Welcome Guest.   Make a donation to an author on the site October 22, 2014, 09:01:36 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Read the Practical Guide to DonationCoder.com Forum Search Features
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1] 2 3 Next   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: How necessary is the UAC in Windows 7?  (Read 16005 times)
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« on: July 19, 2011, 02:12:32 PM »

I've come late to the Windows 7 party, and so it's only now that I'm starting to gnash my teeth over the UAC (before Win7, I happily used WinXP Pro, which didn't have UAC).  At first, I thought UAC was a minor annoyance that was probably worth putting up with for the added protection it provided.  Today, I turned it off, and my temptation is to leave it off.

It was annoying enough when I wanted to check Malwarebytes for updates, and each time UAC would pop up and ask "Are you sure you want to run this program?"  Having assured it that I was, I then checked for updates, after which I wanted to run a Malwarebytes quick scan.  Up popped UAC again, to ask whether I was sure I wanted to run this program.  Yes, I again assured the Alzheimers-ridden UAC, I am sure.  OK, I've learned to tolerate forgetfulness--that's an ailment I increasingly share with many of my friends, so why not the UAC?

What finally made me turn UAC off was my inability to use ActiveWords to insert blocks of text into html files in Dreamweaver.  I would type the ActiveWords shortcut I had set, hit the key to enable it....and nothing happened.  The same version of ActiveWords and Dreamweaver had worked fine in WinXP Pro, and each of them works fine in Windows 7.  But not together.  I decided to see what would happen if I turned UAC off.  Sure enough, I can now insert my ActiveWords into Dreamweaver.  I'd be happy to toggle UAC on and off, but apparently changing UAC's state requires rebooting the computer each time.  Thanks but no thanks.

So how much danger am I courting by leaving UAC off?  I managed to run WinXP Pro for many years without getting infected.  Then again, I used both a PITA firewall (Outpost Pro) and a PITA antivirus program (McAfee Enterprise Edition), whereas  I'm trusting my Windows 7 64-bit computer to the Windows firewall and Microsoft Security Essentials, plus Malwarebytes Pro.  So can I/should I live with UAC turned off?  I'd welcome some informed opinions.
Logged
wreckedcarzz
Charter Member
***
Posts: 1,620



Happy wolfie ^_^

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: July 19, 2011, 02:15:55 PM »

You could run the apps as Administrator (right-click menu) to alleviate the problems and only get prompted once. UAC isn't a huge help if you don't go around the depths of the internet downloading everything ending in .exe, but it can sometimes catch something trying to run in the background that wants to change something and you didn't want/it *is* malicious.

FWIW: I have UAC off. My dad's machines have it on.
Logged

New website! With a fancy domain name and everything! *gasp*
http://www.wreckedcarzz.com/
JavaJones
Review 2.0 Designer
Charter Member
***
Posts: 2,537



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: July 19, 2011, 02:18:25 PM »

I have yet to see UAC actually stop anything bad. In theory it's useful and increases security. In practice I've still seen plenty of infected Win7 machines, and even had some brushes with infection myself (as an IT professional I feel more comfortable taking risks sometimes, and sometimes I need to clean up messes I make cheesy).

I think one reason UAC doesn't often help is that most attack vectors these days are through existing installed software that you trust, e.g. PDF reader, Java, your web browser. Most malware is smart enough not to expose itself by running a random EXE or trying to inject into a process that Windows would flag. Or at least that's been my experience.

That being said I've left UAC on for most of my machines for the time being. But now that you mention it I'm thinking of turning it off. Basically I left it on after a mass migration of all my systems to Win7 6 months or so ago, with the intention to evaluate UAC for usefulness and act accordingly. So I can say my eval period is over and I don't see UAC as actually being that effective in practice. Wink

- Oshyan
Logged

The New Adventures of Oshyan Greene - A life in pictures...
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #3 on: July 19, 2011, 02:24:49 PM »

Thanks, wreckedcarzz, for your response.  However, I'm pretty sure that the account I normally use is an Administrator account, and I still couldn't get ActiveWords to work with Dreamweaver until I turned UAC off.  Are you saying that the Windows firewall and  Microsoft Security Essentials won't stop some baddie trying to run in the background that wants to change a crucial setting?  I also have Malwarebytes Anti-malware Pro and WinPatrol PLUS on the computer, but I think of the main line of defense as the firewall and MSE.  

I don't go around clicking wildly on unknown .exe files, but I *am* something of a software nut, and so I do download a lot of programs.  I never open them before scanning them, however.  
Logged
wreckedcarzz
Charter Member
***
Posts: 1,620



Happy wolfie ^_^

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: July 19, 2011, 02:27:42 PM »

I'm using the default created user account, which I would assume is administrator-level. I'm not totally sure how that works out, but over multiple machines, it works the same for me. Win Firewall and MSE are good (I'd keep Malwarebytes handy though, MSE doesn't catch a lot of off-the-wall stuff). Neither one will stop changes to crucial system settings, though.

If you want to drop UAC, I'd get a VM or sandbox tool (I use Sandboxie). Run unknown software in sandbox, if it's bad, kill the sandbox, delete contents, done.
Logged

New website! With a fancy domain name and everything! *gasp*
http://www.wreckedcarzz.com/
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,958



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #5 on: July 19, 2011, 02:33:14 PM »

Turning off UAC puts you in the same position as an admin user on Windows XP.

If you were happy on Windows XP there is no real reason to not turn off UAC if it annoys you - so long as you assume the risk that something may install without a warning.

Personally I leave it switched on - the one positive is it is much less irritating than it was in Vista.
Logged

superboyac
Charter Member
***
Posts: 5,702


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: July 19, 2011, 02:36:55 PM »

If you guys are like me, and most of you are, in that we have used Windows for most of our lives, and we are known as the "computer geeks" in our circles, I don't think things like UAC affect us one way or another.  To me, it's simply a nuisance, period.  It's not like I ever try to install something accidentally, and even if I did double-click on it accidentally, I'd just cancel the wizard at some point.  Also, as JJ said, our comfort with computers makes us comfortable with installing a bunch of different programs to try.  I don't use sandboxing or vm's.  i tried at one point, but it was too much of a headache.  Look, I know if something I'm installing is fishy.  i don't need UAC to tell me or anyone else.  I just hope that even if i do intentionally try to install something that is fishy, my AV or other security software will catch it.  And it has for the most part.  Some things have slipped through, as I've talked about here on the forums, but even those were due to some pretty odd circumstances.

All these things like UAC are really for the 95% of the population who are not very comfortable with computers.  They don't understand the whole system, with the drivers, files, folders, program files, application data, etc.  It's all foreign to them.  So UAC and similar things are very good for them.  But even then, i doubt how effective these things actually are.  I suspect that more often than not, these messages just make people nervous and want to call their computer geek friend to check and see if they should or should not install this thing.
Logged

wreckedcarzz
Charter Member
***
Posts: 1,620



Happy wolfie ^_^

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: July 19, 2011, 02:47:37 PM »

I forego security software (minus Windows Firewall) and just use my head, and sandbox things I don't know about (game trainers come to mind). I'd rather have an on-demand solution, rather than a constantly-running solution. I want the computer to be as snappy as possible/output the highest FPS possible/boot up faster than I can sit down and get comfortable. The only time I install an anti-malware app is when I suspect I've been too trusting to something I shouldn't have, or if I just want to make sure I've got a clean slate.

Anyways: I've only had UAC save me once, and that wasn't really much of a save either; I knew I was stupid and gotten myself infected already, UAC just stopped a minor change. I keep it off even though I never do any system changes (except app updates, or Steam game installs), it interferes with CCleaner/Defraggler running via Task Scheduler. Up until I figured out UAC was messing that up, I had it turned on (a few months). It doesn't really provide much protection though.
Logged

New website! With a fancy domain name and everything! *gasp*
http://www.wreckedcarzz.com/
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #8 on: July 19, 2011, 03:04:35 PM »

Thanks very much, wreckedcarzz, Oshyan, Carol, and superboyac, for your advice.  After reading what you've said, I think I'll leave UAC off even though I'm not as knowledgeable about dealing with computer problems as the rest of you are.  But I haven't found UAC at all useful, and at times (like its preventing ActiveWords from working with Dreamweaver) it's been exceedingly unhelpful.  It's a pity that Microsoft hasn't been able to devise a better tool after all this time.  

Again, many thanks!
Logged
steeladept
Supporting Member
**
Posts: 1,056



Fettucini alfredo is macaroni & cheese for adults

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #9 on: July 19, 2011, 03:20:30 PM »

I am pretty sure even with an Admin account, UAC will prompt for certain responses if it is on - not unlike SUDO or other similar mechanisms.  In fact, If you want to use UAC, it seems to me it is best NOT to be an Admin account, and just use UAC to elevate privlages as needed (or set certain programs to run as Admin always if necessary, but that generally means poorly programmed software).

FWIW - If you turn off UAC, I think you are giving up one of the main reasons to switch to 7 in the first place.  Most everything still runs on XP as the lowest common denominator, and the only reasons I can think of to switch are for 1) increased security or 2) have to switch due to lack of XP driver support.  Also note, all that I said is theoretical...I haven't really played with Win7 to know how good or stupid UAC et.al. are in that product.  tongue
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: July 19, 2011, 03:30:22 PM »

Personally I leave it switched on - the one positive is it is much less irritating than it was in Vista.
If you haven't cranked UAC to the maximum setting, you might as well almost just turn it off - unless Microsoft have been a-fixing things, it's pretty easy to turn it all the way off programmatically.

The only time I install an anti-malware app is when I suspect I've been too trusting to something I shouldn't have, or if I just want to make sure I've got a clean slate.
That's too late - if you've already got a nasty bugger, anti-malware might not be able to detect it. Be proactive!

Anyway, as to what UAC does: it doesn't stop stuff from running on your computer; it prevents stuff from going form LUA (Limited User Account) privileges to full administrative privileges. Not all malware needs admin privs to be effective - but the stuff that's nastiest to detect & remove does. And of course there's been a few privilege escalation exploits in Windows, letting you bypass UAC. Needless to say, bugs like that have a pretty high fixing priority.

Thus, UAC isn't an end-all-be-all. It's a mitigating factor (just like Windows Firewall and Windows Defender, and the various kernel enhancements that been added from 2003-server until Winy), and you'll want as many mitigating factors as there is (within performance reasons, of course).

It's a pity that Microsoft hasn't been able to devise a better tool after all this time.
It's a pity 3rd party developers are ***hats who don't want to follow official programming guidelines - if they did, we wouldn't need administrative privileges (and thus an UAC popup) nearly as often.

As for the ActiveWords problem, that's a bit curious. But one added part of security is restricting how programs can interact with eachother - there's all sorts of attacks you can do by messing with other applications, so you generally DON'T want a low-privilege application messing with a high-privilege one. Is DreamWeaver, by any chance, started with administrative privileges? Even if it isn't, try starting ActiveWords with administrative privileges.
Logged

- carpe noctem
Ath
Supporting Member
**
Posts: 2,232



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #11 on: July 19, 2011, 03:31:12 PM »

It's a pity that Microsoft hasn't been able to devise a better tool after all this time.
Correct, even when knowing that the 'doors with all the locks' that are now named and enforced by UAC end filesystem virtualization have basically been there ever since Windows NT 4.0 (and maybe even in 3.5, but that only had about 3 1/2 users or so) was released. Yes, that's quite some years before Windows 2000 or XP where here Angry And now we all suffer with all this idiocy of counter measures because MS never enforced the available security.
Logged

Stoic Joker
Honorary Member
**
Posts: 5,323



View Profile WWW Give some DonationCredits to this forum member
« Reply #12 on: July 19, 2011, 04:03:28 PM »


It's a pity that Microsoft hasn't been able to devise a better tool after all this time.
It's a pity 3rd party developers are ***hats who don't want to follow official programming guidelines - if they did, we wouldn't need administrative privileges (and thus an UAC popup) nearly as often.

I'll 2nd that. Glad to see you back f0dder!

And now we all suffer with all this idiocy of counter measures because MS never enforced the available security.

It's not Microsoft's job to enforce security, that's up to the Admin. MS generated tons of documentation on how to properly setup Windows in a secure fashion ... Most folks were just to lazy to read it. Or whined constantly because it was too hard to use the Run as... command.


UAC is enabled for me. smiley ...Because familiarity breeds contempt ... And just because I know a bunch of stuff, don't mean I know everything. It usually just means the scope and scale of the screw up when it happens is quite high.

Best to have a "net".

smiley
Logged
EĆ³in
Charter Member
***
Posts: 1,400


O'Callaghan

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #13 on: July 19, 2011, 04:41:58 PM »

I run UAC cranked up to max. Personally I don't find it obtrusive at, try running a Mac or Linux and you'll get many many more prompts for a password, that makes to occasional yes/no box seem like a Godsend.

Sometimes it is annoying when you have to quit a program and restart because it needed to be launched a administrator for a particular thing, but more and more powertools are including a "Restart and Administrator" button somewhere.

Personally I say put it to max and leave it there. If you have a badly written app that needs Admin privileges always then select that checkbox in the shortcut compatibility tab. Sure you'll have to ok it every time it runs, but at least you won't ever forget it manually have to right click and say "Run as Administrator".
Logged

Interviewer: Is there anything you don't like?
Bjarne Stroustrup: Marketing hype as a substitute for technical argument. Thoughtless adherence to dogma. Pride in ignorance.
Stoic Joker
Honorary Member
**
Posts: 5,323



View Profile WWW Give some DonationCredits to this forum member
« Reply #14 on: July 19, 2011, 04:58:55 PM »

Personally I say put it to max and leave it there. If you have a badly written app that needs Admin privileges always then select that checkbox in the shortcut compatibility tab. Sure you'll have to ok it every time it runs, but at least you won't ever forget it manually have to right click and say "Run as Administrator".
Thmbsup
Logged
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #15 on: July 19, 2011, 06:23:39 PM »

Personally I say put it to max and leave it there. If you have a badly written app that needs Admin privileges always then select that checkbox in the shortcut compatibility tab. Sure you'll have to ok it every time it runs, but at least you won't ever forget it manually have to right click and say "Run as Administrator".

I have no idea whether the apps I use such as Malwarebytes Anti-Malware Pro, Revo Uninstaller Pro,  Dreamweaver, Babylon Pro, Everything Search, and a bunch of others are badly written.  I know they work well and are highly regarded by people I respect.  Nonetheless, even though I have an administrator account,  I have to OK these programs every time I use them.  Indeed, even if I've OK'd them for one task, I have to OK them two minutes later to perform a second task.  I've been willing to do that in the interest of enhanced security (even though I almost never have security problems), but I'm NOT willing to turn off the UAC and reboot my computer every time I want to use Dreamweaver and ActiveWords together, and then turn UAC back on and reboot again.  I tried the suggestion to "run as administrator" (even though I have an administrator account), but that didn't help.  I've decided that continually resetting UAC and rebooting is simply not worth it.  I hope I'm right.  smiley
Logged
EĆ³in
Charter Member
***
Posts: 1,400


O'Callaghan

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #16 on: July 19, 2011, 08:26:45 PM »

There's something odd going on it sounds like. If you run both Dreamweaver and ActiveWords as an Administrator, and ok both UAC prompts, then they should work just as they do when UAC is turned off altogether.

Rebooting everything would be crazy I agree with you, but there must be an easier solution without disabling UAC altogether.
Logged

Interviewer: Is there anything you don't like?
Bjarne Stroustrup: Marketing hype as a substitute for technical argument. Thoughtless adherence to dogma. Pride in ignorance.
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #17 on: July 19, 2011, 09:34:59 PM »

There's something odd going on it sounds like. If you run both Dreamweaver and ActiveWords as an Administrator, and ok both UAC prompts, then they should work just as they do when UAC is turned off altogether.

EĆ³in, thanks VERY much for posting.  Something odd was going on.  I thought it was enough to click on the "run as administrator" option available from a right click either from the taskbar or from LaunchBar Commander (I tried both), but doing that didn't make the two programs work together.   Your message prompted me to try one more thing.  In the right-click Compatibility tab, I put a check mark in the "Run As Administrator" box in both programs.  That worked! Why that worked when the other similar approaches didn't, I don't know.  I'll add that to the 149,376 other things I still don't understand about my computer. embarassed
Logged
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,958



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #18 on: July 20, 2011, 03:28:18 AM »

"Everything" needs to run with admin priviledges because of the way it indexes NTFS volumes.

There are a number of workarounds to get "Everything" (and any other app you want) to run without UAC prompts. The trick is to set up a scheduled task and then either invoke it at startup or login or create a shortcut to start the task as required.

The reason this works is that you can set scheduled tasks to run with admin settings without using UAC prompts.

EĆ³in is correct, there is something odd going on on your system - if you start an app with elevated privileges then any child processes should automatically get those privileges too. At least that seems to be the way it works on my system.
Logged

cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #19 on: July 20, 2011, 07:22:29 AM »

Thanks, Carol, for your message.  I can understand why Everything, Revo, and Malwarebytes need my OK, though why Dreamweaver and, especially, Babylon Pro need this isn't so clear to me.  But I'm willing to put up with the minor inconvenience of having to click on YES, even the multiple YESES for Malwarebytes.  Indeed, what surprises me is how many programs seem not to need UAC approval--ActiveWords, for example. 

Anyway, as you've probably seen from my previous message, I finally did succeed in getting ActiveWords and Dreamweaver to work together.  I have no idea why my earlier attempts to get them to Run as Administrator didn't work, but putting a check mark in the right place in the Compatibility tab seems to have done the trick.

Thanks for the suggestion about scheduled tasks.  My problem is that I rarely schedule tasks.  I much prefer to do them when it's convenient for me, and that's something I usually can't predict.  smiley
Logged
justice
Supporting Member
**
Posts: 1,889



Solve issues simply.

View Profile WWW Give some DonationCredits to this forum member
« Reply #20 on: July 20, 2011, 07:26:12 AM »

Any malware that changes your hosts file will be able to do so without you getting prompted if you turn off UAC. This file can only be edited as an administrator, and when changed could make it look like you are on a certain website (say paypal) while in reality you are using some one elses.

You could combine the prompts if you run both from another UAC'ed process (not sure if you can elevate a batch file)

Logged

cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #21 on: July 20, 2011, 07:38:48 AM »

Thanks, justice.  I think WinPatrol PLUS is set to warn me about attempts to change my HOSTS file and some critical System files, so even without UAC, I've got some protection.  However, as I've reported in an earlier message, I finally did get the two programs to run as administrator and work together. 

Thanks for the suggestion about running both prompts together, but I don't really object to OK'ing each one separately.  What made me turn off UAC was the need to re-set the UAC and reboot each time I wanted to use Dreamweaver and ActiveWords together.  Now that that's no longer a problem, I've got UAC back on.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #22 on: July 20, 2011, 12:01:12 PM »

cyberdiva: DreamWeaver shouldn't need to run with admin privs, it should only be necessary to run ActiveWords with those elevated privileges. IMHO it makes a lot of sense that only elevated programs should be able to try and control the other applications running on the system...
Logged

- carpe noctem
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #23 on: July 20, 2011, 03:10:54 PM »

Hey, thanks very much, f0dder, you're right!  After reading your message, I removed the "run as administrator" checkmark from Dreamweaver and then tried to see whether ActiveWords would still work with it.  It does.  I should add, however, that with or without the elevated status, Dreamweaver still gets challenged by UAC every time I start it. 
Logged
Stoic Joker
Honorary Member
**
Posts: 5,323



View Profile WWW Give some DonationCredits to this forum member
« Reply #24 on: July 20, 2011, 03:48:33 PM »

I'm not that familiar with Dreamweaver (tried it once and didn't like it), but it may be trying to get write access to a key in HKLM (which tends to grab UAC's attention). It might be worth a shot to give yourself permission to the Dreamweaver registry keys (HKLM/Software/[author]/Dreamweaver/...)to get UAC to hush when it loads.
Logged
Pages: [1] 2 3 Next   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.056s | Server load: 0.54 ]