Seeking Pointers on UAC

  • Thread starter Thread starter Neil Kiser
  • Start date Start date
N

Neil Kiser

Hello, I'll try to keep this as brief as possible. I am a new Vista Ultimate
user. I acquired a laptop with it installed lastweek, and have been
installing sotware and configuring ever since.

I started out with a user count that had Administrator privileges, but
encountered problems and switched to the Administrator account to install
software. Hoever, then I noticed that when I reverted back to my user
account (still with Administrator privileges) that I was encoutering
problems. As a result I have completely turned off UAC. It is my desire to
be as secure as possible, and I am even willing to be somewhat incovenienced
to do so (such as the prompts asking me if it is ok to run). But I was
running into problems even getting things to run properly, or *at all* until
I turned off UAC.

I would like to turn UAC back on, which is why I am here. However, I can
not do so unless the problems I have witnessed are resolved. Rather than
list all of my woes, I thought I would start with just one problem and
perhaps I can extrapolate solutions to other problems from what I learn.

I attempted to install Zone Alarm Security Suite (the latest version that
supports Windows Vista). I could not get the installation program to run *at
all* under my user account with Administrator privileges. When I switched to
the Administrator account it insalled perfectly. Then I switched back to my
user account (still with Admin privilges) and I found that Zone Alarm was not
running correctly. I can't remembr if the True Vector service was running or
not, but the UI was definitely not - I could not interact with Zne Alarm at
all. The solution, in the end, was to turn off UAC. Then, it all worked
perfectly.

Being that Zone Alarm is well know, I am hoping that someone might explain
how I should go about running it, while keeping UAC enabled.

Aso, I am willing to help myself, so if anyone can point me at white papers
or other articles on UAC and how to work with it, I am all ears.

Thanks,
-Neil Kisr
 
Even though ZA claims to be Vista compatible it is not. Uninstall it and see
if that solves your problem. Use the Windows firewall.
 
Neil Kiser said:
Hello, I'll try to keep this as brief as possible. I am a new Vista
Ultimate
user. I acquired a laptop with it installed lastweek, and have been
installing sotware and configuring ever since.

I started out with a user count that had Administrator privileges, but
encountered problems and switched to the Administrator account to install
software. Hoever, then I noticed that when I reverted back to my user
account (still with Administrator privileges) that I was encoutering
problems. As a result I have completely turned off UAC. It is my desire
to
be as secure as possible, and I am even willing to be somewhat
incovenienced
to do so (such as the prompts asking me if it is ok to run). But I was
running into problems even getting things to run properly, or *at all*
until
I turned off UAC.

I would like to turn UAC back on, which is why I am here. However, I can
not do so unless the problems I have witnessed are resolved. Rather than
list all of my woes, I thought I would start with just one problem and
perhaps I can extrapolate solutions to other problems from what I learn.

I attempted to install Zone Alarm Security Suite (the latest version that
supports Windows Vista). I could not get the installation program to run
*at
all* under my user account with Administrator privileges. When I switched
to
the Administrator account it insalled perfectly. Then I switched back to
my
user account (still with Admin privilges) and I found that Zone Alarm was
not
running correctly. I can't remembr if the True Vector service was running
or
not, but the UI was definitely not - I could not interact with Zne Alarm
at
all. The solution, in the end, was to turn off UAC. Then, it all worked
perfectly.

Being that Zone Alarm is well know, I am hoping that someone might explain
how I should go about running it, while keeping UAC enabled.

Aso, I am willing to help myself, so if anyone can point me at white
papers
or other articles on UAC and how to work with it, I am all ears.

Thanks,
-Neil Kisr

Mr. Kisr,

Based upon personal experience I can tell you that ZoneAlarm products
are not compatible with Vista, regardless of what ZoneAlarm tells you.
Of course, this is only my personal opinion.

C.B.
 
Neil,
I can't comment on the compatibility of Zone Alarm with Vista, but I
understand that you were just citing your problems with ZA as an example.

What caught my attention was your statement "I could not get the
installation program to run *at all* " about when you tried to install ZA.
I've encountered the same problem occasionally with both install EXEs and
program EXEs, even with at least one SysInternal program. I tracked the
source to Vista's Data Execution Prevention (DEP) feature.

DEP is intended to prevent damage by programs that run from memory (usually
some type of malware) by monitoring how that program attempts to use RAM.
Vista is supposed to provide a pop-up when it prevents a program run due to
DEP violation (and I've seen that), but there are times when it just prevents
the EXE from executing without notification.

There is a way to exclude an EXE from DEP monitoring (which I'll detail
below), but first the obvious caveat: DEP seems to be a valuable security
feature, so if you circumvent it with the steps below, be sure that you can
trust the EXE before 'allowing it in the backdoor'.

In (My) Computer, click System Protection
click Advanced tab
click Performance Settings button
click Data Execution Prevention (DEP) tab
be sure the 2nd radio button is selected (".... except those I select")
click Add button
navigate to the EXE that is not running in order to add it DEP's exclusion
list.

I expect that if you were to add ZA's install EXE to the DEP exclusion list,
that it would now run. Of course, that's moot if ZA truelly is not
Vista-compatible. If other problems you've encountered sound like EXEs not
running, consider adding them to the DEP exclusion list. This may resolve
what seemed like UAC problem.

Hope this is helpful; at the very least it's additional information.
JohnDavid
 
Hello, I'll try to keep this as brief as possible. I am a new Vista Ultimate
user. I acquired a laptop with it installed lastweek, and have been
installing sotware and configuring ever since.

I started out with a user count that had Administrator privileges, but
encountered problems and switched to the Administrator account to install
software. Hoever, then I noticed that when I reverted back to my user
account (still with Administrator privileges) that I was encoutering
problems. As a result I have completely turned off UAC. It is my desire to
be as secure as possible, and I am even willing to be somewhat incovenienced
to do so (such as the prompts asking me if it is ok to run). But I was
running into problems even getting things to run properly, or *at all* until
I turned off UAC.
I would like to turn UAC back on, which is why I am here. However, I can
not do so unless the problems I have witnessed are resolved. Rather than
list all of my woes, I thought I would start with just one problem and
perhaps I can extrapolate solutions to other problems from what I learn.

Do not work in elevated level; Day-to-day work should be performed while
the User Account Control (UAC) is enabled. Turning off UAC reduces the
security of your computer and may expose you to increased risk from
malicious software.
I attempted to install Zone Alarm Security Suite (the latest version that
supports Windows Vista). I could not get the installation program to run *at
all* under my user account with Administrator privileges. When I switched to
the Administrator account it insalled perfectly. Then I switched back to my
user account (still with Admin privilges) and I found that Zone Alarm was not
running correctly. I can't remembr if the True Vector service was running or
not, but the UI was definitely not - I could not interact with Zne Alarm at
all. The solution, in the end, was to turn off UAC. Then, it all worked
perfectly.

You are not going to find anything better than the Vista FW and Vista in
itself due to the advanced features the FW and Vista are using.

"Personal Firewalls" are mostly snake-oil.
http://www.samspade.org/d/firewalls.html

Jesper's Blogs-
At Least This Snake Oil Is Free.
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx
Windows Firewall: the best new security feature in Vista?
http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx

Exploring The Windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"If you try to block outbound connections from a computer that’s already
compromised, how can you be sure that the computer is really doing what you
ask? The answer: you can’t. Outbound protection is security theater—it’s a
gimmick that only gives the impression of improving your security without
doing anything that actually does improve your security. This is why
outbound protection didn’t exist in the Windows XP firewall and why it
doesn’t exist in the Windows Vista™ firewall."

Tap into the Vista firewall's advanced configuration features
http://articles.techrepublic.com.com/5100-10877-6098592.html
"...once you discover the secret of accessing its advanced configuration
settings via the MMC snap-in, you'll find it to be far more configurable
and functional. At last, Windows comes with a sophisticated personal
firewall that can be used to set up outbound rules as well as inbound, with
the ability to customize rules to fit your precise needs."
Or
Configure Vista Firewall to support outbound packet filtering
http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1247138,00.html
Or
Vista Firewall Control (Free versions available).
Protects your applications from undesirable network incoming and outgoing
activity, controls applications internet access.
http://sphinx-soft.com/Vista/
Being that Zone Alarm is well know, I am hoping that someone might explain
how I should go about running it, while keeping UAC enabled.

http://zonealarm.donhoover.net/uninstall.html
Or
Absolute Uninstaller
http://www.glarysoft.com/au.html
Or
Revo Uninstaller
http://www.revouninstaller.com/
Aso, I am willing to help myself, so if anyone can point me at white papers
or other articles on UAC and how to work with it, I am all ears.

The best defenses are:

1. Do not work in 'elevated' level; For day-to-day work ensure that the
User Account Control (UAC) security module is enabled.
2. Familiarize yourself with "Services Hardening in Windows Vista".
3. Keep your operating (OS) system (and all software on it)updated/patched.
4. Reconsider the usage of IE.
5. Review your installed 3rd party software applications/utilities;Remove
clutter.
6. Don't expose services to public networks.
7. Activate the build-in firewall and tack together its advanced
configuration settings.
7a.If on high-speed internet use a router as well.
8. Routinely practice safe-hex.
9. Regularly back-up data/files.
10.Familiarize yourself with crash recovery tools and with
re-installing your operating system (OS).
11.Utilize a real-time anti-virus application and vital system monitoring
utilities/applications.
12.Keep abreast of the latest developments - Sh!t happens...you know.

The least preferred defenses are:
Myriads of popular anti-whatever applications and staying ignorant.

re: #1
Windows User Account Control Step-by-Step Guide
http://technet2.microsoft.com/Windo...8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true

re: #2
Services Hardening in Windows Vista
http://www.microsoft.com/technet/technetmag/issues/2007/01/SecurityWatch/

re: #3
Keep your operating system (OS) and all software on it updated/patched.
"So, you didn’t patch the system and it got hacked. What to do? Well, let’s
see: ..."
"The only way to clean a compromised system is to flatten and rebuild.
That’s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

Windows update.
http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
Secunia Personal Software Inspector
http://secunia.com/software_inspector
https://psi.secunia.com/ and
M/S Security Baseline Analyzer 2.0
http://www.microsoft.com/downloads/...06-B5F9-4DAD-BE9D-7B51EC2E5AC9&displaylang=en
can assist also.

re: #4
Utilizing another browser application can add to the overall security of
the OS. But,
Microsoft says Internet Explorer more secure than Firefox
http://www.heise-security.co.uk/news/99955 :-) :-)

IE7 safe/secure settings
Internet Explorer7 Desktop Security Guide
http://www.microsoft.com/downloads/...DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en

The Internet Explorer 7 Security Status Bar
http://www.microsoft.com/windows/products/winfamily/ie/ev/security.mspx

Extended Validation SSL Certificates
http://www.microsoft.com/windows/products/winfamily/ie/ev/default.mspx

Note: *Tight security settings will break down some websites. You need to
add these websites into the Trusted Zone for smooth access.*

You could consider disabling all Security Settings in IE and use IE only
for the 'Patch Tuesday' updates; To do so you must add the following URL's
to the Trusted sites:
http://update.microsoft.com
http://download.windowsupdate.com
https://*.update.microsoft.com
http://*.update.microsoft.com
http://*.microsoft.com

Alternative Browsers:
Operaâ„¢
http://www.opera.com/download/

Firefoxâ„¢
http://www.mozilla.com/en-US/

The SeaMonkey® Suite (Internet Browser)
http://www.seamonkey-project.org/

re: #5
Review your installed 3rd party software applications;
Remove clutter, dispose of all your 'Anti-Whatever' applications. Keep you
pc lean, install only applications you are really need - try to be a
'minimalist'.
Belarc Advisor can assist
http://www.belarc.com/free_download.html
as can
Absolute Uninstaller
http://www.glarysoft.com/au.html and/or
Revo Uninstaller
http://www.revouninstaller.com/

re: #6
Windows Vista Service Configurations Introduction
http://www.blackviper.com/WinVista/servicecfg.htm

re: #7
Tap into the Vista firewall's advanced configuration features
http://articles.techrepublic.com.com/5100-10877-6098592.html
"...once you discover the secret of accessing its advanced configuration
settings via the MMC snap-in, you'll find it to be far more configurable
and functional. At last, Windows comes with a sophisticated personal
firewall that can be used to set up outbound rules as well as inbound, with
the ability to customize rules to fit your precise needs."
Or
Configure Vista Firewall to support outbound packet filtering
http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1247138,00.html
Or
Vista Firewall Control (Free versions available)
http://sphinx-soft.com/Vista/

re: #8
Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

re: #9
Back Up regularly; Develop a Contingency Plan; Be prepared!
Consider "What if..."

Use Windows to back up your computer.
http://www.microsoft.com/protect/yourself/data/backup.mspx

Powerful backup that is easy to do!
http://www.acronis.com.sg/homecomputing/

Casperâ„¢ Backup Solution for Windows
http://www.fssdev.com/

Norton Ghostâ„¢
http://www.symantec.com/norton/products/overview.jsp?pcid=br&pvid=ghost12

Free Back-Up Programs; There are many more - mileages will vary - get
appropriate advice before deciding on application.
http://www.karenware.com/powertools/ptreplicator.asp
http://www.2brightsparks.com/downloads.html#freeware
http://www.sover.net/~wysiwygx/WinUtils5.html
http://xxclone.com/
http://www.educ.umu.se/~cobian/cobianbackup.htm

'Must-have' utilities:
ERUNT and NTREGOPT
http://www.larshederer.homepage.t-online.de/erunt/

re: #10
Familiarize yourself with Crash recovery applications;
Sh!t happens, you know! (Don't get caught flatfooted!)

Beginners Guides: Crash Recovery - Dealing with the Blue Screen Of Death
http://www.pcstats.com/articleview.cfm?articleID=1647

Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/

Windows PE 2.0 for Windows Vista Overview
http://technet.microsoft.com/en-us/windowsvista/aa905120.aspx

10a.
Re-install OS (reformat HDD). *See Footnote.
Back all your important Data files, Documents, Photo, Music, etc. to CD or
DVD media.
Download all the necessary drivers for Vista (motherboard, Video Card,
Audio, Network card, Etc.)
Verify that you have the Application DVD and key code.
Belarc Advisor can assist:
http://www.belarc.com/free_download.html

How to install Windows Vista
http://support.microsoft.com/kb/918884
Scroll down to:
How to perform a clean installation of Windows Vista by starting the
computer from the Windows Vista DVD

re: #11
Utilize some system monitoring utilities/applications.
Process Explorer
http://technet.microsoft.com/en-au/sysinternals/bb896653.aspx
AutoRuns for Windows
http://technet.microsoft.com/en-au/sysinternals/bb963902.aspx
What's Running
http://www.whatsrunning.net/whatsrunning/main.aspx
RunScanner
http://www.runscanner.net/
TCPView for Windows
http://technet.microsoft.com/en-au/sysinternals/bb897437.aspx
CurrPorts - View Opened TCP/IP ports/connections
http://www.nirsoft.net/utils/cports.html
WALLWATCHER - Collect, View, and Analyze Router Logs
http://sonic.net/wallwatcher/

Beginners may wish to employ a real-time AV application.
Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation Custom
Installation on some AV apps.) as it provides no additional protection.
http://www.oehelp.com/OETips.aspx#3
In fact, most of experts (incl. Norton) believe that scanning incoming and
outgoing mail causes e-mail file corruption.

Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)

Avira AntiVir® PersonalEdition Classic - Free
http://www.free-av.com/antivirus/allinonen.html

AVG Anti-Virus Free Edition
http://free.grisoft.com/

Activate the in build Windows Defender application
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."

And if you're really paranoid you can consider utilizing:
SUPERAntiSpyware Free (in conjunction with WinDef)
http://www.superantispyware.com/superantispywarefreevspro.html

re: #12
Windows Vista Security Guide
http://www.microsoft.com/Downloads/...ed-7f35-4e72-bfb5-b84a526c1565&displaylang=en

*Footnote:
Reformatting of HDD is the preferred course of action! But if this is
beyond your capabilities then consult professional computer services (but
not the supermarket-type repair shops). If this is not an option then you
may be able to clean your OS by employing David H. Lipman's MULTI_AV.EXE
which can be downloaded from the URL:-

English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Swiss/German:
http://www.pctipp.ch/downloads/dl/35905.asp
http://pcdid.com/Multi_AV.htm

(Note: An experienced and prepared operator probably will reformat a HDD
faster then utilizing the MULTI_AV scanning tool).

Good luck :)
 
Back
Top