The Great UAC Debate!

[Dashel]

I'm really not sure why this is such a big deal. People who want UAC enabled should leave it enabled. Those who want it disabled (myself included) should disable it.

Next :)

+1

I'll also echo how annoying general customization (like the 'new' Start menu folder system) is with UAC enabled. They made it harder to organize due to folder restructuring then add in UAC and you are pretty much forced to use the new search feature to find anything. (N)

[ozgeek]

My result from the poll:

Do I use UAC? No.

Do I run admin account? Yes

I do understand the purpose of UAC but I don't care.

[abcdefg]

How else do you suggest any OS protect against their users installing crap? If the user decides to do something (and they have Administrator access), they are damn well going to do it.

No admin access to users.

Application installations generally require admin privileges by design. Administrators don't want their users installing applications without their permission (or at all, really). Application installs generally affect the entire machine.

B-a-d design, completely destroys security. Holy donkey, if application install affect the entire machine then that is just retarded.

If user has access to any place of course it's possible to run portable applications. In that case it's completely irrevelant whether a user has admin or limited access. Whitelists are meant to restrict that.

gain you are speaking from ignorance. If UAC is disabled, there is no way for one application to have different levels of access than another application. If UAC is disabled, any application can take ownership of any file on any drive of the system, and do with it as it pleases. Any application can manipulate, read data from, or inject code into any other application in the user's session.

Well I am not even using Vista right now but are you seriously suggesting that prior Vista there isn't any separation between applications launched with admin credentials or LUA? Huh, that would be every admin's nightmare. I know that I can't delete or alter my music files etc. without admin account. So programs that I run from my account can't touch them. If they can, then obviously Windows is completely screwed up.

This is an excerpt from

http://blogs.msdn.com/oldnewthing/archive/...7.aspx#comments

I so miss the good old dos days where things were simple and most applications weren't messing your OS structures and configuration.

What you get now, is that every dev thinks that it's cool to write 'gold' to registry on every users machine and leave that 'gold' behind. Every dev tries to use COM's to kill flies. And don't let me start on MSI. I think the fact that VS2005SP1 ~300MB (by Microsoft) cannot be installed with 5GB of free space on HDD and ruins the whole system when out of space tells everything. I really do have 'warm' feeling for this technology.

I agree, couldn't install Office trial because stupid installer had obsession to write to C:\ then I decided to be a pirate.

Dadaa it's all 'bout the money and MS choose not to accept mine by delivering uninstallable product. I don't have to tell you that Office portable works great.

[Linkinfamous]

Well I am not even using Vista right now but are you seriously suggesting that prior Vista there isn't any separation between applications launched with admin credentials or LUA? Huh, that would be every admin's nightmare. I know that I can't delete or alter my music files etc. without admin account. So programs that I run from my account can't touch them. If they can, then obviously Windows is completely screwed up.

What? I think you just described Admin Approval mode (That's default configuration with UAC on, running as an Admin)

Programs normally launch with a Medium IL, but you can force them to launch with a High IL with a UAC prompt.

[Brandon Live Veteran]

No admin access to users.

Wait... so you're saying someone who buys a Dell computer and sets it up in their home should not have admin access to their own computer? That's absurd.

Enterprises by and large do not give admin access to most of their users. In that case, UAC is moot because UAC only applies to Administrator accounts. It grants Administrators the ability to run specific applications with lower privilege levels (without the hassle of switching accounts).

OS X has a very similar feature. The default OS X account has administrator-level privileges, but every time you install something or change a system setting, you are asked to type in your password. This is largely the same functionality as UAC, though obviously a bit more intrusive since it requires you to type your password each time.

B-a-d design, completely destroys security. Holy donkey, if application install affect the entire machine then that is just retarded.

If user has access to any place of course it's possible to run portable applications. In that case it's completely irrevelant whether a user has admin or limited access. Whitelists are meant to restrict that.

I'm not even sure what you're talking about. In enterprise environments, admins don't want their users to run "portable" applications. They don't want them running anything that wasn't provided for them by IT.

How does installing applications such that multiple users can access them destroy security? OS X, Linux, and FreeBSD work in the same way. You're saying they all got it wrong? More likely, you simply have a very narrow view of the problem and haven't considered all the angles. In your model, with no support for system-wide application installs, it would be impossible for an IT admin to install software for his users. That seems pretty broken to me...

Well I am not even using Vista right now but are you seriously suggesting that prior Vista there isn't any separation between applications launched with admin credentials or LUA? Huh, that would be every admin's nightmare. I know that I can't delete or alter my music files etc. without admin account. So programs that I run from my account can't touch them. If they can, then obviously Windows is completely screwed up.

Prior to Vista, every application that an Administrator runs has the same privileges, and can interact with every other application on the same desktop. Vista introduces UIPI which prevents applications with different privilege levels from interacting with or manipulating each other.

If you are running Windows XP as a non-admin, but you launch an application as an Admin user on the same desktop, you have immediately raised the effective privilege level of every application on that desktop to the Admin level. Because the non-admin applications can inject code into the Admin-level process and do whatever they want at that privilege level. This was one of the greatest architectural limitations in Windows prior to Vista when it comes to privilege isolation.

If you're suggesting that all users should disable UAC and then run as non-admin accounts without write access to their own personal files... that's absolutely absurd. That might work for you, which is fine. But I know about a billion Windows users who would never stand for that user experience.

Besides, all that you accomplish by doing that is exactly what UAC already does - but with a far more painful user experience and far less application compatibility.

This is an excerpt from

http://blogs.msdn.com/oldnewthing/archive/...7.aspx#comments

I so miss the good old dos days where things were simple and most applications weren't messing your OS structures and configuration.

What you get now, is that every dev thinks that it's cool to write 'gold' to registry on every users machine and leave that 'gold' behind. Every dev tries to use COM's to kill flies. And don't let me start on MSI. I think the fact that VS2005SP1 ~300MB (by Microsoft) cannot be installed with 5GB of free space on HDD and ruins the whole system when out of space tells everything. I really do have 'warm' feeling for this technology.

I agree, couldn't install Office trial because stupid installer had obsession to write to C:\ then I decided to be a pirate.

Dadaa it's all 'bout the money and MS choose not to accept mine by delivering uninstallable product. I don't have to tell you that Office portable works great.

I'm not even sure what you're on about there. Especially these "gold" registry entries and whatever that is that person tried to say about COM.

As for disk space, it's obvious that some applications require more disk space during install than they do once the installation is finished. That's not a hard concept to grasp... the installation package is compressed. The package needs to be decompressed to get at the actual installation files - and if you decide not to install all the pieces, the end result will be less disk space that was used during the install because there's no point in keeping around those extracted files that weren't used.

[Linkinfamous]

If you are running Windows XP as a non-admin, but you launch an application as an Admin user on the same desktop, you have immediately raised the effective privilege level of every application on that desktop to the Admin level. Because the non-admin applications can inject code into the Admin-level process and do whatever they want at that privilege level. This was one of the greatest architectural limitations in Windows prior to Vista when it comes to privilege isolation.

It was also impossible to run that app as an Admin, under your account profile, which I think is one of the greatest things about UAC.

Edited January 20, 2008 by MioTheGreat

[Brandon Live Veteran]

It was also impossible to run that app as an Admin, under your account profile, which I think it one of the greatest things about UAC.

Right, you had to run in the context of a different user (which means it hits that user's registry, user profile, etc). Further, that privilege escalation problem I mentioned also gave your apps access to that admin user's personal data.

[wrack]

What I want in UAC is to have an option to remember some choices I make.

Like in many firewall prompts...Allow, Deny, Always Allow, Always Deny. And also a management console to add, modify, edit those choices so if someone changes their mind about a program then they can do it.

[DrCheese]

I'm hoping future versions will not have an option to disable UAC, any insider info on that possibility?

Whoa daddy.. Its posts like this that get on my nerves. Why does it matter if some of us want to turn off UAC. Does it affect you personally? No. I'm also fed up of the attitude from some people that we're all clueless n00bs if we turn it off. We get the point of what UAC is supposed to do and see how it improves security, we just really dislike the implementation of it. So much so that we turn it off.

I did a fresh install on my laptop recently with the latest SP1 and I really tried this time to stick with UAC after I'd got everything installed but it really drove me up the wall and within 2/3 days I'd turned it back off. I shouldn't have to confirm(or in some cases, double confirm, i.e renaming an icon on my desktop, yes I know the "All users" reason why it does it but still) everything I do on my PC.

So I vote no to both.

[Brandon Live Veteran]

Whoa daddy.. Its posts like this that get on my nerves. Why does it matter if some of us want to turn off UAC. Does it affect you personally? No. I'm also fed up of the attitude from some people that we're all clueless n00bs if we turn it off. We get the point of what UAC is supposed to do and see how it improves security, we just really dislike the implementation of it. So much so that we turn it off.

I disagree. By running your machine in a blatantly insecure manner, you are opening up your box to become a DoS or e-mail spamming bot that will affect me personally. Further, it would stop people (like several on this thread) who disable UAC on other peoples machines, or who advise others to out of ignorance.

Now, if you want to run as "root" all the time by using the built-in Administrator account (which isn't affected by UAC), then that's your prerogative. But just like running as "root" on *nix / OS X, the stupidity of doing so should be obvious to anyone.

That said, improvements to UAC (and specifically, the Secure Desktop switch) are in order. SP1 improves some areas, like creating/renaming new folders and such. I'd be surprised if the UAC experience didn't improve further over time.

[Ryan R]

I've had UAC off for as long as I can have had Vista installed. Haven't got into any mess, nothing to report. I do , however have Spybot SD installed, which is somewhat similar to the UAC - but not as annoying.

[DrCheese]

By running your machine in a blatantly insecure manner, you are opening up your box to become a DoS or e-mail spamming bot that will affect me personally

I knew someone would say that. Again its the whole "If you don't run UAC, you must be a clueless n00b" mentality. It's unfair to assume that just because we dislike the way UAC is implemented and disable it we're all idiots who are going to install or get infected by tons of spyware/viruses.

If I managed to keep our PC's clean and proper for however many years I ran XP and its predecessors then I think I'll be ok and if for whatever reason my PC did manage to get infected via something that UAC could have prevented, It wouldn't be left like that for long, so no it wouldn't sit there email spamming or joining a botnet.

As for the thing about turning off other people's UAC, this is something I personally wouldn't do..

[Brandon Live Veteran]

I've had UAC off for as long as I can have had Vista installed. Haven't got into any mess, nothing to report. I do , however have Spybot SD installed, which is somewhat similar to the UAC - but not as annoying.

Spybot is not in any way, shape, or form even slightly similar to UAC. Perhaps you should read some of the above posts where the purpose of UAC is clarified.

I knew someone would say that. Again its the whole "If you don't run UAC, you must be a clueless n00b" mentality. It's unfair to assume that just because we dislike the way UAC is implemented and disable it we're all idiots who are going to install or get infected by tons of spyware/viruses.

Again, UAC is not there to prevent you from installing spyware or viruses.

[DrCheese]

Again, UAC is not there to prevent you from installing spyware or viruses.

I realise this, I was just trying to refute your argument that turning off UAC suddenly means that we're also the type to have our PC's turned into DDOS/email bots or that turning off UAC opens us up to that.

[Denis W. Veteran]

I keep UAC on for the reasons mentioned above: sandbox-like functionality for Internet Explorer, registry/file virtualization for older apps, and of course for that small sense of idiot-proofness.

However, the one main problem for UAC still stands: what about those apps that users have to constantly elevate themselves because either a) the app's developer hasn't issued an update yet, or b) the app is an old classic that has since been abandoned? This is where an article on Microsoft's support site comes handy:

How to disable the User Account Control Prompt for certain application

Keep UAC on and follow this guide to create your own whitelist of applications that must be elevated each time you use them. (I don't know if this simply disables the prompt or it disables the prompt AND elevates it to admin privileges. If it's the latter, then I think there's an extra option or two in the Compatibility Fixes section of the database wizard that enables admin privileges.)

[Ryan R]

That article could become useful. The worst offender for the UAC was WinRAR. Extracting files via the context menu didn't work at all, likely because when you open the main WinRAR windows - UAC requires permission.

I don't know why they call it the User Account Control when you can't turn it on for one user and have it off for another. It's either on for everyone or off for everyone.

[ViperAFK]

That article could become useful. The worst offender for the UAC was WinRAR. Extracting files via the context menu didn't work at all, likely because when you open the main WinRAR windows - UAC requires permission.

I don't know why they call it the User Account Control when you can't turn it on for one user and have it off for another. It's either on for everyone or off for everyone.

UAC works perfectly with WinRAR, Why do people keep saying this. I have NEVER gotten a prompt from winrar in vista. Are you running an old version? 3.71 is working great for me with UAC.

[kingroach]

I personally turn off UAC since I know what I am doing. But UAC does save people. Two of my friends has vista laptop with UAC and I they used get spyware infection regularly and every time we hang out I had to clean their computers. But with vista both are spyware free. They still have the IE toolber cluttered thanks to default instllation of yahoo messenger and aol messenger but I set Firefox as default browser and they are running problem free.

[Denis W. Veteran]

My initial expectations of what the guide allowed us to do with elevating applications were a bit off. I assumed this allowed any application full admin privileges without the need of any prompt.

What that guide helps you to do is to disable the prompt for only those applications that trigger them (i.e. running RivaTuner on startup). My test was to see if a simple app like Notepad could write to the Windows folder. RunAsAdmin or RunAsHighest triggered UAC prompts. Using the ForceAsAdmin gave Notepad admin rights, but virtualized it (so all files went into AppData\Local\VirtualStore\Windows).

Guess there's no real whitelist then. :/ (not that I'm using any applications that are problematic under UAC)

Edited January 21, 2008 by rm20010

[Linkinfamous]

I personally turn off UAC since I know what I am doing. But UAC does save people. Two of my friends has vista laptop with UAC and I they used get spyware infection regularly and every time we hang out I had to clean their computers. But with vista both are spyware free. They still have the IE toolber cluttered thanks to default instllation of yahoo messenger and aol messenger but I set Firefox as default browser and they are running problem free.

Seriousy. Do you people even bother to read any of the other posts in the thread before you post things.

Leaving UAC on or turning it off should have absolutely nothing to do with whether or not you 'know what you're doing' (Though, the 'just enough knowledge to be dangerous' people seem to like to turn it off.).

UAC has nothing to do with those toolbars, or installing software (Since the installer generally wants to elevate itself anyway), or your mistakes.

It's about keeping processes running with as few privileges as they need to perform their function, so as to prevent them from potentially doing harm, mostly by exploits (But it certainly helps prevent by accident.)

[Brandon Live Veteran]

My initial expectations of what the guide allowed us to do with elevating applications were a bit off. I assumed this allowed any application full admin privileges without the need of any prompt.

What that guide helps you to do is to disable the prompt for only those applications that trigger them (i.e. running RivaTuner on startup). My test was to see if a simple app like Notepad could write to the Windows folder. RunAsAdmin or RunAsHighest triggered UAC prompts. Using the ForceAsAdmin gave Notepad admin rights, but virtualized it (so all files went into AppData\Local\VirtualStore\Windows).

Guess there's no real whitelist then. :/ (not that I'm using any applications that are problematic under UAC)

That guide explains how to override the manifest-specified elevation of some applications so that they do not attempt to run with administrator privileges. It does not allow them to elevate without prompting. If that were possible, then an attacker could likely use that mechanism to escalate privileges without the user being informed.

If it is being virtualized, it does not have admin rights. "RunAsInvoker" simply means "run with the same permissions as the application that launched this one."

[Ryan R]

So what happens if I download some freeware app and UAC tells me that 'This app wants to access your computer'?

If I click Deny - it closes.

If I click Allow - it'll be able to do what it wants. Since I obviously want to run the program since I dbl-clicked it - I'll most likely click allow anyway, due to the fact that there are no details.

Where's the 'Details' button?

[ozgeek]

Ryan, that is what UAC does. Asking if you are sure you want to launch a program you already ordered the computer to open. I don't like things or people "questioning" my orders :(

People disable it because it's their choice, not becaise they don't understand the purpose of it. Many programs simply don't work with UAC enabled. For example, I still enjoy playing NFS High Stakes. Since the game is not very friendly with multi-tasking and will crash when I go back ingame, if any UAC pops up.

[Ryan R]

Hehe - so do I. Although lately I've had no success whatsoever getting it to run - and I've had it working on my old PC which had Vista on it. Let's not get offtopic though. :)

[Brandon Live Veteran]

Ryan, that is what UAC does. Asking if you are sure you want to launch a program you already ordered the computer to open. I don't like things or people "questioning" my orders :(

Why post in this thread if you haven't read any of it? I knew literacy was a problem in this country, but had no idea it had gotten so bad.

So, for the 100th time: that is absolutely not what UAC does.

People disable it because it's their choice, not becaise they don't understand the purpose of it. Many programs simply don't work with UAC enabled. For example, I still enjoy playing NFS High Stakes. Since the game is not very friendly with multi-tasking and will crash when I go back ingame, if any UAC pops up.

There is no way UAC has any effect on that game.