Why do idiots disable UAC & claim it's not a security function?

Discussion in 'other anti-malware software' started by STV0726, Feb 5, 2012.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It's not SUA or UAC that are useless; it's everything. Any operating system and their security measures are useless against social engineering, and phishing by the way. :D
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    To an extent. AVs and SmartScreen are good for social engineering because they give definitive results (for the most part.)
     
  3. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    This is why I've said again and again that SUA and UAC are the best first steps in PC security you can take, next to proactive user education. It is not the only step by any means. I am not, nor will I ever argue that a SUA or UAC is all you need. That's certainly not true.

    I have said, however, that failing to take those first steps puts your other security layers at risk, whether they be OS enforced or from 3rd party applications. I stand by that statement. It's been proven.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    UAC also has one additional benefit many neglect, including Microsoft - Virtualization.

    You can virtualize x86 processes, and any changes to important file system and registry areas will be redirected to VirtualStore folder and to a dedicated place in Registry, without affecting the real file system and registry. How beautiful is that?! :D

    UAC virtualization is meant as compatibility mechanism for x86 applications that weren't developed complying with how Vista/7 etc works. Microsoft demands x64 applications to work properly, and therefore no virtualization for such processes.

    Tough luck! :D
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I thought it was just registry virtualization. There's file system as well?
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Of course, sir. Search for UAC virtualization and you'll find info about it.
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,735
    What UAC needs is definitely a user-defined whitelist, and maybe blacklist. Without that, many people will get annoyed by it and disable this function, therefore making their Windows systems less secure. That leads to a world with more malware. A better configuration without needing to resort to gpedit.msc would be nice as well.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    J_L that's the idea behind Windows 7's default setting. All signed applications elevate automatically. This allows developers to make use of protected mode and users to answer some prompts without being so annoyed that they turn it off.
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,735
    Signed applications, but nothing else a user can choose. The process of whitelisting an application is way too cumbersome.
     
  10. guest

    guest Guest

    Who are you calling a idiot?
    Maybe some people do not want the blout
    and perfer to install their own security measures
    who are you to say who is right or who is wrong
     
  11. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,294
    x1

    Agree
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I think the raised concern was that, some bloggers who consider themselves knowledgeable, are advising people to disable UAC.

    Now, if you are knowledge and advise to disable, BUT are aware and know how other solutions work and can educate others on how to use them, then by all means do it, for the end goal is the same - to help as many people as possible.

    However, if you advise others to DISABLE something you got no idea how it works, then for sure "you"'re an idiot.

    For instance, if I install some HIPS application and I don't know how it works, and I advise others not to use it, simply because I don't know how it works, then what does that make of me? An idiot.

    I only advise about what I'm familiar with; anything else, I'll shut my trap. This is an advise many bloggers out there should follow.

    I've seen some bloggers even suggesting to disable Windows Vista/7 Secure Desktop!!!
     
  13. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    What is blout? Assuming you mean "bloat", turning UAC off is not likely going to make ANY noticeable difference in resource usage on your computer, especially for modern hardware let alone 64 bit systems. If that's your reason for turning it off, turning off visual effects would be better and even that makes less of a difference nowadays. You are much more likely going to get MORE "bloat" from any 3rd party UAC-imitators, than you would by using the native Windows elevation system.

    As I have said multiple times now, I am NOT calling anyone here at Wilders an "idiot". The title was misleading and for that I sincerely apologize again. As m00nbl00d has stated in the post above this one (thanks, by the way!), my title was directed directly at people proclaiming they are "experts" or "knowledgeable" and writing tweak guides that give UAC a bad name, define it incorrectly, or place emphasis on advantages to disabling it without clearly, and fully explaining why it is much more beneficial to leave on. (And for the record, the tweak guides I read did not advise installing anything else instead of it; they simply advised running as an administrator full time for convenience, which is what made me mad!)

    So again, please don't "x1" his post because I was NOT calling anyone on here an idiot.

    Thank you for your understanding. :thumb:

    THREAD UPDATE: I apologize again for the silly, angry title, that was also misleading. I had forgotten that Wilders allows you to change your titles; so, I went back and changed the title to make it clear I am calling the tweak guide authors "idiots". Thanks and sorry again!
     
    Last edited: Feb 8, 2012
  14. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    ^On 'Thread update'; Tough luck.
    Sure, you can change the title but that will only be the first post title, not the thread title or any of the replies titles.

    Just curious, why are you calling all of us 'idiots'? (j/k!)
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    The people who make those articles really are dumb - they have no idea what they're talking about. I don't love UAC but I'm not going to write an article sayin g"Oh man it's so annoying get rid of it!"
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    99,798
    Location:
    Texas
    Let's leave it at that. "Users" would probably be a better term to use.
     
  17. Seven64

    Seven64 Guest

    UAC is a pain in the rear when installing trusted software. Don't need extra clicks.:)
    Why would you install ?? software? o_O
     
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    First thing first. When you install something, and if that something requires administrator privileges (for instance, Google Chrome standard installer doesn't), then it only takes one prompt to install. What's the big deal?

    If some installer is made of more than one installer, and if the UAC prompts more than once, then it only means poor developing on who ever created the main installer, which should be the one calling all other installers. The main installer would already be running with full permissions, and it wouldn't be required no additional prompts.
    That said, I've never faced any such problematic installer. They all only required one UAC prompt - the initial prompt. Simple. ;)

    What do you mean by this?
     
  19. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    I am not sure what you mean.

    I am calling tweak guide writers who write ignorant stuff and claim they are knowledgeable (which is sort of implied by writing a tweak guide in the first place) "idiots."

    If it takes one more time for me to say it, will: I am NOT calling Wilders users "idiots."

    Thank you. :thumb:

    EDIT: Oh...I see what you mean now. You meant refrain from using the term "idiots" in the future. Got it. I will honor that request and I apologize again. Probably was a bad move on my part.
     
  20. guest

    guest Guest

    I apologize too, I should had read the thread a little better and realize
    what you were trying to say

    and I do have to agree with you
     
  21. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    Thank you, but it was my fault for using the word "idiot." I should know better; I took a course on Peace Studies and Conflict Resolution just last semester. If I wanted positive reactions I should have used positive language. :)

    I am generally in agreement with the idea that Windows 7 UAC "slider" is implemented in a manner that could definitely be better. I do like the idea of a slider that which offers some "presets" of configurations Microsoft deems useful for home users that don't have access to every single tweak offered in gpedit.msc. However, in my opinion the way it is currently implemented, specifically the fact that the in between options only whitelist Windows stuff, needs to be improved.

    If I was Microsoft, I would change it to something more intuitive like this:

    Windows allows you to customize your level of security by changing the way you are notified about changes to your computer while running as an administrator.

    * Maximum - UAC will notify you whenever you, or a signed or unsigned 3rd party program tries to make changes to Windows settings and requires administrator privileges. (This should be the default in case of exploits upon release, but Getting Started screen should offer intuitive configuration options w/ explanation. Lesson learned from Windows 7 Release)

    * Medium - UAC will notify you whenever an unsigned 3rd party program tries to make changes to Windows settings and requires administrator privileges. You should only allow it if you trust the source from which you obtained the program.

    * Minimum - UAC will notify you whenever an unsigned 3rd party program tries to make changes to Windows settings and requires administrator privileges. It will not utilize the secure desktop (screen will not dim). You should only use this setting if your computer experiences a long delay while dimming the screen.

    * Silent - UAC will not notify you when you or programs try to make changes to Windows settings. Programs will be granted administrative rights as they request them, however, protected mode and other related security features will remain enabled. (Highly recommended as an alternative to setting below.)

    * Off - UAC will be disabled and will not protect your Windows settings from tampering. Protected Mode and other security features will be disabled as they depend upon the UAC system. (Not recommended!)

    There we are. :)
     
  22. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I think most people turn it to silent, not off. No guide tells you to turn it off, just to turn it silent.

    I think Medium is the best setting. I leave mine on Max because I'd like to think that I can make better decisions than the average user. But MS made the right decision having Medium as the default.
     
  23. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    Any tweak guide I have read tells users to disable UAC because "it is annoying" / "draw a line in the sand security". I've already stated my opinion on such advice. I have only seen one YouTube video where a knowledgeable person recommends using gpedit.msc to make UAC silent, but that only works if you have Professional edition of Windows.

    My post above is NOT how UAC currently is, just to be clear; I am recommending how Microsoft SHOULD make it in the future. :)
     
  24. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I've never seen anyone say to disable UAC - only to turn it silent by bringing that "bar" down all the way.
     
  25. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    There is no such thing as "silent" mode, other than what can be achieved by manually tweaking registry/group policy settings...

    "Silent" mode, again, is a non-existant feature! The User Account Control settings page in Control Panel that Windows 7 provides, furthermore, offers only 4 configurations, and the bottom-most one is Never Notify, which shuts off the UAC system entirely, including protected mode and virtualizations.

    I was recommending that Microsoft implement a "silent" mode that is one notch above the full "off" position, so that people could still get the benefits of protected mode/virtualization, but it does not currently exist.

    In a sincere effort to make this more clear, the current Windows 7 User Account Control settings that are available in the Control Panel are:

    * Always Notify
    * Notify me only when programs try to make changes to my computer
    * Notify me only when programs try to make changes (+ no secure desktop)
    * Never Notify (This is the same thing as turning UAC off)

    Hope that helps...and sorry for the confusion! :(
     
    Last edited: Feb 11, 2012
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.