an appropriately-crafted virus.

I know that I won't change your mind and you won't change mine, but honestly, I don't understand why people find UAC to be so annoying. Linux/Unix has used this model for years with good success, and on those systems if you try to do something as a normal user that might affect the system you will be just flat-out denied permission. Then you have to try the command again but this time ask for privilege elevation to root, which requires not only repeating the command but also typing in a password. Vista's compromise to this model was to require the user to only click a button, which is far less annoying than typing a password.

The larger issue is that we're all used to running our XP boxes with a user account that has administrative permissions instead of running as a standard user. Old habits die hard. But look what the old habits have brought to Windows - viruses, worms, trojans, security risks - that can just run wild and have their way with your system if you run as administrator. But I should talk; I do the same on my XP machine

I look at the tradeoff as follows. On a Vista machine, either disable UAC but keep running antivirus and antispyware software, keep all of your definitions up to date, scan regularly, etc. or dispense with all of the AV/AS crap and let UAC do the job that it was intended to do. I've chosen the latter approach.

 

In my opinion, Linux handles permissions/access much better. Vista does not seem to have any kind of default handling of elevated permissions or even what triggers them.

If you do something in Linux that needs permission (no matter what it is) you get the message (at least, that's how it seems to me).

Vista, on the other hand, you can do many things that need to be done at an elevated level, but Vista doesn't say a peep. WinBuilder is a great example of this. You can run the program just fine in "standard user" mode, but it won't work. You get weird errors that make no sense. Manually start the program in Administrator Mode and it works fine. I don't think this kind of thing happens in Linux. It's probably just a "Vista thing", but I really don't understand why some programs can "do things" in Vista without getting permission (and, as a result, can't work properly) without giving any alerts or messages. Shouldn't Vista know that the program is trying to access something that it doesn't have permission to access and tell you? It seems that some of the "Program Access" asking is left up to the programmers and not controlled by Vista.

Programs like TI and DD will trigger a UAC message. Is it "pre-programmed" into them (or a setting put into the Registry) to force Vista to ask?

 

Hi, Paul.

I think the answer to the TI and DD issue is that the first thing that either program will do when started is to scan the drives at a low level to determine the partition structure on the disk. To do this they need to call a low-level routine, and this is probably what triggers the request for privilege elevation.

I agree that Linux handles permissions issues better in general. One of the reasons is that most programmers who code for Linux are well aware of the permissions issue whereas a lot of Windows programmers have ignored it in the past. In our student labs we are constantly being driven crazy by commercial Windows applications (some very expensive ones too) that are not coded to work properly from non-administrator accounts, and when the offending companies are contacted the response is often "Oh, yeah. We didn't take that into consideration". In a student lab we cannot allow software that writes to non-user branches of the registry or fiddles with system settings, and some poorly-written software will do just that. Vista is going to force programmers to face this issue wheras XP allowed them to ignore it.

Linux isn't immune to poorly programmed apps either. I've seen analogous situtations to your WinBuilder example crop up in Linux, although rarely. I've tried to compile and install software before that specifically says to run "make" as user and found it to fail without telling me what the problem was. When compiled as root it would work fine, even though the instructions said differently.

I think the overall experience with these kinds of issues is more application programmer dependent than OS dependent. In the WinBuilder case, there aren't enough checks built into the application that look out for these issues, so the poor user is left to find out later that the final build won't compile or run. WinBuilder doesn't need admin privileges to run because it isn't modifying system files while running, but it does need admin privileges while running in order to properly set permissions and registry entries on its final output files. I don't think the OS could ever tell you that in advance, but the application should know and should check for it.

Interesting thread. I'm going to sound like a Vista fanboy here if I'm not careful. I do find myself liking Vista more as I become more familiar with its inner workings.