Vista UAC - Ok to turn off?

J

jnick

2[H]4U
Joined
Sep 25, 2004
Messages
2,888
I for one, REALLY like Vista...However...

As all of you Vista users know, UAC gets old...FAST. I know you can turn it off, however, I read an article stating that if you turn it off, it will lead to a corrupt OS down the road. At first I believe it, however, now I'm starting to pull the shens card :p.

So, my fellow [H] Vista members, is there any problem with turning off UAC?
 
I turned mine off on day one. That was a year ago and I've never had a problem. UAC is the worst part of Vista by far.
 
I've been running Vista Ultimate 64bit for nearly a year, no reinstall, no corruption issues, UAC disabled since ~hour 1. Shens indeed.

Also, heatlesssun, neat trick and all, but it serves no real purpose to have UAC enabled (I do not enjoy being "saved from myself") and it's got about 10 too many steps for me or anyone else that values their time to bother with.
 
GreenGoose said:
I turned mine off on day one. That was a year ago and I've never had a problem. UAC is the worst part of Vista by far.
Click to expand...

Couldn't disagree more. UAC is basically the same security the model that has been so vaunted by *NIX heads for years, and it's not as bad as people say. Take a look at the link above, disabling UAC on a application basis is MUCH safer.
 
The first thing I do after installing Vista, I turn this thing OFF.
 
heatlesssun said:
So how many turn of UAC and normally log in as administrators?
Click to expand...

Probably everyone. It is no worse than running XP, which most people still do.With a good Antivirus and Antispyware, and the oxymoron that is common sense, you should be reasonably safe. I would rather have a virus than run UAC.
 
xxEIEIOxx said:
I would rather have a virus than run UAC.
Click to expand...

Wow, I really don't get it. For years and years the *NIX crowd screamed and hollered about the lack of a lesser privileged security system in Windows, and when Microsoft did it, it gets this kind of reception.

I guess Windows users really aren't that interested in security.
 
What are you people doing that makes UAC pop up all the time...... I see it maybe a handful of times a day, and when I'm really doing lots of admin stuff I just elevate explorer.exe for the time being that way all shell actions are elevated.

I agree with heatlesssun, MS tries to put in a sudo-like elevation process and everyone just ignores it, UAC is probably one of the better things MS has done for Windows security.
 
I run *NIX as root too. Sometimes I have sex without protection. Once upon a time, I street raced. Living dangerously, as it were.
 
heatlesssun said:
Wow, I really don't get it. For years and years the *NIX crowd screamed and hollered about the lack of a lesser privileged security system in Windows, and when Microsoft did it, it gets this kind of reception.

I guess Windows users really aren't that interested in security.
Click to expand...

It's probably less irritating on *nix. You get UAC prompts to open things like device manager. I would rather get things done than spend all day having to allow everything. And the more you get bombarded with the prompts, the more likely you are to just stop reading them and ok everything anyway. This is my personal opinion, and may not suit the needs or wants of others.
 
xxEIEIOxx said:
It's probably less irritating on *nix. You get UAC prompts to open things like device manager. I would rather get things done than spend all day having to allow everything. And the more you get bombarded with the prompts, the more likely you are to just stop reading them and ok everything anyway. This is my personal opinion, and may not suit the needs or wants of others.
Click to expand...

Like devman was saying, what are you doing in normal day to day work where UAC is always popping up to the point of slowing you down? I'll set instances apps to run as administrator, and get a UAC prompt and be done with it.

One of the biggest security issues in Windows has been the fact that most people run their computers as admins ALL the time. This is just not acceptable in the Internet age.

In *NIX, it’s not all that different. You have to sudo to install software, change certain settings, copy files to certain directories and so forth.

I've never heard anyone in the *NIX world complain about it. It's considered a good practice in that world, but in the Windows world it’s almost considered evil. No, UAC is not perfect and there are times when it can be a pain, but those processes can be run TEMPORARILY as admin when needed.
 
First thing I do is turn it off also....No problems here an either machine I have Vista on.
 
heatlesssun said:
Wow, I really don't get it. For years and years the *NIX crowd screamed and hollered about the lack of a lesser privileged security system in Windows, and when Microsoft did it, it gets this kind of reception.

I guess Windows users really aren't that interested in security.
Click to expand...

It's not half this annoying in Linux. I can "sudo -i" and get a root terminal from which to do things, I can also have my window manager elevate things automatically for me, etc.
 
I originally turn off UAC when I installed all of my Apps and set up my PC for the first time. That's when it's a PITA. After that, I turned it back on. Now it only triggers when I am working on system stuff. It did cause me to install certain applications in locations other than program files, but very few. Mostly MMOG's that require regular updates.
 
I don't find it to be a problem. Sure, everyone gets fed up with with it when first setting up a computer, but I'm not constantly plagued by prompts in normal use. I can deal with the odd prompt for the increased security. Things like Device Manager should cause UAC prompts, they're administrator tasks.

It probably helps that I do not install many things to Program Files folders, though - I use \Applications\ and \Games\. Program Files are administrator-write-only, which can get old very fast.
 
Mithent said:
Things like Device Manager should cause UAC prompts, they're administrator tasks.
Click to expand...

Sure, it is an administrative task, but what kind of malicious process is going to hack device manager when I open it, and update my drivers? :D Paranoia sells security software. People complained about Windows and this is Microsoft's answer. I'm not impressed. Though I honestly haven't seen a real virus in years, and I work in IT. My biggest problem on a daily basis are all the dorks out there trying to run scripts to log onto our servers as "sa" or "admin", accounts which do not exist on our systems. Vista is the only OS we have installed that has UAC, and I don't feel any less safe on the other machines. We do a LOT of software testing, and don't have time for the UAC garbage, we do test to make sure our products run on it, but don't have time for the"were you kidding when you launched this program" prompts. If it makes you feel better, run it, but since it can be disabled on an application basis, I'm sure it won't be long before the newest exploit bypasses it anyway.
 
One advantage of UAC which is rather hard to get around is that it prevents code injection and buffer overruns from damaging the system, provided that applications which access the Internet are run with low privileges. But I don't think that previous versions of Windows were terribly insecure, no; I think that the main problem is people running IE. But I'm not paying a high price for UAC to remain on. If you're administering servers and every action is an administrative action, then things might well be different, but I'd expect there to be good security anyway.
 
xxEIEIOxx said:
It's probably less irritating on *nix. You get UAC prompts to open things like device manager.
Click to expand...
I guess it's a bad thing, having Vista prevent some malicious program from disabling your NIC, screwing your graphics card settings, or what have you?

For you and me, can be fixed easily. But for the average user, they NEED UAC.


NKDietrich said:
It's not half this annoying in Linux. I can "sudo -i" and get a root terminal from which to do things
Click to expand...
And "Run As Administrator" doesn't exist on Vista's command prompt? That's a BS example.


I'd agree at initial setup, UAC is a pain. You are configuring and installing everything- it gets old. However, the problem is (as we have seen) most people don't give it a shot past that. They get tired of it setting up their PC, shut it off, and that's the end of it.

I rarely get a UAC prompt 1-2 times a day anymore.

UAC is welcome by me. Will finally start urging software devs to write some decent programs that don't need access to portions of the system- and do everything on a user-level.

But all in all, Microsoft is damned if they do and damned if they don't.
 
heatlesssun said:
Like devman was saying, what are you doing in normal day to day work where UAC is always popping up to the point of slowing you down? I'll set instances apps to run as administrator, and get a UAC prompt and be done with it.

One of the biggest security issues in Windows has been the fact that most people run their computers as admins ALL the time. This is just not acceptable in the Internet age.

In *NIX, it’s not all that different. You have to sudo to install software, change certain settings, copy files to certain directories and so forth.

I've never heard anyone in the *NIX world complain about it. It's considered a good practice in that world, but in the Windows world it’s almost considered evil. No, UAC is not perfect and there are times when it can be a pain, but those processes can be run TEMPORARILY as admin when needed.
Click to expand...

Personally I formatted my Ubuntu partition as a NTFS with a happy smile on my face and one of the main reasons were having to enter admin password way too often when updating programs or instaling/reconfiguring some things..
 
I turn it off right away to get my system set up, and then it goes back on.

Ever try re-arranging your Start Menu icons with UAC enabled? Once I get the system set up, I rarely see a UAC pop-up.
 
hmz said:
And what exactly does this mean?
Click to expand...

|\/|34n5 j00 4r3 n00b (0mP4r3 70 |\/|3 4 |)i54b13 U4C i|\| Vi574! j00 |\/|u57 p|-|33r h4x!

d0 j00 \/\/i5h 70 533 b075 cr4x0ri|\|g j00r b0x?!
 
I finally turned mine off. I could never figure out how to use the per-app setting to have it ignore me changing directory names or deleting files.

Nothing more irritating then:

New Folder...
Rename...
"Are you sure you want to rename this?"
Yes
BLOOP (BLACK SCREEN) "SOMEONE IS TRYING TO RENAME A DIRECTORY!!!!!!!!111 Ok?"
Yes
"Renaming directory. Checking something or other.... 10%"
"Making sure I CMA... 50%"
"Renaming..."

Wow, only takes a minute to make a new directory!
 
You do not get a UAC command prompt unless you are in Program files or Windows.

I see maybe 1 UAC every few days, and it usually is because I am doing something that requires it.

If you are doing something that has UAC popping up like a fucking banshee, you are not using the system correctly. You are doing something wrong somewhere, period. In a *nix environment, you will get prompted for doing the same shit.

All Microsoft did was copy a *nix idea that everyone agrees is awesome, and people bitch. The only fucking difference is that in *nix you need to enter your password.

If you need admin rights to use your fucking computer, figure out what the hell your doing wrong and fix it.
 
Thanks for the replies...however,

To run Ventrilo, I get prompted via UAC.
To run BF2, I get prompted via UAC,
To RUN BF2142, I get prompted via UAC...

All of those programs need to be run in Admin mode, and therefore I get prompted EVERY instance I start them. If there was a way to use "Always allow this program," then I wouldn't mind...
 
TechieSooner said:
I guess it's a bad thing, having Vista prevent some malicious program from disabling your NIC, screwing your graphics card settings, or what have you?

For you and me, can be fixed easily. But for the average user, they NEED UAC.

But all in all, Microsoft is damned if they do and damned if they don't.
Click to expand...

If I were going to screw with a device, there are much more efficient ways than hijacking an open device manager. Manipulating the registry is very easy, and could be attached to a process I could get most people to click allow on.

And I don't blame Microsoft for their security issues, because if there weren't people constantly trying to exploit it, there would be no issues. Unfortunately, it falls into their lap to try to proactively stop it, but they are not the cause. I refuse to "blame everybody but the criminal".
 
xxEIEIOxx said:
If I were going to screw with a device, there are much more efficient ways than hijacking an open device manager. Manipulating the registry is very easy, and could be attached to a process I could get most people to click allow on.
Click to expand...

Good thing UAC is enabled for registry tweaks too, huh?
 
TechieSooner said:
Good thing UAC is enabled for registry tweaks too, huh?
Click to expand...

Not if I sneak them into a software package I could get someone to install anyway. I could make a nice freeware program and slip this into the installer. The installer would run as admin and you would never see it coming. If someone wants to get into your machine, UAC will not stop them. ;)
 
UAC, to a true power user, is a waste of time. It's annoying. Most real "power users" have an active firewall...good AV...and common sense, we keep track of what is going on with our rigs, etc.

I agree, the average guy, hasn't a clue, they click on anything, etc., and UAC for them, is probably a good idea.

That being said, mine stays OFF. Grrr.....
 
jnick said:
Thanks for the replies...however,

To run Ventrilo, I get prompted via UAC.
To run BF2, I get prompted via UAC,
To RUN BF2142, I get prompted via UAC...

All of those programs need to be run in Admin mode, and therefore I get prompted EVERY instance I start them. If there was a way to use "Always allow this program," then I wouldn't mind...
Click to expand...

Since this is your thread, the best plan is to answer your question. This can be done. Microsoft's KB946932 answers how to do this, but the article seems to be gone at the moment. If you go here http://www.winvistaclub.com/f6.html and scroll down to "How to Disable UAC for certain applications only" it will tell you how to do this.
 
That crap is one of the first things I turn off when I build a Vista machine. It annoys me to no end.
 
jnick said:
Thanks for the replies...however,

To run Ventrilo, I get prompted via UAC.
To run BF2, I get prompted via UAC,
To RUN BF2142, I get prompted via UAC...

All of those programs need to be run in Admin mode, and therefore I get prompted EVERY instance I start them. If there was a way to use "Always allow this program," then I wouldn't mind...
Click to expand...

None of those prompt me for admin rights.
 
heatlesssun said:
Like devman was saying, what are you doing in normal day to day work where UAC is always popping up to the point of slowing you down? I'll set instances apps to run as administrator, and get a UAC prompt and be done with it.

One of the biggest security issues in Windows has been the fact that most people run their computers as admins ALL the time. This is just not acceptable in the Internet age.

In *NIX, it’s not all that different. You have to sudo to install software, change certain settings, copy files to certain directories and so forth.

I've never heard anyone in the *NIX world complain about it. It's considered a good practice in that world, but in the Windows world it’s almost considered evil. No, UAC is not perfect and there are times when it can be a pain, but those processes can be run TEMPORARILY as admin when needed.
Click to expand...

I wonder how much you have used *nix. I practically never have to sudo anything. I install most of my software via a package manager. I enter my password once and I'm done with it for the most part. I've installed plenty of other programs outside the package manager and did not need administrator rights to do so. Then again, those programs aren't trying to use administrative hooks because they don't need them.

As an openSUSE user, I have the advantage of Yast. A "Control Panel" like interface with basically every administrative GUI tool and task. I enter my password once to access the panel and after that I'm not bothered by popup after popup after popup.

UAC is a shitty copy of sudo plain and simple. It doesn't help that so many companies want administrative privileges for their software on MS machines because they are too lazy to write the software the correct way. Also, Vista's default user account is a limited administrator account and not a user account. Because of this it's inherently less safe.

As a regular user under Linux, I can read and write to anything on the drive with the same permissions as my user account. I can read many things with root privileges but I cannot write to them. The main things I cannot write are located in a couple of different places for the most part. This is done for security reasons.

What I find sad is that even after so many years of this being done on other operating systems, MS had to go and screw up UAC. It's not a difficult thing to implement when you have years upon years of examples to look at. The "click to allow" bullshit has to be the dumbest thing I've ever seen for "security".

For the record, I turn off UAC in Vista for myself. However, I don't run as root in Linux. I deal with the issues in Linux easily. Outside of changing some type of system configuration I rarely have to enter in my password to get root access. With UAC in Vista, it's a constant annoyance especially with having to click "yes" multiple times for practically the same operation. UAC is a flawed implementation and I have no problem with turning it off. Sure, I have an idea of what safety is and ways to stay relatively safe so it's not a big deal for me. However, I don't see it as all that secure for the average person. They are just going to get annoyed with it and click yes to anything and everything that pops up after some time. They don't care about security when it interferes with their productivity.

 
You must log in or register to reply here.
Back
Top