Flight said:
You know, many users would not even think of disabling UAC if it had one
extra option: to remember what was accepted. Just like the way good
firewalls do. But now, if you have to use an application that has to be
checked by the UAC, and you have to use it many times a day, then you
have to tell the UAC every time again that it is OK. That's the ONLY
reason that users wish to disable the UAC.
I can't go with that:
1)Aa personal FW/personal packet filter is not a firewall.
2) The Application Control in personal FW(s)/packet filters has no business
trying to control applications running on the machine, because that can
easily be defeated, nothing but snake-oil in the solution.
3) If UAC accepted a remembered prompt for approval for an actual malware
solution ok-ing it, then it's always going to be run with no challenge, just
like Application Control in PFW(s) -- snake-oil.
You can state that this would be less secure but then I ask: what's worse,
using UAC with such a function, of not using UAC at all? Here I see a
tendency that I found in other cases too: Microsoft seems to think that
all users are stupid idiots. The simplest things are "secured" with
questions like: are you sure you want that? I always think then: yeah, I
am not an idiot, stupid! Now you get the situation that users click Yes
without even reading it, because it is overused. That's why I started to
use Buzoff (basta computing) to have it automatically done in cases where
this question is simply too stupid to think about.
No, you miss a key point of UAC. Since Admin is locked down to Standard user
with two secuirty tokens representing Full Admin Rights and Standard Admin
rights (discussed in the link below), when a situation arises that promps
for Full Admin rtghts such as malware about to be installed, then the user
as a signal that something may be wrong.
http://technet.microsoft.com/en-us/library/cc709691.aspx
Now, take the examples in the link below of a user clicking on something as
Full Admin rights running on Win NT, Win 2k, or Win XP. What's going going
to happen? I'll tell you. The machine is going to be compromised, with a
user sitting there clicking with Full Admin rights. As opposed to Vista with
UAC enabled, Admin is locked down to Standard user, and Admin user is
prompted/challenged for Full Admin rights to do it, which they can see
something is about to happen.
http://www.eweek.com/c/a/Security/Hundreds-Click-on-Click-Here-to-Get-Infected-Ad/
You can apply the same principles above when an Admin user is clicking on an
unknown email attachment with malware in it that wants to install itself on
the machine.
If Microsoft would start to look at users as normal behaving people, the
real security issues would be much more accepted.
They are treating users like normal people that will not practice safehex
computing, and they will click on everything under the Sun not knowing that
malware is about to install itself. With UAC enabled and they click, they
got a chance of seeing that something may be wrong when prompted to allow or
disallow or give that Admin User-id and PSW if the user is a Standard user
with only a Standard user security token.
I don't see this is really being any different than when a user has to give
that Root Full Admin rights user-id and psw on Linux when root full admin
rights are required.
One doesn't have a ton of applications that require full admin rights to
run. I think I have maybe 4 applications I use that use full admin rights in
order to run. And I am not running those applications all the time, so I get
very little prompts from UAC. The rest can run with Standard user rights.
One doesn't get prompted when the application only needs Standard rights to
run, unless you have Run As Administrator enabled on every
application/program, *you* did it, and you are being prompted all over the
place when you shouldn't be.