Is MS being pressured to retract the UAC feature from the next ver

Discussion in 'Windows Vista Security' started by SPEnthusiast, Jul 11, 2008.

  1. SPEnthusiast

    Nonny Guest

    [snip]

    I have been online since late '90 and have yet to have my system
    infested with either a virus or even the simplest form of malware. So
    I install Vista two months ago and suddenly I need UAC to keep me
    safe?

    Bull.

    That said... I have so many freakin' backups of my system it would
    make your head explode trying to figure out how I keep track of all of
    them.

    I'm safe.
     
    Nonny, Jul 13, 2008
    #21
    1. Advertisements

  2. SPEnthusiast

    Daniel Petri Guest

    If I may add my $0.02 here, UAC is good for most "lame" or
    "security-insensitive" users. You could argue till the sun sets down on the
    question is the OS is "supposed" to prevent idiots from acting as such, with
    many to argue that if someone wants to act as an idiot, they should be
    allowed to do so.

    The fact that companies don't adopt Vista easily has nothing to do with UAC
    or with a bunch of influential "theives" as SPEnthusiast put it. There are
    many more reasons for not adopting Vista, and this is not the right thread
    for it.

    In my opinion, in next OS versions, UAC should be left on just like it is in
    Vista. Meaning it could be on by default, and if needed, it could be EASILY
    disabled while giving all the right warnings and informing the users of the
    result of their actions. I would even go further and create a "stealth" UAC
    mode, or perhaps some sort of "auditing" UAC mode by allowing the user to
    disable it, but still keep track of the activity that would have required
    the user's input. This way the user could be able to track what processes or
    actions required UAC interaction, and thus could be persuaded into
    re-enabling it.

    I know I would use such an option if it was available, and I don't see how
    it could place an extra performance penalty on the computer, not more that
    was required to run UAC in the full mode.

    --
    Sincerely,

    Daniel Petri
    MVP, Senior IT consultant, trainer
    www.petri.co.il

     
    Daniel Petri, Jul 13, 2008
    #22
    1. Advertisements

  3. The real problem with the UAC is that it pops up when not needed. This is
    the same problem the Recycle bin has had for years. People get used to
    clicking the "go ahead" button without realizing the file they are deleting
    is too big for the recycle bin and won't be recoverable. The UAC pops up
    when you simply need to review your configuration - heck - it even pops up
    when you are attempting to start perfmon, which doesn't make changes to the
    system.

    MS - fix the overzealousness of the UAC, but don't get rid of it.

    Mike.
     
    Michael D. Ober, Jul 13, 2008
    #23
  4. SPEnthusiast

    SPEnthusiast Guest

    I'm sure you know the answer to your question, but I shall explain for the
    benefit of those on these forums that don't know that answer.

    UAC protects you from software that you implicitly trust. So, this software
    could be from your IT department, or even from well known vendors. In both
    cases, there are malicious developers, i.e. hackers, that reengineer that
    software in a way so that it can spy on you and rob you.

    Does that outline what you do?
     
    SPEnthusiast, Jul 13, 2008
    #24

  5. The purpose of my reply is not to address the question of whether you
    need UAC or not, but rather to address the implication that because
    you haven't been infected in 28 years, the protection and care that
    you've used over those past 28 years are adequate to protect you
    today.

    That's simply not true. The threats today are *much* greater than they
    were 28 years ago.

    Whether you specifically need UAC or not (I'm not a big fan of the way
    it works either), you need much more care and stringent protection
    that you used to, and to protect yourself adequately in the future,
    you will need still more. The world changes, and we need to change
    what we do to keep up with it.
     
    Ken Blake, MVP, Jul 13, 2008
    #25

  6. You took the words out of my mouth. I was just going to write a very
    similar message. The way UAC presently works, most people get into the
    habit of allowing the program to run. Once they are in that habit, the
    risk of allowing any program, even a malicious one, to proceed is
    magnified, and UAC loses any protection it's supposed to provide.


    My sentiments exactly.
     
    Ken Blake, MVP, Jul 13, 2008
    #26
  7. SPEnthusiast

    Charlie Tame Guest


    Indeed, it is a matter of the "User" realizing what is going on, and
    many do not. This is no different than any other OS really, but at least
    default behavior that "Warns" is better than no warning at all.
    Unfortunately it does get frustrating.
     
    Charlie Tame, Jul 14, 2008
    #27
  8. SPEnthusiast

    Charlie Tame Guest

    Well, nice to know I am protected from my own IT department and other
    legitimate sources, so if I have auto updates turned on and thus
    "Implicitly" trust Microsoft what is to stop their updates getting, er
    "Hacked" as you put it? UAC doesn't even ask about those.
     
    Charlie Tame, Jul 14, 2008
    #28
  9. SPEnthusiast

    Kerry Brown Guest

    I find UAC very similar to sudo, especially as implemented in Ubuntu. It
    let's you know when you're doing something that may affect the system. The
    prompt itself is not really a security barrier. With an up to date Vista
    install I don't see UAC prompts any more than I get prompted for a password
    with Ubuntu while doing day to day tasks. If anything it's less intrusive if
    you run Vista with an administrator account with UAC on.

    I realise they are very different underneath. I'm saying from the user's
    perspective they seem similar.
     
    Kerry Brown, Jul 14, 2008
    #29
  10. SPEnthusiast

    Kerry Brown Guest

    UAC does not protect you from anything. The prompts that most people think
    are UAC are only one part of UAC that warns you that some process is about
    access or change something that may have system wide repercussions. I guess
    you could call this warning a kind of protection but it does not actually
    stop anything from happening unless you respond that you don't want it to
    happen. Although the underlying mechanism is different it is very much like
    sudo in Linux, particularly as implemented in Ubuntu. You can do whatever
    you want from a standard user account by elevating a process to use
    administrator/root privileges. This part (the warnings) of UAC is a
    checkpoint not a barrier.
     
    Kerry Brown, Jul 14, 2008
    #30
  11. SPEnthusiast

    Pete Delgado Guest

    You're absolutely incorrect. Though Intel may have deep pockets, they will
    not just throw money at upgrades unless there is a compelling reason to do
    so. Nor would *any* sane business.
    Bullcrap. There are plenty of applications that were developed for previous
    versions of Windows that will run afoul of UAC simply because the developers
    did not give much thought to security, permissions and where to store data.
    While it is true that programs such as keystroke loggers may also run into
    the same problems, many of these types of programs have been implemented as
    device drivers thus allowing them to run in a higher security context than
    user-mode programs which eliminates much of the protection that UAC would
    provide.

    There are many developer tools from MS that have difficulty running under
    UAC as a standard user as well as many service applications. NONE of them
    were designed to rob people or to spy on them, they were simply developed to
    work properly on previous versions of Windows.
    I have a similar setup in my home network. I have server 2003 domain
    controller, several Vista clients (32 & 64-bit) and 5 Windows XP Media
    Center PCs. I'll upgrade to 2008 or possibly Home Server when I upgrade my
    hardware. However, the fact that I don't have any problems upgrading is due
    to the fact that I have few programs that won't run correctly on Vista. For
    those programs with problems, I run them within a VM on one of my systems.

    My experience is not typical of a large corporation because if my upgrades
    fail, I don't lose millions of dollars. To me, it doesn't matter much if one
    or more of my computers are down off the network or if one or two of the
    programs that I use on a daily basis won't work natively on the system. For
    a large company, such things could be showstoppers.
    It exposes a lot of programs that weren't written with security in mind
    IMHO. It *can* expose some types of malware.


    -Pete
     
    Pete Delgado, Jul 14, 2008
    #31
  12. SPEnthusiast

    Charlie Tame Guest


    Yes, Ubuntu does not want you to sign in as root at all, in fact you can
    but I suspect that so doing can break things, it seems to be assumed you
    will always use Sudo. You need to type a password (Usually) so I think
    it is more secure in a way, if someone else has taken your seat they
    cannot just click okay and install something, but then it does not nag
    you twice for effectively the same thing.
     
    Charlie Tame, Jul 15, 2008
    #32
  13. SPEnthusiast

    Bender Guest

    Intel's delay in using Vista is no different than their delay switching from
    Windows 2000 to Windows XP.
     
    Bender, Jul 16, 2008
    #33
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.