Welcome Guest.   Make a donation to an author on the site September 02, 2014, 06:37:49 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Learn about the DonationCoder.com microdonation system (DonationCredits).
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: Prev 1 2 [3]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: How necessary is the UAC in Windows 7?  (Read 15499 times)
Stoic Joker
Honorary Member
**
Posts: 5,218



View Profile WWW Give some DonationCredits to this forum member
« Reply #50 on: August 02, 2011, 05:06:43 PM »

Microsoft explains that because the UAC dialog box isn't on the secure desktop with the setting I suggested, "other programs might be able to interfere with the dialog's visual appearance.


Um... If it's not on the secure desktop (e.g. isolated secondary session), it's not secure, period. Because under attack, when the bugg is trying to get in, it can simply respond to the prompt for you.

If everybody is on the same desktop (e.g. session), then whoever is quickest wins (and the software will be). It really is just that simple.

This is a small security risk if you already have a malicious program running on your computer."  The risk is obviously more than with a higher setting, but I don't think I'd say that UAC is rendered "pretty much useless" with the lower setting.

The question is can you keep it out when it comes-a-knocking. The answer - in that configuration - is no.
Logged
Lashiec
Member
**
Posts: 2,374


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #51 on: August 02, 2011, 05:12:10 PM »

Doing that renders UAC pretty much useless. And while the flicker-to-black is a bit annoying, it's a sign that UAC really is kicking in and you aren't being faked smiley

I wonder, is Windows 7 default UAC setting secure enough or is still advisable to kick the slider up a notch?
Logged
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,952



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #52 on: August 02, 2011, 05:26:59 PM »

Most secure is to leave the machine unplugged ...
Logged

cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #53 on: August 02, 2011, 06:51:18 PM »

The question is can you keep it out when it comes-a-knocking. The answer - in that configuration - is no.

I don't rely on UAC as my only defense.  I've got a firewall, AV software, and whatever firewall function the router has, along with Malwarebytes in real time, and WinPatrol Plus (which, among other things, keeps watch over my HOSTS and critical systems files).  And, of course, my own experience and common sense.  So yes, I guess I do feel that when it comes a-knocking, it's unlikely to get in the door.  (She says, crossing her fingers.  smiley )
Logged
Stoic Joker
Honorary Member
**
Posts: 5,218



View Profile WWW Give some DonationCredits to this forum member
« Reply #54 on: August 02, 2011, 10:29:34 PM »

Real-time scanners & AV software only serve to slow the machine down (typically to a crawl). And in so doing can only catch what they (have signatures for) know about. Anything new that comes down the pike is a heuristics crap-shoot.

The only truly effective method (outside of common sense), is reduced permissions. Because the bugg will only have as much permission as you do. So if you don't have permission to break the machine... Neither. Does. The. Bugg.

You have an entire application running full time, grinding up CPU cycles, Just to monitor "System Files". System files that would be completely untouchable by a standard user account ... Which requires 0 CPU time.

The only "safe" trade-off for those that persist in doing day-to-day activities with administrative rights, is UAC. But it must be allowed to isolate itself from you, to be able to defend the machine effectively. Other wise if you're both sharing the same desktop/session it ends up being the same ineffectively silly light speed foot race to the kill switch that you have with AV software. Bugg comes in, slits the AV's throat, and sets up shop. I see this cycle repeated again and again.

Lady brought a laptop in today; on it she had a veritable laundry list of security applications, UAC set to the max, and 3 root kits. She lacks the most important common sense layer of security and tends to click on whatever gets her to where she wants to be the quickest...Because she is "Protected". By Elfin Magic I guess... *Sigh* ...Must be where the term Sheeple came from. smiley
Logged
tomos
Charter Member
***
Posts: 8,481



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #55 on: August 03, 2011, 02:15:25 AM »

Okay, UAC at top level it is.

This may be a very silly question, but it has to be asked smiley:
if I dont use a password (admin account) is it all a waste of time anyways?
Logged

Tom
Stoic Joker
Honorary Member
**
Posts: 5,218



View Profile WWW Give some DonationCredits to this forum member
« Reply #56 on: August 03, 2011, 06:35:36 AM »

This may be a very silly question, but it has to be asked smiley:
if I dont use a password (admin account) is it all a waste of time anyways?

Yes. But if you wish to avoid having to type in a password every time it boots, you can use the old control userpasswords2 trick to set it to auto-login with a default account.

Auto-Login to Windows 7

Just don't forget the password or you may get locked out if you lock the console with Win + L.
Logged
tomos
Charter Member
***
Posts: 8,481



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #57 on: August 03, 2011, 06:53:33 AM »


Thanks SJ

I hate passwords embarassed
Logged

Tom
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #58 on: August 03, 2011, 07:40:04 AM »

Thanks for your response, SJ.  I agree with you that common sense is vital.  I think that over the years it has been and continues to be my most effective weapon.

I haven't found that the security software I currently use "only serve to slow the machine down (typically to a crawl)."  Not at all.  My computer is delightfully fast and responsive.  And WinPatrol Plus is not on my machine "just to monitor System files."  I use it primarily for a variety of other functions; it happens to also offer the option of protecting the Internet HOSTS and key System files.  Again, I haven't noticed that selecting this option negatively affects the performance of my computer.

As for the UAC, which is how this thread started, once I found I could get ActiveWords to work with Dreamweaver without turning off UAC, I put UAC back on its default setting (one notch down from the top).  I'm content to leave it there.  My suggestion to tomos about dropping it down a notch was in response to his strong dislike of the blackened screen.  You've convinced me that that might be more risky than the Microsoft description led me to believe.  Many thanks.
Logged
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #59 on: August 03, 2011, 06:23:53 PM »

Not *useless* at lower level (non-secure session / black screen), but it is certainly also not secure. It is very helpful though to prevent accidental damage from user and application mishaps, which are nearly as dangerous as malware at times ;p. Also, you certainly can't assume malware has all been adapted to auto-respond to the dialog for you. So... a lot less secure.. not useless.

Of course, if you simply run in a Limited User account all the time anyway, then you're best off. That is really what people should be doing, from a security perspective. Windows 7 does pretty well at asking for an administrator to login (via password prompt and then using a 'runas') when required for installs or other operations that require such elevated rights.

I keep my wife running as a Limited user on her systems, she never has a problem. If something needs installed, it prompts for an administrator to login and run-as -- as I said. Works great. Most all Windows applications are designed to run in limited user contexts these days. Of course, 90% of people don't stray far from their simple web browser anyway, making this recommendation doubly warranted.
« Last Edit: August 03, 2011, 07:22:45 PM by db90h » Logged
Stoic Joker
Honorary Member
**
Posts: 5,218



View Profile WWW Give some DonationCredits to this forum member
« Reply #60 on: August 03, 2011, 07:09:12 PM »

I haven't found that the security software I currently use "only serve to slow the machine down (typically to a crawl)."  Not at all.  My computer is delightfully fast and responsive.  And WinPatrol Plus is not on my machine "just to monitor System files."  I use it primarily for a variety of other functions; it happens to also offer the option of protecting the Internet HOSTS and key System files.  Again, I haven't noticed that selecting this option negatively affects the performance of my computer.

Okay, I was being a bit harsh with the broad brush ... But I'm sure you've seen the type of baby-sitter security suite infested machine I was eluding to. I just wasted 6 hours onsite today because of a client's machine that was a few generations past it's prime, that had a full suite of crippleware running at full blast on it. There is never a truly effective way of disabling these silly things ... So you're always stuck with it unless you're willing to eat the time to remove and reinstall it.

Fortunately for the client it was a contract job. Or the bill would have been close to the price of a decent new machine. I got home an hour late, and the job still ain't done. *Joy*...

 cheesy
Logged
db90h
Coding Snacks Author
Charter Member
***
Posts: 455


Software Engineer

View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #61 on: August 03, 2011, 07:29:30 PM »

I have not read this whole thread, so forgive me if I am repeating things others have said, or am just simply talking more than I listen.

Security software eating system resources is a pet peeve of mine. The bitter irony is that most of the time it does NO GOOD anyway, else all these people wouldn't be getting infested with malware. Think about it -- has the malware problem been 'abated' in any way by all these security solutions? Nope.

The #1 mistake novices make is installing more than one security suite. That is a huge no-no. It does NOT make you doubly protected. It makes you doubly slow, and doubly prone to potential strange problems.

My recommendation to all users, novices and advanced, is to adopt Microsoft Security Essentials. Since I am the author of an EXE compressor that is sadly abused by malware authors at times (despite my best efforts), I keep in touch with the security companies to help them combat this problem by 'scanning inside' compressed EXEs. I have really liked what I've heard from the PM for Security Essentials at Microsoft. They are doing it right -- trying to avoid the *very problematic* issue of false positives, while keeping people protected and using *minimal* system resources. And you know if anyone can make sure things are done as efficiently as possible on Windows, it will be Microsoft.

Security Essentials is 100% free and has just a few options. The options it has are the *critical ones* though. You can disable real-time scanning (the biggest impact on system performance), or tune it down to a number of different levels. You can exclude specified paths or file types. Perfect. They know this is needed to keep systems running optimally. You need to tell it to scan the risky stuff (such as incoming downloads and attachments, or removable media) .. and leave the rest of the system alone. After all, while it is theoretically more secure to keep rescanning every darn file that is opened, it is a bit absurd. Tune it down to only scan the incoming files, and be careful -- and you're gonna be ok in most cases.

I do not want to 'pick favorites' since I also deal with other companies, so I must also mention that if you want more ADVANCED controls and need even more enhanced security, the other companies -- you know the names (list removed as I feared I'd leave somebody out) --are getting better and constantly improving their software. They are also aware that they need to 'speed things up' and have offered similar options to help users do that through more selective real-time scanning.

So, that's my recommendation on the security products part of this discussion... which seems wholly OT, but ....
« Last Edit: August 03, 2011, 07:33:07 PM by db90h » Logged
cranioscopical
Friend of the Site
Supporting Member
**
Posts: 4,167



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #62 on: August 03, 2011, 10:51:21 PM »

which seems wholly OT, but ....
.... worth reading. Thanks for the input.
Logged

Chris
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,952



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #63 on: August 04, 2011, 05:44:28 AM »

so forgive me if I am repeating things others have said,

That's OK - if it is worth saying it is probably worth SHOUTING more than once.

Actually I pretty much agree with you on security software and now I am mostly recommending to clinets that they use Microsoft Security Essentials and Windows Firewall.

Given that most people don't really know what they are doing I just tell them to install and forget about it (leaving default settings).

For the most part this is at least as effective as the well known security brands.

I spend a fair amount of my week clearing out malware - almost invariably they have a big name security suite (or two or even three) installed and they simply don't protect people any more - at least not effectively enough to be worth the performance hit.

The only solution to this is common sense and education - neither of which are in abundance in the real world for the average user - esp. if they have kids using their computer too!
Logged

40hz
Supporting Member
**
Posts: 10,648



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #64 on: August 04, 2011, 08:57:12 AM »

+1

For the non-tech users, I see more problems caused by security suites than I do by malware.

As Carol recommends, just install Microsoft Security Essentials, use Windows' built-in firewall, stay caught up with your system updates - and be done with it. That and a little common sense about what attachments you open and what software you install will more than suffice for 99.9% of all users. And it will do so without the headaches 3rd-party security suites can cause.

Time to stop the insanity.  

Take the money you save by not purchasing Norton or McAfee and buy yourself a nice little USB hard drive so you can finally start doing those backups you keep putting off.  Cool

« Last Edit: August 04, 2011, 09:07:53 AM by 40hz » Logged

Don't you see? It's turtles all the way down!
cyberdiva
Supporting Member
**
Posts: 908


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #65 on: August 04, 2011, 10:05:25 AM »

In large measure, I agree with what Carol and 40hz have recommended regarding Microsoft Security Essentials and the Windows firewall.  Indeed, that's what I currently have on my Win7 desktop and my Win7 netbook.  But I find myself worrying about the popularity of these programs, especially MSE.  If the overwhelming majority of people use the same anti-virus program, be it MSE or any other, doesn't that make it easier for the bad guys to develop malware specifically designed with that particular AV program in mind?  (Hmmm...perhaps I should change my username from cyberdiva to worrywort  Sad  )
Logged
Carol Haynes
Waffles for England (patent pending)
Global Moderator
*****
Posts: 7,952



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #66 on: August 04, 2011, 10:33:22 AM »

Currently the vast majority of users seem to use either Norton or McAfee. There are other suites available but none of them seem to stop the ongoing problems with malware and never really will.

The whole area is plagued with two problems:

1) Just about all security suites are reactive solutions - these are fairly easily breached
2) Any heuristic solutions seems to cause more problems than the threats for the general population.

For a long time now I have strongly recommended to clients that they remove third party firewalls. Why - because the majority of users can't manage them and if they are allowed manage themselves they inevitably break connections (esp. file sharing). 99% of the time users I have seen with a third party firewall simply click Allow when prompted because they don't know the answer to the question being asked (or usually know what is being asked).

As for antivirus solutions virtually none of them seem to stop the most pervasive pests out there - in particular fake security applications (and that seems to apply cross platform - not just windows).

The lesson security conscious and savvy users have learned is that most security issues are caused by the user. No antivirus will stop you doing something stupid (such as manually disabling the antivirus while you install a virus ridden torrent download) or clicking on an infected webpage and then giving permission for malware to be installed.

To get back a little on track this also applies to UAC - for most users it is little more than an irritation - most people don't read the prompts and just click the 'who cares' button - at which point UAC works against the user's interest, not for it.

The only solution is education.

The whole response to security issues used currently strikes me as a similar response used by governments to problems - add a layer of bureaucracy that affects and irritates everyone and makes it more difficult to do anything.

As an aside - I used to work as an outdoor education instructor in the UK. All outdoor centres (and even lone instructors) working with under 18s have been obliged to be licensed in the UK following a tragedy where 4 young people lost their live sea kayaking. The licensing scheme was hugely bureaucratic and very expensive to manage, requiring constant license renewals and physical inspection of licensed centres and activities. The fact that outdoor adventure activities had been incredibly safe for many years, with virtually 0% accident rate, didn't mitigate the government response - an accident occurred therefore ANYONE involved in providing this sort of service was walloped with the overheads required by a stupid scheme now estimated to cost £2.5m per year in the UK. Finally the current government has seem some sense and plans to repeal the legislation and introduce a simple code of conduct.

Seems to me this is similar to the way viruses etc. are dealt with currently and the repeal is long overdue. It is hard to imagine that companies such as Symantec and McAfee will lead the educational charge since they have a vested interest in maintaining the level of fear - and occasional infections are bound to keep that level raised!
« Last Edit: August 04, 2011, 10:36:23 AM by Carol Haynes » Logged

Stoic Joker
Honorary Member
**
Posts: 5,218



View Profile WWW Give some DonationCredits to this forum member
« Reply #67 on: August 04, 2011, 11:19:12 AM »

greenclp Well ya ain't gotta smack me with a fish trout I'll drink to that! drinksmiley greenclp

 cheesy
Logged
superboyac
Charter Member
***
Posts: 5,663


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #68 on: August 04, 2011, 11:47:17 AM »

Very well said, Carol.  I often question how much I can get away without having any security things running constantly.  My computer sure runs faster without them.
Logged

40hz
Supporting Member
**
Posts: 10,648



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #69 on: August 04, 2011, 01:13:51 PM »

But I find myself worrying about the popularity of these programs, especially MSE.  If the overwhelming majority of people use the same anti-virus program, be it MSE or any other, doesn't that make it easier for the bad guys to develop malware specifically designed with that particular AV program in mind?  (Hmmm...perhaps I should change my username from cyberdiva to worrywort  Sad  )

It's a legitimate concern. However, it's relatively moot since, in practice, it's far easier and more productive to try to discover and exploit an unknown vulnerability in the underlying OS than it is to try to fox or disable an AV utility. And the malware writers know that.

Today, most systems are fairly secure by default. And with the addition of any decent AV package they're remarkably secure. Add in some common sense - plus a smart user - and they're virtually impregnable.

The weakest ink in the lineup is the user. That's why so many documented "successful exploits" rely so heavily on "social engineering" - which is a fancy way of saying "tricking the user into doing something dumb."

Day Zero exploits are a whole 'nother issue. Fortunately, most of the really dangerous ones are spotted and dealt with long before they fully activate.

Keeping your system fully updated will protect you from "zero" exploits most times unless you're one of the unlucky early victims that sounded the warning cry to the rest of the pack. (Let's face it: we all knew that, sooner or later, the snakes were gonna get lucky and take out at least one meerkat - even if we didn't think it would end up being Flower.) Not much you can do about that except restore from backups if it happens to you. But again, it's a long shot you'll ever end up being in that category if you're doing everything else right security-wise.

Stuff happens. Best just do what you can do to avoid problems. After that, try not to worry about it too much. Sharing a glass of fine Merlot (or a microbrew) with friends who aren't always talking about computers helps too. Highly recommended, smiley
« Last Edit: August 04, 2011, 03:19:29 PM by 40hz » Logged

Don't you see? It's turtles all the way down!
rowal5555
Supporting Member
**
Posts: 1


View Profile Give some DonationCredits to this forum member
« Reply #70 on: October 11, 2011, 09:34:14 PM »

Personal experience with UAC.

It drove me crazy in Vista so I turned it off, but recently I was doing a reinstall of Win 7 on daughter's laptop, and (my own fault) the flash drive I keep all my downloads on got infected without my realising it, before the AntiVirus had completed installing. When I put the flash drive back into the desktop, it immediately tried to infect that with continually changing .exe's.

UAC stopped it dead and I was able to track it down and kill it without damage.

So, I will continue to run UAC in Win 7 and Win 8 and put up with the nuisance value, knowing that it does work.

Cheers, Rob

Logged
Pages: Prev 1 2 [3]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.056s | Server load: 0.02 ]