Windows UAC - A Bit More Detail

Discussion in 'other software & services' started by itman, Feb 21, 2019.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    No. I believe you fully understand UAC operation. You believe it's of no benefit to you. That is perfectly fine. However, one should not state that it overall is of no benefit; especially to someone else.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK, got it. But I never stated that. People should decide for themselves if UAC is worth it or not. To me it's not a crucial anti-malware layer. BTW, instead of Win Task Manager, I should have written Process Explorer. Because I just saw that if you lower UAC security settings, UAC won't pop up. :p
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    This has nothing to do with it. Process Explorer runs just fine w/o admin privileges. However, many of its functions and features are not available in standard user mode.
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Fine, but you seem to be overlooking the entire scope of functions and what the true intended purpose of UAC is all about. If, for example, you are logged into your administrative account and you need to open your web browser to check something on the web, wouldn't it be nice to know it's been assigned a user access token via explorer.exe? If you haven't already, I would recommend you read through one or more of the links provided in this thread that explain UAC in greater detail.

    I'm afraid your view on UAC as being a nagging nanny is overly simplistic.
     
    Last edited: Mar 27, 2019
  5. guest

    guest Guest

    @Rasheed187 we all know you understand UAC's purpose but you are basing its efficiency/usefulness on your own scope only, while it's wider than that.

    You said
    Of course, it is not and was never designed as such, if it was you won't have WD or Smartscreen.

    Because I don't want stuff that may modify my system, even legit 3rd party apps or Windows internal tools, to run without my consent. It is all what UAC is about. UAC is about Consent.
    Sure it is not perfect, it is not bulletproof, some tools can bypass it but they need to be run locally.
    UAC is doing what I expect it to do, no more no less, I know from the start, it is not a full security feature, reason I use other apps for that.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Seriously, it's like running around in circles with you. Can you explain the "wider" part to me?

    I'm sorry, but you're not making any sense. It's goodware, so they won't modify anything without your permission. What I'm trying to say is that in a world where malware didn't exist, we wouldn't need UAC. This automatically means that the reason why UAC is invented is to mitigate malware attacks. This is not an opinion, this is a fact.

    You misunderstood. I noticed that when UAC is not running at maximum level, you won't be alerted about Win Task Manager. But you will always be alerted about Process Explorer, if you run it with admin rights. And yes, it needs admin rights to fully function.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I'm not following. Nowadays, just about all browsers automatically run with lower rights (sandboxing), no matter if you run as admin or not. So in order to elevate rights, hackers need to find a second weakness in the browser, to escape the sandbox. Regardless if UAC is enabled or not.

    I'm afraid that you guys are overthinking stuff. It's a very simple discussion. The question is: If you're running as protected admin, is it worth it to enable UAC? So no need to read about inner workings of UAC.

    A normal reply would be:

    1 Yes it's worth it, because you never know if some super exploit will bypass all security tools, and then hopefully UAC will block malware.
    2 No it's not, the chances that all security tools will be bypassed by some super exploit is quite small, so no need for nagging UAC alerts.

    So I haven't got a clue why you guys seem to think that my view of UAC is simplistic. The funny thing is that even Wikipedia writes that it's "meant to improve the security of Microsoft Windows." Nothing more and nothing less. The way how it tries to improve security is by blocking automatic privilege elevation from malware. Remember, if malware didn't exist, nobody would care about process privilege. So its main goal is to tackle malware.
     
  8. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    If you don't enable UAC, you are not running as a protected admin. You are just an admin. Everything runs at full privilege UAC mostly exists to make standard user accounts. usable. In the days of XP, you would have to assign permission at the file and registry level to be able to write to Program Files, Windows, and HKLM in the registry. This was too hard for most folks, so everyone ran as admin. I absolutely run UAC. Just a simple script could trash your PC at the system level if you leave UAC off. I wouldn't trust most security software would catch that and stop it. There are obviously points of discussion that could go on for days, but that is my 10 foot overview.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes correct, but I still call it "protected admin", because I noticed that certain things, like copying files to certain folders will still be blocked even if you disable UAC. And you're correct about SUA. But that's not relevant in this particular discussion, because it wouldn't make sense to complain about the UAC alert, if you already agreed to run in SUA, know what I mean? If someone says "UAC sucks", I think it's safe to assume that this someone is running as protected admin, but perhaps that's just me. This whole discussion is pretty crazy.
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    I run as protected admin with UAC set to maximum. Sometimes the prompts are annoying, but infrequent. The only way I would run with it off are if I was running fully virtualized with a reset each time, or if I were running regular disk images and willing to restore them on demand if something went wrong.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    No I didn't misunderstand. Lets take Task Manager first. Note its permissions:

    Task_Mgr.png

    Also note there is no limited admin account assigned but standard user privileges are assigned. If you are running under a standard user account, it will open without UAC alert. However if you are running as a limited admin, no privileges are assigned. Therefore, a UAC alert will be generated to elevate to admin level for which privileges exist.

    Next up is Process Explorer. Note its permissions:

    Proc_Exp.png

    Also note there is a limited admin account assigned. Finally, note the limited admin account has Full control but only in admin mode. Therefore when running Process Explorer under a limited admin account, no UAC alert will be generated but the access privileges will be the same as those assigned a standard user account; i.e. Read & Execute. Again, because limited admins run by default with standard user privileges. The only way to get admin privileges is to manually elevate to admin level at which time a UAC alert will be generated.

    Again, the problem is there are certain system utilities that can silently auto elevate to admin level when running as a limited admin thereby bypassing the UAC alert. The only way execution for these can be detected is by setting UAC to its maximum level. It is these auto elevating utilities that are being abused by malware developers; AKA "Living off the Land" attack methods.
     
  12. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427

    @itman While nothing you said is 'technically' incorrect it seems like you may believe those NTFS Security Permissions are somehow related to the Integrity level or the privileges granted to a program when executed. Beyond deciding if each user is able to do anything in that list as related to each file (on disk) those permissions have nothing to do with a programs access rights when running. You could for instance, remove everything from procexp.exe for the limited admin and Administrators except Read & Execute permissions and still run the file "As Administrator" followed with it running as a High Integrity process and still having "Full control" as you put it like it normally would.
     
    Last edited: Mar 28, 2019
  13. guest

    guest Guest

    @Rasheed187
    The wider part is that blocking malware is not the only thing UAC was made for.

    -I don't want any apps/processes, legit or not, having the possibility to auto-elevate, does it make sense to you?

    Also, it seems you overlooked that UAC allow file and registry virtualization
    https://www.google.com.vn/amp/s/www.thewindowsclub.com/file-registry-virtualization-in-windows-7/amp


    You maybe, not me.
    CCleaner like many others are goodware but it can be compromised, do I want them to auto-elevate and do things, even legit, in the background without my consent? No way.
    I want full control of my system, no scheduled admin tasks or whatever, running silently on my system.
     
  14. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    +1
     
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I am under no such allusions. As you stated if an object doesn't have execute privileges, it won't run regardless of what execution privileges are assigned via your logged on account status.
     
  16. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    427
    That's only because if the "Read and Execute" rights were removed the exe cannot normally even be 'read' or 'run'. However it ~seemed~ to me when you said this stuff in the following quote that you were in fact linking the files (taskmgr.exe) NTFS (FILE) Security permissions differences to *if* windows would ask for Admin creds (eg high integrity) or even cause a UAC prompt at all then comparing it to a file created -without- the same NTFS (FILE) Security Permissions and expecting a different result due to differences in those permissions.

    The real reason for this is one entry in the file manifest (a resource sometimes contained [but not required] within an exe), yet it is NOT something related to the NTFS Security (FILE) Permissions of said exe (FILE) on the system or what they are set as.


    Taskmgr.exe has requestedExecutionLevel level="highestAvailable"
    Procexp.exe has requestedExecutionLevel level="asInvoker"


    BEYOND changing those NTFS Security (FILE) Permissions to remove 'Read & Execute' rights for a specific limited Admin, or Admins in general, on the file itself they have nothing to do with if that file is run and absolutely nothing to do with it in regards to which integrity level the file is executed as or if Windows ends up creating a UAC prompt for it (unless a user without modify rights tries to edit those permissions without pre-existing rights to modify, then it will of course ask for Admin credentials to apply those changes to said FILE) and so I don't want others to be following an incorrect train of thought while trying to parse your 'NTFS Security Permissions' example when it can so easily be taken the wrong way (as written) in regards to why one exe creates a UAC prompt and the other didn't when none of of the NTFS Security Permissions are involved in the creation of a UAC prompt to start with...
     
    Last edited: Mar 30, 2019
  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,795
    Location:
    .
    @syrinx

    Thanks for such a great explanation.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes exactly, we all make our own risk assessment. According to you it's sometimes annoying, but still worth it. But to me there are way better ways to secure the system. I already run 5 real-time security tools, I don't see the need to use UAC as an extra protection layer.

    But anyway, it's probably more productive to think about ways to make UAC less annoying. You should be able to make a white-list of tools that can auto-elevate, like Process Explorer. Also, installing apps shouldn't require admin rights. This would significantly reduce alerts. And yes I know, people on SUA shouldn't be able to install apps. But this can be prevented with white-listing.

    Didn't understand everything, but I believe the reason that UAC doesn't pop up, is because Win Task Manager is located in C:\Windows\System32 and digitally signed by Microsoft. So when UAC settings are lowered, you won't get any alerts about system tools, including Win Task Manager. Process Explorer is not considered to be a system tool.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK, I see. You just don't like the idea that apps can auto-elevate. I see it as an anti-malware protection layer, you see it in a more "widely" view. But who cares about this, because it's not relevant in this particular discussion, know what I mean?

    BTW, I also have full control of my system, because of the security tools that I'm using. So no UAC needed. Let me explain:

    • I control which applications are allowed to run, including system tools that are often abused by malware.
    • I control which applications are allowed to make incoming and outgoing connections.
    • Applications that are vulnerable to exploit attacks all run sandboxed, with virtualization layer on top.
    • Application behavior is controlled by HIPS, this should block malware from keylogging and modifying process memory, for example.

    Of course, when all these layers are bypassed, my system is toast, but I really doubt that UAC would help. And even if it did, the nagging UAC alerts that are all triggered by myself, really ain't worth it. I can always reinstall my system.
     
  20. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    I think it's actually because with UAC lowered, CreateProcess doesn't generate a ERROR_ELEVATION_REQUIRED error when it's called by ShellExecute, because Task Manager doesn't require to be elevated.

    The link I included in post #42 explains things nicely.
     
  21. guest

    guest Guest

    The discussion is about UAC in general not just the anti-malware part.

    No need to explain, I do the same using very advanced/efficient tools; but most people don't, some even without any.
    On an out of the box win10, UAC is a solid value.

    That was always my point. The rest, is circumstantial and doesn't void UAC usefulness/efficiency.
     
  22. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    I guess I'd like to know what you mean by "installing apps". If you are talking apps from the Windows Store for example, you do not have to be an admin. If you are talking 3rd party apps that have access to write to Program Files, Windows, and HKLM in the registry, you absolutely should have to be an admin. If you want to run as full admin on your own personal machine, by all means, go ahead and do so. At work, at least any place I have to work, no way.
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    UAC bypassing is only one of a number of malicious ways to escalate privileges: https://attack.mitre.org/tactics/TA0004/ . As far as UAC bypassing goes, MITRE still recommends UAC be set to its highest level:
    https://attack.mitre.org/techniques/T1088/
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No it's not. The topic is about UAC, but this side discussion is about why I think that UAC sucks. I have never said that people should agree with me. If people think UAC is important, they should use it. But according to you guys, I see UAC in an overly simplistic way, I'm missing the bigger picture. But to me this is complete BS. I also explained why.

    And even on a machine with no extra protection at all, I would still disable it. Those nagging alerts ain't worth it. Browsers and Win 10 are quite hard to exploit nowadays, and Win Def + SmartScreen should take care of malware anyway.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No, I'm not talking about the Windows Store. But perhaps I should put it differently: If Windows detects an app installer and AV says file is clean, it should auto elevate. So it shouldn't ask for admin rights. Because you already know that you (the admin) are going to allow the installation, know what I mean? But on SUA, it should still ask for elevation.

    OK, so apparently it's a bit more complex. I figured that Windows simply checks if a process is a so called "system file" or not. BTW, for the people that are interested, here are some articles about UAC protection levels on admin and SUA accounts. I believe it applies to Win 10.

    https://www.tenforums.com/tutorials/112634-change-uac-prompt-behavior-standard-users-windows.html
    https://www.tenforums.com/tutorials/112621-change-uac-prompt-behavior-administrators-windows.html
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.