wonderfield
Supreme [H]ardness
- Joined
- Dec 11, 2011
- Messages
- 7,396
That's basically exactly what's happening.
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
UAC should be on. It is a sensible way to tell people when to know if something is installing something. My biggest problem with UAC is that it does not require a password. You should be forced to enter the admin password every time. Because of this I set up every computer, and family computer with a separate admin account and make them log into a standard account.
The reality is most people just click OK to make UAC go away, and it is only through the process of typing a password that they stop to think. In fact if they have to type a password some will be lazy and just x out. This is all safer than the current system which just lets you press OK>
UAC can prompt for a password, I believe it can be done in gpedit or if you have home editions, you can find the registry keys to do this by searching the web. Also, you may as well just make a standard user account since it's slightly (in theory) more secure.I don't disagree. I don't particularly understand the current system the way it's implemented. There are four options to tune UAC to a user's liking, but no option to require a password. What's the deal there?
You can have UAC prompt for a password. You have to configure it in local security policies. There's no need to even touch the registry.
- Local Security Policy will only be available in the Windows 7 Professional, Ultimate, and Enterpise editions.
- You will not have Local Security Policy available in the Windows 7 Starter, Home Basic, and Home Premium editions.
http://www.sevenforums.com/tutorials/7357-local-security-policy-editor-open.html
As I said, you'll need to find the registry keys on home versions, or maybe there's some 3rd party program out there that you could use to set it with a gui app.
Or you just set the user to be a user and not an admin...
I did say that too, in post #166. The post you quoted was me correcting someone who said you could use local security policy to do this with UAC and 'never have to touch the registry.'
I didn't "never", I simply said there's no need. Besides, I highly doubt anyone in this thread is using Home edition anyway.
Troll-necro. Can't get any classier than that.
Nothing prevents pebkac except not having a human touch the input devices to a computer. At best, the risks can only be mitigated.Doesn't prevent a PBKAC
It's useless, it's stupid and it will always remain off on my computers. I can't believe there are actually people who believe it performs a useful function.
That is a very ironic sentiment, because I can't believe people think separating Admin and User programs is a useless function. Do you tell Linux users to run as root all the time because user accounts are useless as well, or do you only serve up that nugget of insight to Windows users?
sadly it does seem alot of users still need educating. All unix based OS's have for decades worked on the principle you dont do your normal day to day tasks as root, root is only used for system administration and thats it. Processes are rarely run under root and if they are they normally setui'd to a non root user after launch. Its basic security 101.
Microsoft realised this when they launched vista and introduced UAC, in my view UAC is supposed to eba s top gap and eventually the idea is people will run using restricted user accounts by default, but it seems this migration process is been quite slow. Its not a good thing to run day to day stuff as admin, people who think they been a power user by turning off UAC fail to grasp a basic understanding of security.
Now in my view UAC has been poorly implemented, there really should have been a whitelist function, eg. in linux sudo has a whitelist function where certian commands can be approved for root escalation without password prompt.
If people however want no UAC and want to be secure then do this.
Add a limited user account for day to day use.
Configure SRP so that programs can only execute from folders where the user has NO write permissions.
This is extremely effective.
http://www.wilderssecurity.com/showthread.php?t=262686
UAC is very important. If you turn it off, every single process running under your account has an administrative token (unless you're not running as an administrator, but then...you don't have much to worry about, at that point). If you leave it on, only apps which you explicitly allow to elevate will have administrative tokens.
And, of course, if you're not one of those stubborn folks who thinks they're too good to not have administrative privileges on every single thing they ever do, UAC is convenient for elevating things when you're not logged in as an administrator. I never log into my administrator account directly, since there's literally no reason I would ever need to. If I need to do something administrative, I can just let the UAC prompt come up and enter my credentials for my administrative account.
Additionally, UAC has added features such as data redirection and registry virtualization that you lose when UAC is disabled.
I like to equate logging into an administrative account with UAC turned off to logging into 'root' on a UNIX system for everything you do. The latter would be considered by the vast majority of knowledgeable people to be an extremely insecure thing to do, but for some reason doing the equivalent thing on Windows bears the consensus that it is a perfectly secure thing to do. It must be that Windows users have far fewer viruses and exploits to worry about since Windows represents a small percentage of the OS market share....or do I have that backwards?
The registry and data virtualization is actually one of the nastyest side-effects of UAC as it breaks some legacy apps - not to mention the PITA it causes to any technical support. The data is not where it's supposed to be - it's in blabla/blabala/balbalabl/user/blabal/hidden folder/app.
The 'security' of *nix and OSX is more related to obscurity than anything else. They're suspectible to all of the social engineering attacks (and nobody can change the fact). Here, install a barking puppy dog to your desktop. But I need a quick courtesy of root password to make it run automatically
It's also very easy to create an extremely destructive code that runs with users credentials. For a desktop user it doesn't matter if the code can't reach system files if it can delete all the data the user has using his own privileges. The end result is pretty much the same. Of course on multiuser machines the damage is more localized than with windows.
The registry and data virtualization is actually one of the nastyest side-effects of UAC as it breaks some legacy apps - not to mention the PITA it causes to any technical support. The data is not where it's supposed to be - it's in blabla/blabala/balbalabl/user/blabal/hidden folder/app.
The 'security' of *nix and OSX is more related to obscurity than anything else. They're suspectible to all of the social engineering attacks (and nobody can change the fact). Here, install a barking puppy dog to your desktop. But I need a quick courtesy of root password to make it run automatically
It's also very easy to create an extremely destructive code that runs with users credentials. For a desktop user it doesn't matter if the code can't reach system files if it can delete all the data the user has using his own privileges. The end result is pretty much the same. Of course on multiuser machines the damage is more localized than with windows.
The registry and data virtualization is actually one of the nastyest side-effects of UAC as it breaks some legacy apps - not to mention the PITA it causes to any technical support. The data is not where it's supposed to be - it's in blabla/blabala/balbalabl/user/blabal/hidden folder/app.
The 'security' of *nix and OSX is more related to obscurity than anything else. They're suspectible to all of the social engineering attacks (and nobody can change the fact). Here, install a barking puppy dog to your desktop. But I need a quick courtesy of root password to make it run automatically
It's also very easy to create an extremely destructive code that runs with users credentials. For a desktop user it doesn't matter if the code can't reach system files if it can delete all the data the user has using his own privileges. The end result is pretty much the same. Of course on multiuser machines the damage is more localized than with windows.
UAC is nothing but a PITA..I set my Windows up to have it turned off from the jump.
Sure but a desktop machine usually has just one user. If your own data goes what more do you really want at that stage? If you have no backups what's gone is gone.I've had to deal with these issues, yes, but usually if you put any amount of effort into it, they can be circumvented.
I don't see why you're pointing this out here. It's not relevant to the purpose or meaning of my post.
You can create destructive code, but with proper permissions and barring things like rare exploits that allow elevated permission, said destructive code is generally only destructive to the user it runs as. If you've been running some form of backups regularly, it's usually as simple as wiping that account and making a new one, then restoring all of your backed up stuff for a fix, which is much better than wiping an entire machine.
Sure but a desktop machine usually has just one user. If your own data goes what more do you really want at that stage? If you have no backups what's gone is gone.
That would be all good unless UAC had also been circumvented already.Having firmware corrupted possibly rendering the hardware useless, and rootkits that make the infection undetectable is also a consideration. More than worth the few extra mouse clicks I spend on UAC. (wouldn't repeat myself if people didn't ignore me. )
That would be all good unless UAC had also been circumvented already.
https://www.google.fi/search?q=expl...&rls=org.mozilla:en:official&client=firefox-a