UAC, a waste?

RogueTrip

2[H]4U
Joined
Feb 22, 2003
Messages
2,869
Been using windows 7 since it was in RC, even used vista a bit. I had always let UAC stay enabled. In my home setup of about 3 years and thinking back there hasn't been once that UAC has been a use to me. So now it is turned off and feel that it is still just as safe as long as there is a decent AV/Malware program running. Really didn't think about turning it off until I read a SSD guide over at overclock.net.

So who is with me? Is UAC a waste of time and clicks?!
 
It's certainly not "just as safe'. With it on, programs can't do things that require administrator permissions without your use, period. It lets programs run at different integrity levels, which is a core function of any secure OS. Leave it on.
 
If every time you got into your car you got a message warning you that you could potentially get hurt while driving, would you be safe from getting in an accident? No.

That's basically what UAC is. It's useless. If you opened a file it means you want to open it, and assume that it is safe. A virus scanner is better as it will only warn you on files that are actually a threat. Not every single file.

Any "security" based on warning you on every single situation that could potentially be dangerous, is not security. 99.99% of the time it's not, so we are conditioned to just ignore it.
 
It's there for a reason. Leave it on, unless you like even more Java based hijacking.
 
If every time you got into your car you got a message warning you that you could potentially get hurt while driving, would you be safe from getting in an accident? No.

That's basically what UAC is. It's useless. If you opened a file it means you want to open it, and assume that it is safe. A virus scanner is better as it will only warn you on files that are actually a threat. Not every single file.

Any "security" based on warning you on every single situation that could potentially be dangerous, is not security. 99.99% of the time it's not, so we are conditioned to just ignore it.

This.
 
If every time you got into your car you got a message warning you that you could potentially get hurt while driving, would you be safe from getting in an accident? No.

That's basically what UAC is. It's useless. If you opened a file it means you want to open it, and assume that it is safe. A virus scanner is better as it will only warn you on files that are actually a threat. Not every single file.

Any "security" based on warning you on every single situation that could potentially be dangerous, is not security. 99.99% of the time it's not, so we are conditioned to just ignore it.

So NOT this. UAC is more like your seatbelt. A lot of people have never been saved by a seatbelt. "Duh, I guess I'll take it off since it doesn't do anything!" Not only do you get UAC when you run installers, it will prompt if some malware comes in through your browser or flash/java and wants to have free reign over the OS. UAC allows IE (and I think chrome) to run sandboxed, along with apps like Adobe Reader X. It also does file virtualization, meaning that you can run many programs as standard user since their writes to protected areas are redirected to a special low privilege area of the drive, which is returned next time the apps tries to read from those protected areas.
 
If every time you got into your car you got a message warning you that you could potentially get hurt while driving, would you be safe from getting in an accident? No.

That's basically what UAC is. It's useless. If you opened a file it means you want to open it, and assume that it is safe. A virus scanner is better as it will only warn you on files that are actually a threat. Not every single file.

Any "security" based on warning you on every single situation that could potentially be dangerous, is not security. 99.99% of the time it's not, so we are conditioned to just ignore it.

A virus scanner will almost never prevent an infection. Your UAC analogy is also incorrect. It is more like this:

Every time your car is attempted to be started, you get a confirmation that you know what you are doing. However, when someone else unknowingly to you gets in your car and tries to start it, it still asks you to approve the action, which you may or may not allow, depending on if you gave said person permission to use your car.
 
A virus scanner will almost never prevent an infection. Your UAC analogy is also incorrect. It is more like this:

Every time your car is attempted to be started, you get a confirmation that you know what you are doing. However, when someone else unknowingly to you gets in your car and tries to start it, it still asks you to approve the action, which you may or may not allow, depending on if you gave said person permission to use your car.

This. I get prompts from malicious sites occasionally, which I of course say "no" to and avoid a great deal of headache. If turning off UAC works for you, good, but I wouldn't do it and won't allow machines in my house / on my network with it off.
 
I never used UAC and it was the first thing I disabled when I installed windows, since its vista debut I don't remember having UAC enabled longer than 1 day. Nothing ever has happned.
 
What people don't understand about selective privilege escalation is that it's not about protecting you from the things you want to do, but notifying you when something is trying to do something you probably don't want.

Getting a prompt from actions you initiate is not the goal, but a side effect of the system.

Also, why would an SSD guide advise disabling UAC?
 
What people don't understand about selective privilege escalation is that it's not about protecting you from the things you want to do, but notifying you when something is trying to do something you probably don't want.

Getting a prompt from actions you initiate is not the goal, but a side effect of the system.

Also, why would an SSD guide advise disabling UAC?

A lot of those so called guides, if not most of them, have some good advice mixed in with some pointless, or even harmful advice.

Disabling UAC, removes one layer of security and increases the likelihood that a drive by will work. Turning it off does make things somewhat less annoying for people that do a lot of installing, uninstalling. though in normal daily use I almost never see the popups myself.
 
I leave UAC on my client PC's unless there is a specific reason to disable it. Some applications do not prompt for elevation properly, which causes them to fail.

On my personal PC I disable UAC so that I do not have to click 'run as admin' for my apps.

The truth of the matter is Windows was designed from the ground up so that all apps get administrative permissions. Tacking on UAC does add some benefit but it will never be as secure as Linux sudo.
 
The last time I seen a virus prompt me to install, or malware prompt me to run was when I switched to Windows 98.

Malware these days doesn't ask for your permission, it installs silently iwthout UAC prompts. UAC is like a broken condom, its false protection.
 
See the problem with UAC is that when you CONSTANTLY get asked "are you sure" every time you open a file or copy a file or w/e you just get conditioned to always say yes, because 99.999% of the time that action is safe.

At least a properly updated virus scanner (now this is arguable as for some reason lot of them don't bother with spyware which is just as dangerous as virus) will ONLY prompt you if the file is actually infected, rather than prompt you for every single thing you do.

Chances are if you clicked somewhere, it's because you know, or think you know what you are doing. A warning is not going to stop you, given you clicked yes the 9395949 other times and it was ok.

Now for driver bys, the proper security would be that browsers would NOT allow ANY writes to the system, period. There is no reason why a browser needs to do any changes to the system, so browsers should by design not allow it to happen. Only place it should be allowed to write is the user browser's profile where the cache, cookies, favorites are. Sadly no browsers have yet to be written this way for some reason. The javascript code and other stuff needs to be executed by the browser, so it would make sense if browsers would just have heuristics built in and not execute a piece of javascript, flash, java etc if it looks like it's about to do something odd like write to the C drive or add registry entries.

Now if you could selectively enable UAC for only specific programs, maybe it would work. But from what I've seen UAC wont even protect you from a drive by if it's on. At most it will warn you that the file you are about to open (the browser) could be harmful. Once you are in and browsing the web, it aint going to do crap. The drive bys use exploits that would bypass UAC and not cause any kind of prompt because the execution of the code is not user initiated.
 
I leave UAC on my client PC's unless there is a specific reason to disable it. Some applications do not prompt for elevation properly, which causes them to fail.

On my personal PC I disable UAC so that I do not have to click 'run as admin' for my apps.

The truth of the matter is Windows was designed from the ground up so that all apps get administrative permissions. Tacking on UAC does add some benefit but it will never be as secure as Linux sudo.

Could you please explain why Linux sudo is more secure, and why UAC is 'tacked' on? The OS either seperates user mode programs from admin mode programs, or it does not. UAC is also easier to stomach (clicking a single button vs. typing a whole password), and does not allow non-admin programs to interact with (spoof) the UAC prompt like I believe Linux and Unix do. Personally I would call UAC more secure than other OS' implementation.

stiltner:
The last time I seen a virus prompt me to install, or malware prompt me to run was when I switched to Windows 98.

Malware these days doesn't ask for your permission, it installs silently iwthout UAC prompts. UAC is like a broken condom, its false protection.

The malware can silently install, but it can't install a root kit or affect other users. Without a rootkit, the AV can find it, with a rootkit (because it got admin with UAC off) it can hide from an AV. So the protection is not 'false' at all.

Red Squirrel:
See the problem with UAC is that when you CONSTANTLY get asked "are you sure" every time you open a file or copy a file or w/e you just get conditioned to always say yes, because 99.999% of the time that action is safe.

At least a properly updated virus scanner (now this is arguable as for some reason lot of them don't bother with spyware which is just as dangerous as virus) will ONLY prompt you if the file is actually infected, rather than prompt you for every single thing you do.

Chances are if you clicked somewhere, it's because you know, or think you know what you are doing. A warning is not going to stop you, given you clicked yes the 9395949 other times and it was ok.

Now for driver bys, the proper security would be that browsers would NOT allow ANY writes to the system, period. There is no reason why a browser needs to do any changes to the system, so browsers should by design not allow it to happen. Only place it should be allowed to write is the user browser's profile where the cache, cookies, favorites are. Sadly no browsers have yet to be written this way for some reason. The javascript code and other stuff needs to be executed by the browser, so it would make sense if browsers would just have heuristics built in and not execute a piece of javascript, flash, java etc if it looks like it's about to do something odd like write to the C drive or add registry entries.

Now if you could selectively enable UAC for only specific programs, maybe it would work. But from what I've seen UAC wont even protect you from a drive by if it's on. At most it will warn you that the file you are about to open (the browser) could be harmful. Once you are in and browsing the web, it aint going to do crap. The drive bys use exploits that would bypass UAC and not cause any kind of prompt because the execution of the code is not user initiated.

UAC does not prompt for everything, or every file copy. It prompts for actions that affect other users and system settings/files. You seem to imply it will prompt you for doing a copy from your desktop to your documents folder. That is completely false, and I'm sure you know it. Either you are lying or just making a clumsy argument that should thus be disregarded.

Your description of how a browser should work, is EXACTLY how IE has worked since IE7, and also how chrome works and Adobe Reader X as well. They run in a mode called Low Integrity, where they can not write to medium or high integrity (all your user profile files except IE's browser cache and cookies are medium, and anything that is system is set to high integrity, such as \windows and \program files. The registry also has different integrity levels for different sections depending on their sensitivity.) IE10's Enhanced Protected Mode will extend this to block reads to lower integrity level code.

Because of this, it will actually do 'crap' to stop an infection while you are browsing the web. If a web page tries to exploit IE or Chrome, they will break into the browser but with low integrity access, they can not write to your user profile or system files, which means they can't auto-load on start up, damage your data, or really do anything but sit and wait to die when the browser gets closed. (well, they could still steal data from the web session and copy your files off, but at least the system won't be damaged and rootkit'ed.)

It would help if you understood that which you are lecturing us on.
 
Last edited:
When I had UAC turned on I was being prompted constantly, sometimes even if I was copying a file or other file action, but it seems really sporadic. It got ridiculous especially considering it was a new build and I had tons of stuff to install and configure.

Every single executable file or other file that could invoke an executable has the potential of causing damage to your PC if it's coded to do so, there needs no warning for that. That's why you get files from a trusted source, browse trusted sites, etc. I don't need to be warned that firefoxinstall.exe could harm my computer when I know that I downloaded it from a trusted source.
 
I have one rig without any internet = UAC off.

Everything else has it enabled. The way it should be.
 
When I had UAC turned on I was being prompted constantly, sometimes even if I was copying a file or other file action, but it seems really sporadic. It got ridiculous especially considering it was a new build and I had tons of stuff to install and configure.

Every single executable file or other file that could invoke an executable has the potential of causing damage to your PC if it's coded to do so, there needs no warning for that. That's why you get files from a trusted source, browse trusted sites, etc. I don't need to be warned that firefoxinstall.exe could harm my computer when I know that I downloaded it from a trusted source.

You must've been accessing secure locations, or your permissions were not set correctly. If you have a program that frequently needs Admin to function and you get tired of seeing UAC when you launch it, or you copy files to a protected location often, change the permissions of the relevant directories to give yourself full access. Linux and Unix operate the same way, if you try to copy files to /bin in linux you will get access denied messages until you enter your password. If you try to install a program on Linux or Unix you will also have to enter your password to continue. I've never seen someone once suggest someone run as root in Linux (equivalent of turning off UAC) because it's 'bothersome' to elevate, despite the fact that Linux is targeted much less than Windows.
 
Don't run it, its the 1st thing I disable , never had an issue....
 
In other news, I never had anyone break into my house so I think I should really get rid of all the locks, what a waste! And I'll save the 5s each day having to lock. What a brilliant idea :)
 
What do people do that keeps triggering UAC prompts on their computers? I mean after the first week or so of a new build?

If you hate UAC, wait until you get a load of Windows 8's SmartScreen functionality.
 
My personal boxes? I have it off. In two decades of computer use I have never self-inflicted myself with any viruses or malware.

Computers for my family? UAC ON.
 
Last edited:
What do people do that keeps triggering UAC prompts on their computers? I mean after the first week or so of a new build?

If you hate UAC, wait until you get a load of Windows 8's SmartScreen functionality.

Anything you do that can change the system... which is, anything you do, period.

Opening an exe file could potentially modify the system... PROMPT! Pretty much any action you do on a computer involves opening a program or a file of some sort.

As for door locks I see that more equivalent to a firewall. It is a certain level of annoyance, and so is a firewall, but it's not as annoying as having a security guard telling you to watch your step every time you enter your own house, and follow you around and tell you to be careful as whatever you are about to do could harm you. ex: doing dishes... you could drop a plate on the ground and it could shatter and a piece could manage to fly up in a way to slice your throat open. Or every time you go to turn on a light it would stop you and warn you that by flipping that light switch something bad could happen such as if the light bulb got replaced with a bomb.


UAC would actually be a half decent idea if it worked more like a virus scanner and only prompted you if a file is ACTUALLY dangerous. They could have heuristics built in or something.
 
Then it would be a virus scanner.
UAC, while sometimes annoying serves a very useful purpose.
When you are performing an action and you know you want to perform it, it is an annoyance.
When you are surfing the web and a UAC prompt pops up out of the blue, it just saved your ass. That prompt meant that if you had UAC off, or were using Xp, you would be infected.

It is a useful tool in defending against drive by infections. Use it or not, your choice. They made it fairly easy to turn off in Win7, and it defaults to the medium high setting rather than the max level like Vista did.
 
Anything you do that can change the system... which is, anything you do, period.

Opening an exe file could potentially modify the system... PROMPT! Pretty much any action you do on a computer involves opening a program or a file of some sort.

As for door locks I see that more equivalent to a firewall. It is a certain level of annoyance, and so is a firewall, but it's not as annoying as having a security guard telling you to watch your step every time you enter your own house, and follow you around and tell you to be careful as whatever you are about to do could harm you. ex: doing dishes... you could drop a plate on the ground and it could shatter and a piece could manage to fly up in a way to slice your throat open. Or every time you go to turn on a light it would stop you and warn you that by flipping that light switch something bad could happen such as if the light bulb got replaced with a bomb.


UAC would actually be a half decent idea if it worked more like a virus scanner and only prompted you if a file is ACTUALLY dangerous. They could have heuristics built in or something.

Are you still using vista or something? Do you install random apps non stop all day every day? Everything you say is pure hyperbole.

UAC is nowhere near as bad as you're making it out to be, seriously upgrade to windows 7and enable it some time. Things like device manager and pretty much anything that comes with windows doesn't even prompt for elevation any more, if it's a default windows component and the microsoft digital signature is intact, no prompt.

I set my parents computers so they only have user accounts and if they need something administratively installed I can remote in and do it for them, I get called a few times a year for some random update like for their printer software or something. On my own system, sure I see it several times a day but that's because I'm firing up a remote server manager or something.

If you're really such a power user that you're still constantly getting UAC popups then you're probably enough of a power user to have found the Microsoft Application Compatability Toolkit and set all those applications to auto-elevate. Now all you have to do is deal with those annoying prompts when you try to move/modify files in places such as c:\, c:\windows\, or c:\program files\ et al. But if you're storing files in those locations you may want to rethink your file storage strategy.
 
I still get plenty of Vista and 7 machines in with UAC fully enabled and still with trojans etc. installed. All sorts of crap. Give folks a window box to click on and they will click it.

So yes to be honest I think it is a waste of time. The black screen switch is also totally unnecessary and distracting.

I personally feel MS would do better to push the passworded Admin account with a restricted User account basis for all machines.
 
I still get plenty of Vista and 7 machines in with UAC fully enabled and still with trojans etc. installed. All sorts of crap. Give folks a window box to click on and they will click it.

So yes to be honest I think it is a waste of time. The black screen switch is also totally unnecessary and distracting.

I personally feel MS would do better to push the passworded Admin account with a restricted User account basis for all machines.

That wouldn't make any difference. People who allow trojans to elevate are going to do so regardless of whether it's a yes/no prompt or a password prompt. The black screen is an indication that background programs are unable to interact with the prompt, this is a good thing. If these people are under your supervision, and you think prompting for a password would be better then change UAC to prompt for a password mode in gpedit or the registry, I bet you won't see any difference unless you don't give them the Admin password. Also if everyone had to enter a password everytime they got a UAC prompt, and they're already complaining about having to click one button, well then more of them would just turn it off.
 
I have UAC switched off as its just an annoyance. Id expect most people on HardForum to know what they are doing with a pc and so not require it. Iv never had a virus on my pc as a little common sense is all you need.

The only people i think should have UAC on are the people who don't understand what the print screen key is, don't understand what the "any key" is etc and workplace pc's.
 
I have UAC switched off as its just an annoyance. Id expect most people on HardForum to know what they are doing with a pc and so not require it. Iv never had a virus on my pc as a little common sense is all you need.

The only people i think should have UAC on are the people who don't understand what the print screen key is, don't understand what the "any key" is etc and workplace pc's.

It really has nothing to do with whether you know what you're doing or not. Anyone can go to a website where a flash ad tries to infect them by exploiting the browser, if you're running IE or Chrome, the infection will be sandboxed because of UAC and not able to infect the system. Turn UAC off and you're hosed. Just because it has not happened to you thus far does not mean it won't. Same thing with seat belts and car accidents, you wouldn't advise people to not buckle up because you've never been in a car accident..of course UAC is not as important as seat belts but it's the same concept.
 
Hmm how many PCs do I get in with the UAC switched on and users running IE9 or Chrome that still get infected with Flash Drive-bys?

Quite a lot actually.

Whatever you do it doesn't really work so.....
 
Hmm how many PCs do I get in with the UAC switched on and users running IE9 or Chrome that still get infected with Flash Drive-bys?

Quite a lot actually.

Whatever you do it doesn't really work so.....

Yes and of course you can give me the names of the malware, and a link that describes how it actually gets in through IE and Chrome, and how it bypassed DEP, ASLR and the sandbox (in fact find me ANY in-the-wild malware that does that on a updated Windows 7 box), and not because your silly user downloaded jenniferlopez3some.AVI.exe and ran it and OK'd the UAC prompt and lied about it.
 
In my home, my family's computers all use standard accounts plus UAC. This has been a major preventative measure. Whenever an applications needs to be installed I have to be notified as the administrator.
 
Yes and of course you can give me the names of the malware, and a link that describes how it actually gets in through IE and Chrome, and how it bypassed DEP, ASLR and the sandbox (in fact find me ANY in-the-wild malware that does that on a updated Windows 7 box), and not because your silly user downloaded jenniferlopez3some.AVI.exe and ran it and OK'd the UAC prompt and lied about it.

Hey all I know is the Vista and 7 laptops keep on turning up with UAC enabled that have got infected and there I am wiping off 12-13 different infections on them. These are out of the box installs with no fancy setups, they all have Av on them too.

Two or three a week. These arent porn fanatics or filesharers just ordinary mom and pop types. They browse a cruise website of some financial planning site thats hacked and next thing they are being asked to pay $50-$100 to free up their laptop.

So something isn't working. But hey it's a job. I clean them up and ship them back out.

Just relaying what I'm seeing every week.
 
Here is a list of some of the stuff I've been clearing off Vista/7 machines with UAC -

Browsermodifier:Win32/Zwangi
JAVA/CVE-2010-0842.O
JAVA/CVE-2010-0842.PZ
WIN64/Sirefef.W
MedFos.A
Downloader/Karagany
LDpinch.DB
Blacole.BB
Blacole.BC
MedFos.A
Waprox

And many many more including the infamous Windows Security variants and classic Internet Police hijack.
 
Of course what you're not seeing each week are all the PCs where UAC did it's job and prevented an attack.

Just because UAC is not perfect doesn't mean it's not useful or worthwhile.
 
Yes but what I'm being told is its perfect.

I know and you know that it isn't. In my experience it's pretty ropey.
 
What you know really isn't good enough. Without the name of the malware, or ANY malware in the world, that can do this, I'm just going to have to assume you are wrong for one reason or another. I just got done reading 10 pages of google links on this, and all I can find is pwn2own and vupen accomplishing this, no in-the-wild malware. While the pwn2own and vupen instances show it to be possible, it is simply above the skill level of the average hacker who actively infects systems. Either the systems you are seeing are improperly configured, or those people downloaded something and ran it and neglected to mention it to you. Unless you can prove otherwise by finding just one piece of malware that's in the wild that can accomplish what you say you see several times a week.
 
What you know really isn't good enough. Without the name of the malware, or ANY malware in the world, that can do this, I'm just going to have to assume you are wrong for one reason or another. I just got done reading 10 pages of google links on this, and all I can find is pwn2own and vupen accomplishing this, no in-the-wild malware. While the pwn2own and vupen instances show it to be possible, it is simply above the skill level of the average hacker who actively infects systems. Either the systems you are seeing are improperly configured, or those people downloaded something and ran it and neglected to mention it to you. Unless you can prove otherwise by finding just one piece of malware that's in the wild that can accomplish what you say you see several times a week.

Chap, all I'm saying is I'm getting in crippled laptops with UAC and IE9/Chrome being used.

I cant say more than that. If I wasn't I wouldn't have the work and folks calling me because their laptops and PCs don't work as they are locked out. I don't ask customers for in depth info on what they did as its like asking a cat about politics, impossible. All I get is "I was looking as such and such a site then all of a sudden I got this message pop up saying I had 700 viruses and I panicked!" I hear it over and over. Most of them now just hit the Start/Shutdown and call me. That reduces the infection to around 4 files.

If it's that easy to get a machine infected then it's pretty much worthless. If it's down to bad setup then that's a failing of MS/Dell/HP/Fujitsu et al, not really the user.

I don't know what else to say other than one of us is in some form of denial.

Modern Windows PCs get infected, end of story.
 
Back
Top