Do this instead of disabling UAC

  • Thread starter Thread starter Synapse Syndrome
  • Start date Start date
S

Synapse Syndrome

I can't live with the UAC prompts, so I had it turned off. But I just came
across this tweak to keep UAC active while turning the prompts off.
Security Centre still reports that UAC is turned off, but it seems to be
working as you can see that IE7 runs in Protected Mode.

http://www.tweakvista.eu/show_tweak.php?tweak=84

ss.
 
Elevate without prompt? Say welcome to trojans and say welcome to malicious
programs which will be able to modify any system settings and files without
your user consent!
DON'T BE STUPID!
 
BillD said:
Elevate without prompt? Say welcome to trojans and say welcome to
malicious
programs which will be able to modify any system settings and files
without
your user consent!
DON'T BE STUPID!
Click to expand...



Are you one of those people that had lots of malware problems with XP? I
never did, as I know what I am doing.

ss.
 
Why not just turn off the firewall, enable the administrator account, remove
all account passwords and start up as many p2p programs as your memory
allows.

You would be better off security wise to just turn off uac rather than use
this tweak.
 
Since you know what you are doing, why are you encouraging those who don't
to defeat UAC?
 
Colin Barnhorst said:
Since you know what you are doing, why are you encouraging those who don't
to defeat UAC?
Click to expand...


I'm not. If you search this NG you'll find that many people disable UAC,
and this is a way to have UAC enabled but without the prompts.

The title of this converstaion is "Do this instead of disabling UAC"

ss.
 
Synapse Syndrome said:
What?

ss.
Click to expand...

This tweak allows any program to silently gain elevated privileges without
warning the user. If you turn uac off some of these same programs will still
fail. With this tweak they succeed. It is a very big security hole. I
haven't tested it. I'm just going by what I read at the link. Personally I'm
not bothered by uac and would never turn it off or try to bypass it, but
then part of my living comes from repairing the damage done by malware and
anything that helps in this fight is a good thing by me. I would much prefer
to not have this as part of my business and go back to doing things like
helping customers get more out of their computers and networks.
Unfortunately because of user's and programmer's habits XP is not secure and
malware authors have a heyday. With Vista there is a chance to stop this
trend unless of course everyone does like you and bypass' the security.
 
But of course I am saying "defeat" not "disable." As in defeat the
protection as opposed to knowing that you have to take care because it is
disabled.
 
It makes me laugh. People complained that XP wasn't secure enough, so when
Vista came along, people complain that UAC is annoying, so disable it!
 
Hello Kerry :),

This "tweak" only works the way implied in this thread and the referenced
site when logged in with an administrator account.

The benefit in this scenario is that applications that do not request
elevated privileges will not receive them.

In the context of malware, you are absolutely correct - it would be just as
bad to turn UAC completely off, as this setting takes the control out of the
user's hands - applications will get exactly however much privilege they
request, without giving the user a chance to intercede.

However, properly-written applications that correctly request the minimum
privilege they need will still have limited privileges, which provides some
security benefits that would not be available if UAC were completely
disabled (such as IE protected mode).

In either case, this setting does severely weaken UAC, as it takes the C out
of UAC (the "control" part). By changing this setting, one again gives
implicit control of their system back to whatever programs they run. Sure,
some programs may "play nice" by requesting limited privileges... BUT, the
real question here, is do you implicitly trust every program that you run
(or may somehow be ran on your system) to "play nice", knowing that they can
request admin privileges and receive them without you being notified?

It seems some people don't care how much privileges the programs that they
run have over their computer. They must think that if they are running a
program then that signifies their trust in the program and they wouldn't run
it otherwise. Personally, I think that's crazy, especially in today's
interconnected world, but to each their own. I don't want AIM or Notepad to
be able to open up an administrative program that can format my hard drive
without my permission, lol.

Also, the website that contains this tip seems to imply that this same
behavior can be applied to non-administrator accounts. This is false. There
is no mechanism to allow "automatic" elevation in a non-administrator
account, because the credentials of an administrator are required for
elevation to occur. UAC must have the account name and password of an
administrator to elevate an app from inside of a standard user account, and
it must have the user/administrator type this info in.

Accordingly, the only options for the policy "User Account Control: Behavior
of the elevation prompt for standard users" are Prompt for Credentials and
Automatically Deny Elevation Requests.
 
Are you one of those people that had lots of malware problems with XP? I
never did, as I know what I am doing.
Click to expand...

This isn't the issue here. UAC is not about "do you know what you are
doing".

UAC is about do you trust every program that runs on your machine to have as
much privilege as it wants? Do you want to be notified when an app attempts
to run privileged and be able to stop it?

Because changing this settings and/or disabling UAC takes this control out
of your hands and puts it right into the grasp of any application that runs
on your computer.
 
It makes me laugh. People complained that XP wasn't secure enough, so when
Vista came along, people complain that UAC is annoying, so disable it!
Click to expand...

I found it a good idea but poorly implemented, perhaps it will be improved
with SP1?
 
Well, Kerry should be telling people don't use UAC - he'll make a lot more
money that way. :)

Dale
 
I hate removing malware. The only reason I do it is because my customers
request and need it. I would much rather be spending more of my time helping
them get more out of their computers and networks rather than helping them
just to maintain the existing level of productivity. I prefer working in a
positive environment. Malware forces us to work in a negative environment.
 
I think it's obvious to most of us that it's the concensus within MSFT and
on the outside of MSFT. that UAC and security in general is Vista and
Longhorn Server's most compelling selling point or lead selling point. This
applies strongly to business in general, and somewhat to the home user
although many other features will be marketed for the home environment.
Others will be the use of AD/Group Policy for businesses. It's going to
account for a lot of the migration decision I would think though for
mid-level and enterprise businesses who go Vista.

What will be interesting to me is how many users who have the choice will
elect to dilute, modify or turnoff UAC. I'm not sure how you get those
figures. There will be focus groups. Gartner and similar organizations will
of course generate them.

I've been trying for a good while to get accurate figures on how many
machines on the planet are running XP within large and midrange businesses
and for home and small business users. You see figures around the 800
million range, but I'm not sure how that breaks down into categories.

CH
 
What are you, some freakin idiot??? Why are you telling people how to eliminate one of the layers of security in Vista??? Does it really bother you so much to have to acknowledge a few prompts??? Why don't you tell people that what they are doing is leaving a hole in their security big enough to drive a Mac truck through.

People, pay no attention to this moronic advise and do not disable UAC. The little bother it is to acknowledge a UAC prompt is nothing compared to the time it takes to fix a computer infested with malware, spyware, worms, trojans, and viruses.


Synapse Syndrome said:
I can't live with the UAC prompts, so I had it turned off. But I just came
across this tweak to keep UAC active while turning the prompts off.
Security Centre still reports that UAC is turned off, but it seems to be
working as you can see that IE7 runs in Protected Mode.

http://www.tweakvista.eu/show_tweak.php?tweak=84
Click to expand...


If you still want to be annoyed a bit, but not as much you could try this
one:
http://www.tweakvista.eu/show_tweak.php?tweak=107

ss.
 
You're the f'ing idiot.
What are you, some freakin idiot??? Why are you telling people how to eliminate one of the layers of security in Vista??? Does it really bother you so much to have to acknowledge a few prompts??? Why don't you tell people that what they are doing is leaving a hole in their security big enough to drive a Mac truck through.

People, pay no attention to this moronic advise and do not disable UAC. The little bother it is to acknowledge a UAC prompt is nothing compared to the time it takes to fix a computer infested with malware, spyware, worms, trojans, and viruses.


Synapse Syndrome said:
I can't live with the UAC prompts, so I had it turned off. But I just came
across this tweak to keep UAC active while turning the prompts off.
Security Centre still reports that UAC is turned off, but it seems to be
working as you can see that IE7 runs in Protected Mode.

http://www.tweakvista.eu/show_tweak.php?tweak=84
Click to expand...


If you still want to be annoyed a bit, but not as much you could try this
one:
http://www.tweakvista.eu/show_tweak.php?tweak=107

ss.
 
Back
Top