Bypassing User Account Control dialog window

Discussion in 'Windows Vista Security' started by Barney Katz, Apr 16, 2007.

  1. Barney Katz

    Barney Katz Guest

    User Account Control asks for permission each time I load an "unidentified
    program", no matter how many times I load it. Is there a way to bypass this
    message so the program loads normally? In other words, can Vista be
    instructed to trust certain programs so it doesn't need to ask permission to
    load them?

    Thank you.

    Barney
     
    Barney Katz, Apr 16, 2007
    #1
    1. Advertisements

  2. Barney Katz

    Rock Guest

    No, it can be set selectively, it's all or none. Ask yourself why does that
    program need admin credentials, is there another program that can do the
    same thing that doesn't, is there an update to it that removes this need.
     
    Rock, Apr 17, 2007
    #2
    1. Advertisements

  3. Barney Katz

    Brian Meyers Guest

    This is the most annoying thing I have found while using Vista. What go does
    it do? All it does is make it more time consuming to load programs. Shouldn't
    it be able to comprehend that if I am installing a program that I really want
    to install it? This is one feature that should be x-ed out.
     
    Brian Meyers, Apr 17, 2007
    #3
  4. No, it can't tell whether it's you or some malware from the net. It really
    doesn't take long to get used to. I'm getting to like it.
     
    Frank Saunders, MS-MVP OE/WM, Apr 18, 2007
    #4
  5. Barney Katz

    cerveau Guest


    MS have completely missed the target with UAC and its so easy to fix.

    Every time UAC prevents a program from running it should offer the
    option of adding the program to a
    Trusted list. You would need to enter your user id and password to get
    the program added.

    for example programs that the user has installed that run at start-up,
    causing UAC to pop up each and
    every time the pc is booted. there are literally hundreds of Trusted
    programs that do this because they
    aren't digitally signed and never will be

    Otherwise the average user is going get so brainwashed into just
    allowing every UAC pop-up that crops
    up, which will completely defeat the purpose of UAC

    I think MS have watched Tron to many times and thought having a MCP is
    great idea.
     
    cerveau, Apr 18, 2007
    #5
  6. No, the problem with this is that if certain administrative programs can be
    launched without prompting, then a piece of malware on the system which
    doesn't have admin rights could also launch these programs. And that way it
    could effectively gain the ability to perform admin-only operations. To
    correctly enforce separation of privileges requires the elevation prompting
    every time.

    I agree with Frank in that it's worth persevering with, and I personally
    like the fact that I get to authorize when any program is going to run that
    might change global settings on my computer. Ultimately the goal is to put
    the user in control and not the malware - even if we have a way to go before
    we completely get there.

    Dave Wood
     
    Dave Wood [MS], Apr 18, 2007
    #6
  7. Barney Katz

    Rock Guest

    I'm sorry, but I don't see it that way. I see it as giving me control.
    Each time a program runs wants admin privileges I decide if I want it to
    run. I don't want some malware hooking into a pre-approved program and
    doing what it wants.

    Many of these programs don't really need admin privileges or could be coded
    to not use it. For example several XP based programs have update utilities
    that want to install themselves as a startup program through the Run key in
    the registry, and asks for admin privileges. All these things do is hop
    online to check if there is an update. This is absolutely silly. Firstly
    there is no reason to check at startup up every time the computer is booted.
    Second there is no reason it needs admin privileges. If an update is found
    then it could possibly need admin privileges for the installation but that's
    a different issue. Apps properly coded for Vista will not have this.

    So go back to the initial questions. Why does this app have to run at
    startup, why does it need admin privileges, is there an update for it or a
    different, properly coded app that doesn't need admin privileges.

    I want control over what runs and when. I don't want to give permission in
    advance and then _assume_ every time it runs everything is just fine. Vista
    doesn't care what the app does, it only cares to know your intent each time.
    And that intent can't effectively be given in advance.

    I have none of these apps asking for admin permissions running at startup.
    The only thing that does this is msconfig if I make a change using it, and
    then that can be handled at the first startup after the changes are made.
    So it's not much of an imposition here.
     
    Rock, Apr 18, 2007
    #7
  8. Barney Katz

    cerveau Guest

    I understand your point of view, but what if a piece of malware ha
    already hooked into a program?
    having that program pre-approved or manually clicking the UAC pop-up t
    allow it to run wont make any
    difference to the malware, ie either way the user is going to click th
    UAC pop up because they want to
    run that program

    The UAC is just adding another step into the process of Running
    program, the program will still be ru
    and if there is Malware present it will run also. The only differenc
    is that UAC makes the user go through
    an extra step each time, which when happens on every bootup, when th
    user is clicking 2 or 3 UACS to
    just get required programs running will make for an unpleasant vist
    experience forcing the user to switch
    off UAC altogether.

    Admittedly though all that MS needs to do is on this problem is to wai
    it out, because eventually all those
    old pre-vista programs that are activating UAC will be updated o
    replaced with news ones which wont
    eliminating the problem all together
     
    cerveau, Apr 18, 2007
    #8
  9. Barney Katz

    Brent Wherry Guest

    I agree. What I would really like is to be able to authorize programs once
    and have UAC acknowledge my consent.

    The current design is very user unfriendly (arrogant even?)

    I don't like doing it but I'm having to switch UAC off. Microsoft might
    consider putting useability in front of their tedious and not very effective
    security policies.
     
    Brent Wherry, Apr 18, 2007
    #9
  10. "...but what if a piece of malware..."
    Have you started the program or did the program start itself?
    If the first, you know you want it.
    If the second, you have something to be suspicious about.
    "...either way the user is going to click..."
    I don't and nobody should.
    The few times I get UAC messages, I look to see what is causing it.
    So far it has already been legitimate.


    "...because eventually all those old pre-vista programs..."
    Are you sure?
    And how much time will that take?
    Some programs still have not made the necessary changes to properly
    run in Windows XP, and it has been over 5 years.
    Intuit makes some that are a constant thorn in the side of security
    conscious, particularly those in financial businesses.
    Waiting it out is not a practical option if safe computing is an
    issue.

    "The UAC is just adding another step"
    I call it "Layered security"
    Malware is very sophisticated and many layers are necessary for
    maximum security.

    If simplicity is paramount, I can only see two solutions:
    1. Power off and pack up the computer and never power on.
    2. Almost as good, Clean Install and never install anything from any
    source.
    Use no CDs, DVDs, floppies, thumb drives etc as those are a source of
    malware.

    UAC was never intended to protect against everything but it goes a
    step into helping the user identify what is happening and thus offer
    more control.
    People need to learn safe computing.
     
    Jupiter Jones [MVP], Apr 18, 2007
    #10
  11. Barney Katz

    cerveau Guest


    " If the first, you know you want it.
    If the second, you have something to be suspicious about.
    "...either way the user is going to click..."

    Precisely, If you start the program then UAC should not confront you
    with a Pop up
    because that pop up is going to be clicked everytime 100%. Sure let UAC
    check it,
    and stop you if it finds something otherwise the user decision to run a
    program is
    the users responsibility - it always has been. Having UAC stopping you
    doing something
    which you need to do, every time you try to do it. Is not Security, its
    just a step backwards
    in User Interface functionality.

    All my comments have been towards UAC interfering when the user starts
    a program or
    when a user specifies it to run at startup, not when a program starts
    itself. When a
    program starts itself with no user input or not part of a user actioned
    entry into the
    start-up then UAC should stop that program running

    You may only get a few UACS pop-ups so it doesnt bother you, It wouldnt
    bother me either.
    UACs that are making a Users experience a miserable constant Stop Start
    action in Productivity,
    then that UAC is destined to be switched off.
     
    cerveau, Apr 19, 2007
    #11
  12. "...either way the user is going to click..."
    That is a quote of you, not me.
    Then you justify as if I said it and I did not, you did:
    "Precisely, If you start the program"

    "because that pop up is going to be clicked every time 100%"
    Not sure what you mean.
    Of course it will be clicked to allow or deny the action.
    However if you think everyone will click accept 100% of the time,
    every time, you are WRONG.
    Perhaps you think all users will simply click without ever making an
    effort to learn, but I believe people are capable and willing to
    learn.

    "If you start the program..."
    Please explain how Windows knows what or who started the program.

    "UACs that are making a Users experience a miserable constant Stop
    Start"
    Then they need look at updating/patching their programs to programs
    written with the safety of the computer in mind.
    This is a problem with the program and not UAC.

    UAC will be good for many and goes a good step to protecting
    computers.
    Those that feel otherwise are free to turn UAC off, it is very easy
    for that reason.
    They may to occasionally need to turn it on for a program that
    requires UAC.
     
    Jupiter Jones [MVP], Apr 19, 2007
    #12
  13. Barney Katz

    Rock Guest

    You are missing the point. There is no way for the OS to know who or what
    started the program. That's why it asks for the OP to give explicit
    permission whenever a program that wants admin privileges wants to run. UAC
    is not a malware scanner, nor can it fathom all the possible outcomes from
    running a program. It doesn't care what the program does, only that you
    intended for it to run. That intention can't be known beforehand. The OS
    is merely giving you control over what runs.
     
    Rock, Apr 20, 2007
    #13
  14. Barney Katz

    cerveau Guest


    Apologies for the mis-quote, it was my sloppy copying and pasting, I
    meant just to quote:

    " If the second, you have something to be suspicious about"



    But to answer your question about my statement:

    "because that pop up is going to be clicked every time 100%"



    It refers to my very first post on this thread, where I said the
    following :

    "Otherwise the average user is going get so brainwashed into just
    allowing every UAC pop-up
    that crops up, which will completely defeat the purpose of UAC"


    The key words there are "Average User", I work in IT, I support over
    300 people on a daily basis,
    All the ones that call me up, never read the messages that pop up in
    front of them. I know this
    because when I ask them what the error message said, they always reply:

    "I didnt read it, I just pressed the OK button"

    So when the UAC pops up in front of them, I know they will always press
    the "Allow" button
    and not bother to read anything else. It could be remarked that it is a
    failing on my part
    that I do not instruct users correctly and that they shouldnt be
    clicking OK to any message
    without reading it. I have worked in IT support for over 15 Years, I
    know that despite repeated
    instructions and training users do not always learn and carry on making
    the same mistakes
    over and over ie pressing ok to messages without reading them first.


    In response to your comment :

    "Please explain how Windows knows what or who started the program."

    If I knew this answer I wouldn't be working in IT Support, I would be a
    programer. I am an end user
    using a Microsoft product, and as such I am voicing my opinion on how
    to change UAC to make the End
    Users Windows experience a more productive one. It is MS responsibility
    to know how to code UAC so
    that it knows who started a program. ie did that program just start
    with user sanctioned user id and
    password, or did malware try to run it.


    In response to your comment :

    "Then they need look at updating/patching their programs to programs
    written with the safety of the computer in mind."

    Again I refer you to my first post, where I said :

    "there are literally hundreds of Trusted programs that do this
    because they
    aren't digitally signed and never will be"

    I will add, that for some programs, updates will never be produced, and
    that if someone buys Vista,
    You are advocating that they will in all likelyhood will also have to
    then purchase replacements for
    applications that had worked perfectly well under XP. This scenario was
    never mentioned in the Vista
    Upgrade Advisor report I ran, it never highlighted any of the programs
    that are now falling foul of the
    UAC.


    I concede the point that 100% of average users wont automatically press
    "Allow", but I maintain that a
    very large percentage of them will get so brainwashed into Allowing
    UAC pop-ups, it will defeat the
    purpose of UAC. ie they wont bother read to whats in front of them. I
    find it amusing that you say this
    wont happen and that the pop-ups will be read, when in fact you
    demonstrated the very phenomenon I
    was illustrating ie by not reading what was in front of you in the form
    of my earlier posts. If you had read
    them, I wouldn't have to answer your questions by referring you back
    to them.
     
    cerveau, Apr 20, 2007
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.