Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows Vista: When you should use UAC
New Posts  All Forums:Forum Nav:

Windows Vista: When you should use UAC

post #1 of 44
Thread Starter 
I hear a lot of people complaining about UAC and I really cannot figure out why. User Account Control was designed to allow for the system administrator to also be the primary user of the computer without degrading the security of the system.

You should have an elevated "Administrator" account on your computer as well as a limited general use account on your computer. Not doing this is poor security habits and opens your computer up to all sorts of vulnerabilities. We all know we should do this... but how many actually do?

User Account Control offers an alternative to having multiple accounts with different system privileges. UAC allows you to safely use an administrator account for every day activities.

So when should you use UAC? When you use your administrator account as your primary account, which is something the vast majority of users do.

When don't you need to use it (but you still should)? If your primary user account is a restricted account, without administrator privledges.

I am tired of people complaining about UAC. It is not that pertrusive, especially once your have your system configured.

One example of UAC in action:

Teamspeak can bind a keyboard settings to ignite voice communications. Unless teamspeak is in your primary and visible window, UAC will not allow teamspeak access to input / output data, unless you run it as an administrator. What does this protect against? Key loggers! You must intentionally set TeamSpeak as an elevated application in order for it to have access to keystroke data. This is excellent!

What actions trigger UAC:

Quote:
  • Right-clicking an application's icon and clicking "Run as administrator"
  • Changes to files or folders in %SystemRoot% or %ProgramFiles%
  • Installing and uninstalling applications
  • Installing device drivers
  • Installing ActiveX controls
  • Changing settings for Windows Firewall
  • Changing UAC settings
  • Configuring Windows Update
  • Adding or removing user accounts
  • Changing a user’s account type
  • Configuring Parental Controls
  • Running Task Scheduler
  • Restoring backed-up system files
  • Viewing or changing another user’s folders and files
  • Repairing a network connection (requesting a new IP address)
If you have Windows Vista Business or Ultimate, you have configure specific settings of UAC:

Quote:
UAC can be configured via security settings (secpol.msc), though this is only available for the business and ultimate editions. All configuration items are prefixed with “User Account Controlâ€.
  • Behaviour of the elevation prompt for administrators in admin approval mode.
    • Turn off UAC (no prompt).
    • Prompt for consent (default).
    • Prompt for credentials.
  • Behaviour of the elevation prompt for standard users.
    This settings determines what happens if you run as a standard user and start a program that needs administrator rights (for the cases UAC can determine admin rights are required e.g. does not work for MMC snapins).
    • No prompt: fail and do not start the program if it required admin rights.
    • Prompt for credentials (default).
  • Admin approval mode for the built-in administrator account.
    This setting can be used to disable UAC for the built-in Administrator account (however, this account is disabled by default in Windows Vista).
    • Enable (default)
    • Disable
  • Detect application installations and prompt for elevation.
    Windows by default uses some heuristics to determine if an EXE is an installer (which most likely requires elevation)
    • Enable (default)
    • Disable
  • Switch to the secure desktop when prompting for elevation.
    • Enable (default)
    • Disable
  • Only execute executables that are signed and validated.
    If enabled an additional check is done after the elevation prompt. If the EXE is not signed the EXE will not be started.
    • Enable
    • Disable (default)
  • Virtualize file and registry write failures to per-user locations
    • Enable (default)
    • Disable
  • Run all administrators in Admin Approval Mode.
    To switch off UAC set this setting to disabled and reboot. All UAC behavior will be disabled, including file and registry virtualization.
    • Enable (default)
    • Disable
http://en.wikipedia.org/wiki/User_Account_Control
System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2500k ASRock P67 Extreme4 Gen 3 AMD 7970 16GB DDR3 
Hard DriveOptical DriveOSMonitor
Intel 520 256GB SATA DVD Burner Windows 7 64 bit Deal U2410 
KeyboardPowerMouse
Adesso Mechanical Silverstone OP650 Logitech G700 
  hide details  
Reply
System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2500k ASRock P67 Extreme4 Gen 3 AMD 7970 16GB DDR3 
Hard DriveOptical DriveOSMonitor
Intel 520 256GB SATA DVD Burner Windows 7 64 bit Deal U2410 
KeyboardPowerMouse
Adesso Mechanical Silverstone OP650 Logitech G700 
  hide details  
Reply
post #2 of 44
Interesting. Is there any way to disable SOME of its features and have others continue?

For example: can I set it to blacklist (or whitelist, rather, depending on how you look at it) certain programs? Like can I set it to always allow Fraps? Because I heard it's supposed to "learn" after time, but it never learned that I'm always going to start Fraps when I turn on my computer...

And can I have it stop asking me to run every damned program but still keep other protection without turning the whole entire thing off?

If it was answered, I posted because some of that stuff in the quote list I don't understand.
post #3 of 44
Thread Starter 
Quote:
Originally Posted by The Hundred Gunner View Post
Interesting. Is there any way to disable SOME of its features and have others continue?

For example: can I set it to blacklist (or whitelist, rather, depending on how you look at it) certain programs? Like can I set it to always allow Fraps? Because I heard it's supposed to "learn" after time, but it never learned that I'm always going to start Fraps when I turn on my computer...

And can I have it stop asking me to run every damned program but still keep other protection without turning the whole entire thing off?

If it was answered, I posted because some of that stuff in the quote list I don't understand.
If you have Vista Business or Ultimate I believe you have more control over how UAC works, I have played with it a bit, but the options are extensive. I am not sure to what extend you can change things.

I also experience what you do with it asking me for permission to something I repetitively grant permission. Like RivaTuner, which is part of my startup registry. I see no obvious work around for this.
System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2500k ASRock P67 Extreme4 Gen 3 AMD 7970 16GB DDR3 
Hard DriveOptical DriveOSMonitor
Intel 520 256GB SATA DVD Burner Windows 7 64 bit Deal U2410 
KeyboardPowerMouse
Adesso Mechanical Silverstone OP650 Logitech G700 
  hide details  
Reply
System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2500k ASRock P67 Extreme4 Gen 3 AMD 7970 16GB DDR3 
Hard DriveOptical DriveOSMonitor
Intel 520 256GB SATA DVD Burner Windows 7 64 bit Deal U2410 
KeyboardPowerMouse
Adesso Mechanical Silverstone OP650 Logitech G700 
  hide details  
Reply
post #4 of 44
Still seems pointless to me. Its wonderful for people who do alot of clicking where they shouldn't be but if you know what you're doing your security should be tight enough that you don't need UAC. I don't use teamspeak (or even know what it is) so that scenario you brought up means nothing to me. And as for it not being intrusive....I disagree. Its by far the most annoying thing my computer has ever done. Way more annoying than when games ask you 12 times if you're "sure you want to quit". I've never had it on on this comp and never encountered any problems or been hacked or anything, hell I don't even have any spyware. Nice UAC guide though, but mines still staying off.
The Beast
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 @ 3ghz 24/7 XFX 750i XFX 8800gt Alpha Dog! 2gb OCZ SLI edition DDR2-800mhz 
Hard DriveOptical DriveOSMonitor
RAID 0 setup for OS and 750gb/500gb storage drives DVD/CD RW w/ lightscribe Windows 7 Ultimate x86 Westinghouse 22w2! 
KeyboardPowerCaseMouse
some wireless deal with media keys Ultra 650w Ultra Aluminus Full Tower a cheapy 
Mouse Pad
mah desk 
  hide details  
Reply
The Beast
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 @ 3ghz 24/7 XFX 750i XFX 8800gt Alpha Dog! 2gb OCZ SLI edition DDR2-800mhz 
Hard DriveOptical DriveOSMonitor
RAID 0 setup for OS and 750gb/500gb storage drives DVD/CD RW w/ lightscribe Windows 7 Ultimate x86 Westinghouse 22w2! 
KeyboardPowerCaseMouse
some wireless deal with media keys Ultra 650w Ultra Aluminus Full Tower a cheapy 
Mouse Pad
mah desk 
  hide details  
Reply
post #5 of 44
Quote:
Originally Posted by Puscifer View Post
Still seems pointless to me. Its wonderful for people who do alot of clicking where they shouldn't be but if you know what you're doing your security should be tight enough that you don't need UAC. I don't use teamspeak (or even know what it is) so that scenario you brought up means nothing to me. And as for it not being intrusive....I disagree. Its by far the most annoying thing my computer has ever done. Way more annoying than when games ask you 12 times if you're "sure you want to quit". I've never had it on on this comp and never encountered any problems or been hacked or anything, hell I don't even have any spyware. Nice UAC guide though, but mines still staying off.
Well once again, a great concept but poor implementation.

Hopefully vista 2 or windows 7 or whatever will improve this as well as everything else that needs improving... lol
post #6 of 44
Well, I use Comodo's Defence+ (part of the firewall) which is way more advanced than silly UAC...
Under-Utilized
(14 items)
 
  
CPUMotherboardGraphicsRAM
3570K Z77-D3H XFX RX480 RS Corsair Vengeance 
Hard DriveHard DriveCoolingOS
HyperX 3K 120GB 3TB Storage Hyper 212 Plus Windows 10 
MonitorKeyboardPowerMouse
24" CFG70  SideWinder X6 550 Watt Logitech G602 
Mouse PadAudio
Razer eXactMat X Objective2 +ODAC 
  hide details  
Reply
Under-Utilized
(14 items)
 
  
CPUMotherboardGraphicsRAM
3570K Z77-D3H XFX RX480 RS Corsair Vengeance 
Hard DriveHard DriveCoolingOS
HyperX 3K 120GB 3TB Storage Hyper 212 Plus Windows 10 
MonitorKeyboardPowerMouse
24" CFG70  SideWinder X6 550 Watt Logitech G602 
Mouse PadAudio
Razer eXactMat X Objective2 +ODAC 
  hide details  
Reply
post #7 of 44
Quote:
Originally Posted by The Hundred Gunner View Post
Well once again, a great concept but poor implementation.

Hopefully vista 2 or windows 7 or whatever will improve this as well as everything else that needs improving... lol
Yeah, thats a great name for their new OS. Windows 7
The Beast
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 @ 3ghz 24/7 XFX 750i XFX 8800gt Alpha Dog! 2gb OCZ SLI edition DDR2-800mhz 
Hard DriveOptical DriveOSMonitor
RAID 0 setup for OS and 750gb/500gb storage drives DVD/CD RW w/ lightscribe Windows 7 Ultimate x86 Westinghouse 22w2! 
KeyboardPowerCaseMouse
some wireless deal with media keys Ultra 650w Ultra Aluminus Full Tower a cheapy 
Mouse Pad
mah desk 
  hide details  
Reply
The Beast
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 @ 3ghz 24/7 XFX 750i XFX 8800gt Alpha Dog! 2gb OCZ SLI edition DDR2-800mhz 
Hard DriveOptical DriveOSMonitor
RAID 0 setup for OS and 750gb/500gb storage drives DVD/CD RW w/ lightscribe Windows 7 Ultimate x86 Westinghouse 22w2! 
KeyboardPowerCaseMouse
some wireless deal with media keys Ultra 650w Ultra Aluminus Full Tower a cheapy 
Mouse Pad
mah desk 
  hide details  
Reply
post #8 of 44
UAC has its advatanges but I disabled it from day one due to it being rather annoying. I know you can configure it but I wanted the whole thing disabled and out of my way. I think UAC is helpful for the NOOBS so to speak and yes is even good for security in general. However for the people who have common sense and know what they are doing UAC is not a must.

Not to be funny but MANY Windows OS did not have UAC and I survived lol
post #9 of 44
Thread Starter 
Quote:
Originally Posted by Puscifer View Post
Still seems pointless to me. Its wonderful for people who do alot of clicking where they shouldn't be but if you know what you're doing your security should be tight enough that you don't need UAC. I don't use teamspeak (or even know what it is) so that scenario you brought up means nothing to me. And as for it not being intrusive....I disagree. Its by far the most annoying thing my computer has ever done. Way more annoying than when games ask you 12 times if you're "sure you want to quit". I've never had it on on this comp and never encountered any problems or been hacked or anything, hell I don't even have any spyware. Nice UAC guide though, but mines still staying off.
If you truly "know what you are doing" you will have multiple user accounts with different privileged levels, and your primary account would be limited access. Thus, everytime you tried to perform a elevated action you would have to prove your credentials as an administrator.

Using this alternative security method to UAC requires more clicking and more wasted time. UAC significantly simplifies the process and allows you to maintain a proper security environment even though you have only 1 user account (that is also an elevated account).

Your comment's about my teamspeak example indiciate that you don't understand the point of the example. It has nothing to do with your use of teamspeak, on the contrary. It deminstrates the usefullness of UAC at preventing malicious execution of code on your computer.

You cannot tell me you know that you have no spyware or anti-virus! How can you possibly know! The good stuff doesn't "pop out" and spam your screen with pop ups. It silently runs in the background collecting goodies (personal data) and then sending it back to the originator. Although much easier to discover, your computer can be taken over by a botnet, running instruction from the hacker like a massive server. None of these "high end" virus's or malware will ever notify you that you have been attacked.

Quote:
Originally Posted by ENTERPRISE View Post
UAC has its advatanges but I disabled it from day one due to it being rather annoying. I know you can configure it but I wanted the whole thing disabled and out of my way. I think UAC is helpful for the NOOBS so to speak and yes is even good for security in general. However for the people who have common sense and know what they are doing UAC is not a must.

Not to be funny but MANY Windows OS did not have UAC and I survived lol
UAC is not about preventing "NOOBS" from deleting "My Computer". UAC is more importantly about requiring authorization from the user to run elevated tasks. It prevents malicous code from doing things like changing the links on all the shortcuts on your desktops to running virus.exe. It prevents keyloggers and data miners from running.

Previous Windows OS's did not have UAC... That isn't a very good arguement. UAC was introduced because too many people has poor security habits in terms of administrator accounts.
System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2500k ASRock P67 Extreme4 Gen 3 AMD 7970 16GB DDR3 
Hard DriveOptical DriveOSMonitor
Intel 520 256GB SATA DVD Burner Windows 7 64 bit Deal U2410 
KeyboardPowerMouse
Adesso Mechanical Silverstone OP650 Logitech G700 
  hide details  
Reply
System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2500k ASRock P67 Extreme4 Gen 3 AMD 7970 16GB DDR3 
Hard DriveOptical DriveOSMonitor
Intel 520 256GB SATA DVD Burner Windows 7 64 bit Deal U2410 
KeyboardPowerMouse
Adesso Mechanical Silverstone OP650 Logitech G700 
  hide details  
Reply
post #10 of 44
Quote:
Originally Posted by pauldovi View Post
If you truly "know what you are doing" you will have multiple user accounts with different privileged levels, and your primary account would be limited access. Thus, everytime you tried to perform a elevated action you would have to prove your credentials as an administrator.

Using this alternative security method to UAC requires more clicking and more wasted time. UAC significantly simplifies the process and allows you to maintain a proper security environment even though you have only 1 user account (that is also an elevated account).

Your comment's about my teamspeak example indiciate that you don't understand the point of the example. It has nothing to do with your use of teamspeak, on the contrary. It deminstrates the usefullness of UAC at preventing malicious execution of code on your computer.

You cannot tell me you know that you have no spyware or anti-virus! How can you possibly know! The good stuff doesn't "pop out" and spam your screen with pop ups. It silently runs in the background collecting goodies (personal data) and then sending it back to the originator. Although much easier to discover, your computer can be taken over by a botnet, running instruction from the hacker like a massive server. None of these "high end" virus's or malware will ever notify you that you have been attacked.



UAC is not about preventing "NOOBS" from deleting "My Computer". UAC is more importantly about requiring authorization from the user to run elevated tasks. It prevents malicous code from doing things like changing the links on all the shortcuts on your desktops to running virus.exe. It prevents keyloggers and data miners from running.

Previous Windows OS's did not have UAC... That isn't a very good arguement. UAC was introduced because too many people has poor security habits in terms of administrator accounts.
Yes I am fully aware of that. I was talking more in my case where I know how to properly secure my Network and PC to not allow malicious applications to get on my system in the 1st place. Granted UAC is a useful tool for everyone but a little less so for the more experienced. Thus why I said its especially good for the more NOOB user...Its not just for noobs but especially good for them.

Out of all the Vista installs I have ever had on my PC has had UAC disabled and to this day I have a nice clean PC free of malicious code/programs.

The main reason I removed UAC is I like to work fast and having UAC pop up in my face when I am trying to get something done IMO is counterproductive.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows Vista: When you should use UAC