User Acount Control

Discussion in 'Windows Vista Security' started by Matthileo, Sep 22, 2006.

  1. Matthileo

    Jane C Guest

    Open Security Center, and change the way it alerts you. You can now get rid
    of the shield in the sytem tray ;)
     
    Jane C, Oct 8, 2006
    #21
    1. Advertisements

  2. Matthileo

    SteveC Guest

    Thanks for the heads-up, but I would like Security Center to alert me if the
    Virus protection or Firewall go down. I don't quite understand the reason
    for an alert when you purposefully turn off or change UAC.
     
    SteveC, Oct 8, 2006
    #22
    1. Advertisements

  3. Matthileo

    FullName Guest

    By disabling UAC, you implicitly authorize every program that is run,
    That is so patently untrue as to be dangerous. We could have bolted UAC on
    to XP at XP SP2 release if UAC were some solution to some problem.

    There are quite a few things you still cannot do in Vista when only UAC is
    disabled. Unobtrusively running a service as Local System that interacts
    with the desktop comes to mind.
    But let's get back to basics here. Neither UAC nor Vista can inviolate
    immutable rule of security number one: If a bad guy can persuade you to run
    his program on your computer, it's not your computer anymore. Period. Vista
    does not change that. UAC doesn't change that.

    I'm concerned that so many posts here are advising that UAC either solves
    all malware problems or causes all end negative user experiences.

    In practice, UAC provides about as much protection as the IE dialog box,
    "Scripts are usually safe. DO you want to allow scripts to run." It's the
    guts of Vista that are massively improved. Concentrate on that, not UAC.
     
    FullName, Oct 13, 2006
    #23
  4. Matthileo

    Jimmy Brush Guest

    By disabling UAC, you implicitly authorize every program that is run,
    I would same the same thing about your statement here. My statement
    describes the implications of disabling UAC truely and accurately, at both a
    conceptual and technical level.
    How soon a feature gets added to Windows does not define how well it solves
    a problem. I fail to see what you are getting at here. UAC *does*, in fact,
    solve a problem.

    PROBLEM: All programs run at the highest privilege level available to the
    user, even if they do not need such privileges to perform their duties.

    SOLUTION: Let applications define what privilege level they need, and let
    the user control how these different privilege levels are assigned (UAC)

    Hopefully in the future Windows will be able to automagically determine what
    privileges a program needs based on mathmatically proven analysis; however,
    the user will still need to determine how much control to give to which
    programs. UAC is the technical means by which this is accomplished, and the
    user interaction is an ESSENTIAL part of it - you cannot take the user
    interaction out of the equation.
    I never intimated that Windows Vista's ONLY security improvement was UAC. To
    say UAC is not important because there are other security features of
    Windows Vista is a silly argument.
    Back to basics. Sounds good.

    You seem to be arguing here that a magical, pretty much unbreakable door
    lock is not a good security feature because the door lock cannot stop the
    owner of the door from getting tricked into unlocking it. Rediculous! The
    point of the door lock is that it allows the owner of the door to decide who
    comes through it!

    In fact, no operating system will ever be able to stop malware 100%. Vista
    won't stop this - Linux won't stop this - This will never be stopped. It is
    the nature of the operating system to run programs indescriminately - it
    relies on metadata or user assistance (or both) to guide it when it needs to
    discriminate.

    What can be done, however, is to put Windows in a better position to control
    what actions a program can take based on how much permission the user wants
    the program to have. Windows cannot determine whether a program is good or
    bad, and thus cannot determine this for the user.

    UAC is designed to make sure that users KNOW ABOUT and EXPLICITLY AUTHORIZE
    a program to run when it requires elevated privileges. It is a security
    feature because it puts the reins of control into the user's hands, instead
    of just having all programs run with full privileges without the user having
    any control over the situation whatsoever.
    Me too. That's why I spend so much time on here explaining UAC to those who
    do not understand it.
    Technically correct. However, there is a big non-technical difference
    between having control over the execution of a script and having control
    over what privileges processes have.
    UAC is part of the guts of Vista.
     
    Jimmy Brush, Oct 13, 2006
    #24
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.