Why UAC Prompts in Vista Can’t Always Be Trusted

Discussion in 'other security issues & news' started by Rasheed187, Feb 27, 2007.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    Btw, I have been reading a bit more about UAC since I´m planning to run Vista soon, but what do you think about this, why did MS leave such holes in Vista? :rolleyes:

    http://theinvisiblethings.blogspot.com/2007/02/running-vista-every-day.html
    http://www.codeproject.com/vista-security/RunNonElevated.asp
     
    Last edited: Aug 27, 2007
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Because Microsoft doesn't care about security.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    Well, I´m not sure if they don´t care about security, because Vista has improved a lot, but it´s kind of strange that they manage to make such dumb mistakes. I mean how can they overlook such things? Don´t they have the smartest people working over there? I´m starting to doubt this.

    And the same thing with IE7, yeah they improved it in certain areas, but they also screwed up quite a lot of other things. I´ve also read that the only way to make the Windows OS truly secure is to rebuild it from scratch, and perhaps that´s why it´s so difficult to get things right. But surely it must be possible to fix the things mentioned in these articles? :rolleyes:
     
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Yes MS is still using the same model, base code and a re-write from scratch is probably how to achieve a secure Windows OS. Before the internet MS didn't need to think much about securing their OS and therefore we have an about face sort of system, that and the fact Microsoft concern themselves mostly with the productive side of things, getting stuff to work and keep working gives us what we have today.

    UAC
    Read these some time ago, you gotta wonder how MS can miss these things.
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You'd be surprised by the amount of "backdoors" that Microsoft has left open in their security measures.
    DEP
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    Btw, does anyone know if you can tell UAC when to prompt you, and how to do this? For example, you might not want to be prompted when changing the system time, or when you run a .exe file, know what I mean?
     
  9. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    Re: Why UAC Prompts in Vista Can’t Always Be Trusted

    AFAIK you can either disable it or use it. There appears to be no way to tell it when to prompt you. :doubt:

    BTW UAC is enabled here, but it doesn't bother me much with those prompts and the longer you work with it, the more you get accustomed to it. :)
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
  11. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    Re: Why UAC Prompts in Vista Can’t Always Be Trusted

    There's no way to control it AFAIK, so it's correct. ;)
     
  12. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Re: Why UAC Prompts in Vista Can’t Always Be Trusted

    Been useing Vista a while now and I don't even notice the UAC as an annoyance. It is just another security app.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    But let´s say you run in "protected admin mode" and you have turned off UAC, will you still be able to install apps? Wait a minute, I think the answer is yes, because I just read that you can also switch UAC into "quite mode", this way you won´t get to see any popups at all, but all (?) processes still run in limited mode. However, this way it´s not really a security tool anymore, this really sucks, MS should have given more control over UAC. :cautious:
     
  14. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Re: Why UAC Prompts in Vista Can’t Always Be Trusted

    Honestly guys, you need to chill out and quit sweating the small stuff like a UAC popup. How long can the popup delay you in a days time? Life is to short for this. If you really want to gripe and complain about something you might consider World hunger, War, Global warming. Now that will give you something to worry about unlike something as inconspicous as a UAC popup.

    bigc
     
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: Why UAC Prompts in Vista Can’t Always Be Trusted

    Rasheed have a look https://www.wilderssecurity.com/showpost.php?p=1072777&postcount=3

    Disable the EnableInstallerDetection and try what the effects are when for instance runing tetris. Vista should apply the normal elevation flow now (I have not tested it).

    Regards Kees
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    @ Kees1958, but will UAC still alert you about everything else? Because I do want to see all the other UAC alerts, otherwise it´s not really a security measure anymore. And I don´t have Vista yet, I will wait a couple of months, but the plan is to run as "protected-admin" with UAC enabled, but I don´t want to be prompted when I´m about install something, my HIPS already takes care of this. ;)
     
  17. tlu

    tlu Guest

    This behaviour of Vista has some logic as all applications are usually installed in c:\Program Files - and you need admin rights for that folder in order to get write access. However, of you install into another folder where you have write access as a limited user, the UAC prompt doesn't make any sense (provided that the installation procees doesn't require write access to other critical areas like HKLM). I'm not sure if you can configure Vista's behavior in such a way with the settings decribed by Kees.
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Thomas,

    There is so little info on what exactly is protected, that I figured out these settings. It seems to work for 32 bits aps, 64 bits applications seem to elevate silently (a pity that you can not set the ValidateAdminCodeSignatures for 64 bits aps only).

    Regards Kees
     
    Last edited: Sep 11, 2007
  19. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Hello Rasheed...I just saw this old post and by now you must know of TweakUAC
    http://www.tweak-uac.com/
     
Loading...
Thread Status:
Not open for further replies.