MrKuro Posted April 28, 2009 Share Posted April 28, 2009 i also turn it off; i know the "benefits" ; but it annoys me too much to leave on Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-590914336 Share on other sites More sharing options...
Solid Knight Posted April 28, 2009 Share Posted April 28, 2009 I left mine on. It gets annoying but I'd rather have it on. Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-590914350 Share on other sites More sharing options...
techcafe Posted June 3, 2009 Share Posted June 3, 2009 UAC is the first thing i disable on every Vista system i setup... UAC is a royal pain in the *SS, and most of my clients absolutely hate UAC, because it constantly nags/annoys the user about the most trivial activities. UAC just gets in the way of getting real work done. UAC is not a feature, it's a bug, and if microsoft was serious about securing the OS, then they would never have hacked together a crappy/half-assed/stop-gap measure like UAC. Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591082492 Share on other sites More sharing options...
NEVER85 Posted June 4, 2009 Share Posted June 4, 2009 UAC is the first thing i disable on every Vista system i setup... UAC is a royal pain in the *SS, and most of my clients absolutely hate UAC, because it constantly nags/annoys the user about the most trivial activities. UAC just gets in the way of getting real work done.UAC is not a feature, it's a bug, and if microsoft was serious about securing the OS, then they would never have hacked together a crappy/half-assed/stop-gap measure like UAC. Wow, I seriously pity any client you have, if that's the best you can come up with. Do us a favor and get out of the field before you do any more damage. Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591084706 Share on other sites More sharing options...
MagicAndre1981 Posted June 4, 2009 Share Posted June 4, 2009 @techcafe instead of posting such a bull**** you should learn what UAC and NT security right management is. *facepalm* Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591086482 Share on other sites More sharing options...
ryan_the_leach Posted June 4, 2009 Share Posted June 4, 2009 (edited) Ok, I'm not claiming to be an expert. But let us say i follow the turn UAC off camp, What's the worst that could happen considering the arguments for and against, i end up giving malware admin access that wasn't intended as mentioned above. Now considering I don't turn it off, I'm annoyed daily when I'm renaming files editing ini files in program files(which i now know i can find in the virtual store thanks topic :D). considering the two worst scenario outcomes I can tell you I personally would rather be "Protected" and annoyed. Edit: Wow 26 pages, I think this thread has gotten way too big, and i only read until page 9, and even rorm the first 3 pages just saw people repeating themselves, reckon the facts from this topic just need to be pinned, and then locked, but its not my place to back seat mod.... Edited June 4, 2009 by ryan_the_leach Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591086830 Share on other sites More sharing options...
MagicAndre1981 Posted June 4, 2009 Share Posted June 4, 2009 sorry, UAC never anyones you, it helps you to do operation which require elevated rights. If you're trying to do the same things with a limited account under XP, you'll get an error message ;) That's all. Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591088496 Share on other sites More sharing options...
Descartes Posted June 4, 2009 Share Posted June 4, 2009 UAC in Vista was horrible, but since I moved to Windows 7, i have it turned on default settings - I only see it when a program needs to elevate itself, which hardly ever happens - and it saved my ass a couple of times too, the icon overlay usually gives you a heads up, when an app is not supposed to make use of the administrator privileges. A great thing! Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591088518 Share on other sites More sharing options...
MagicAndre1981 Posted June 4, 2009 Share Posted June 4, 2009 no, bad thing, look here: http://www.pretentiousname.com/misc/win7_uac_whitelist2.html Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591088568 Share on other sites More sharing options...
PureHeart Posted July 6, 2009 Share Posted July 6, 2009 I always have UAC turned on, if it improves security why not? Although I don't think I have ever been saved by it though, maybe it will in the future :) Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591239094 Share on other sites More sharing options...
Growled Member Posted July 7, 2009 Member Share Posted July 7, 2009 I like UAC. I run as a standard user and my Admin account has a password. Despite all of that you never know when something might get through, so UAC is turned on, just in case. It is slightly annoying but not nearly as annoying as many make it out to be. Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591241222 Share on other sites More sharing options...
Kralik Posted July 7, 2009 Share Posted July 7, 2009 As I stated in another thread I need an AV because all the systems at one of my client's office are infected and I have to connect my USB drive there to exchange data, I also bring back viruses/malware from there and for me the combination of Norton AV 2009 and UAC is golden.. no infections so far since I started using these 2.. UAC doesn't let the exe files run without consent and NAV cleans them off. I feel almost nothing can sneak through and infect me system (Y) Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591241278 Share on other sites More sharing options...
antareus Posted July 7, 2009 Share Posted July 7, 2009 Is it better to run as a standard user and elevate as necessary? I'll be reinstalling 7 when the final comes out so I'll switch to doing that if there is a genuine benefit over running as admin at max UAC settings. Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591241424 Share on other sites More sharing options...
Brandon Live Veteran Posted July 7, 2009 Veteran Share Posted July 7, 2009 no, bad thing, look here:http://www.pretentiousname.com/misc/win7_uac_whitelist2.html Sigh... when will that crap die. It's a non-issue. UAC in Win7 works as intended and should be left at the default setting for most users (the UAC settings dialog explains which option you should use based on your usage habits). Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591241484 Share on other sites More sharing options...
Xerxes Posted July 7, 2009 Share Posted July 7, 2009 (edited) I always have it turned on. EDIT: Scratch that last part, made no sense :p Edited July 7, 2009 by Xerxes Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591241498 Share on other sites More sharing options...
Brandon Live Veteran Posted July 7, 2009 Veteran Share Posted July 7, 2009 Is it better to run as a standard user and elevate as necessary? I'll be reinstalling 7 when the final comes out so I'll switch to doing that if there is a genuine benefit over running as admin at max UAC settings. The most secure thing you can do is to run as a standard user, and use Fast User Switching to switch to an administrator account for admin tasks. A step down from that is to use OTS (Over The Shoulder) elevation, where you run as a standard user but run admin tools as an Administrator on the same desktop. To make this safer you'll want to turn on the option that requires a Ctrl+Alt+Del press before elevating, since you'll have to type a password, and you want to make sure the dialog isn't being spoofed. However, this is not a security boundary because non-admin and admin apps are sharing the same desktop. A step down from that is UAC at the maximum setting. This is much easier to live with because you don't need to enter a password (and don't need the C+A+D press to protect from spoofing) and the apps still run with your user profile and such. Again this is not considered a security boundary because non-admin and admin apps share the same desktop. -- The above two options are safest at times when there are no admin apps are running -- A small step down from that is the default Win7 configuration where you aren't prompted for changes to Windows settings. This reduces the barrier between non-admin and admin applications, but maintains the same barrier between protected applications (like the IE Protected Mode and Chrome sandboxes) and normal applications. There's another notch below that where the secure desktop switch is not enabled, opening up the possibility that someone could tamper with the consent dialog. Below that is disabling UAC entirely. This is a very bad idea because it removes the "low integrity" option used for things like IE's Protected Mode and Chrome's sandbox. That is a very important and useful security feature for mitigating the impact of exploits against the most common attack surfaces. Across these options you have trade-offs between safety and useability. The default option is meant to provide the best balance for most users. Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591241506 Share on other sites More sharing options...
MagicAndre1981 Posted July 7, 2009 Share Posted July 7, 2009 A step down from that is UAC at the maximum setting. This is much easier to live with because you don't need to enter a password (and don't need the C+A+D press to protect from spoofing) and the apps still run with your user profile and such. that's right and this way it was done in Vista. Again this is not considered a security boundary because non-admin and admin apps share the same desktop. Yes it it. The IL levels prevent you from attacking an admin app from a non-admin app. Across these options you have trade-offs between safety and useability. The default option is meant to provide the best balance for most users. no, it only opens a security whole which can be used very easy run apps with admin rights without accepting the UAC prompt. If Average Joe got a mail with a link to get a free cool game and the chance to win a few bucks he will download the tool and try to run it. Under Vista UAC prompt was shown and this unsettles him and de doesn't accept it. With Win7 the apps can use the Explorer, DWM or several other MS apps to bypass the UAC prompt and still get admin rights. And this is WRONG! Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591242656 Share on other sites More sharing options...
jamesVault Posted July 7, 2009 Share Posted July 7, 2009 (edited) The IL levels prevent you from attacking an admin app from a non-admin app. No, this is not the purpose of IL levels (in every Windows NT version any admin app can't be attacked by a non-admin app). The purpose of IL levels is preventing an app1 to attack another app2 which runs with the same privileges of app1 i.e. app1 and app2 are running with the same privileges but different integrity levels. Edited July 7, 2009 by jamesVault Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591243036 Share on other sites More sharing options...
+allan MVC Posted July 7, 2009 MVC Share Posted July 7, 2009 Just when you think this thread has taken its last breath it rears its ugly head again...... :D :D Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591243452 Share on other sites More sharing options...
John G. Posted September 9, 2009 Share Posted September 9, 2009 I'm hoping future versions will not have an option to disable UAC, any insider info on that possibility? That should NOT happen. People should have the ability to customize they're computer, I personally don't like **** popping up whenever I click to run programs, it happens everytime firefox starts up, some java **** or something. Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591551026 Share on other sites More sharing options...
NfoTech Posted September 9, 2009 Share Posted September 9, 2009 UAC is a security patch (just like the security center). Until Microsoft cleans up the kernel (or starts from scratch) It will be the same issue(s) over and over. Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591551050 Share on other sites More sharing options...
bryonhowley Posted September 9, 2009 Share Posted September 9, 2009 That should NOT happen. People should have the ability to customize they're computer, I personally don't like **** popping up whenever I click to run programs, it happens everytime firefox starts up, some java **** or something. It should have happened in Windows 7. Microsoft should have hard coded UAC at default with NO way to change it period. I have never ever had a UAC prompt for Firefox ever if you are getting them you have something on your end. Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-591551064 Share on other sites More sharing options...
John.D Posted March 29, 2010 Share Posted March 29, 2010 Only thing with UAC (in Vista and 7 x64). Is it can give you access denied errors, when you update programs (foxit reader is one of them). Thats one reason why I've disabled it Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-592405966 Share on other sites More sharing options...
Growled Member Posted March 29, 2010 Member Share Posted March 29, 2010 UAC is not perfect. Nothing is, especially against a determined hacker. However, every little bit of protect helps. Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-592406196 Share on other sites More sharing options...
John.D Posted March 29, 2010 Share Posted March 29, 2010 Nothing worth stealing on these anyway Link to comment https://www.neowin.net/forum/topic/614472-the-great-uac-debate/page/16/#findComment-592406216 Share on other sites More sharing options...
Recommended Posts