What UAC Controversy?

I vaguely remember turning off some 3-letter acronym security "feature" after trying it out for a short period. Me and my computer couldn't be happier.

I never looked back... Just some common sense:

• Don't run executable from unknown sites
• Beware of Media Player dangerous codec downloading "feature"
• Don't open executable attachments, even from your friends

Seriously... When was the last time (if at all) that UAC caught something and alerted you of an imminent danger, which you cancelled the execution of?

PS... Not to say that this is OK for my dad... Probably 50% of his CPU cycles go towards security apps... Such a waste... Maybe when O/Ses grew up, we would have a better security model

In Vista we could choose the Anti Anti Virus. If we remain as standard users on 7 we can still.

I think a lot of people can do without an anti virus. The machine feels so snappy without one. As long as Windows Updates are never infected, and files from their official sources are safe, I should always be safe. I have not ran an Anti Virus since Vista. I run as a standard user and never get patches from the vendor themselves. We'll see if I get burned.

http://www.codinghorror.com/blog/archives/000803.html

Should we all run as root when using Ubuntu or Mac OS X too, then?

Minh said:

Seriously... When was the last time (if at all) that UAC caught something and alerted you of an imminent danger, which you cancelled the execution of?

That's not what UAC is about or does.

AndyC said:

Minh said:

*snip*

That's not what UAC is about or does.

Which has been stated over and over, and then disregarded by Minh with a lame joke followed by 'lol'.

I found UAC useful when I installed a wellknown and very expensive 3D cad program and found out that on admins account there is an updater.exe that requires admin privileges at EVERY log on. I think UAC is usefull to discriminate good and bad programming practice, but hey, you can tweak it according to your needs.

Another one for the list:

• Don't browse the web ever, not even "trusted" sites as they get hijacked these days, or, if you must browse the web, don't install Flash (bye bye YouTube) or anything else and ideally use Lynx as your browser.

AndyC said:

Minh said:

*snip*

That's not what UAC is about or does.

What is the ultimate end of UAC for you Andy?

LeoDavidson said:

Another one for the list:

• Don't browse the web ever, not even "trusted" sites as they get hijacked these days, or, if you must browse the web, don't install Flash (bye bye YouTube) or anything else and ideally use Lynx as your browser.

 

Lynx? No way... To many entry points for vectors... I use TELNET to port 80 HAHA

contextfree said:

Should we all run as root when using Ubuntu or Mac OS X too, then?

Should we all run as root when using Ubuntu or Mac OS X too, then?

I'm just saying that putting a prompt up isn't really a good security measure... There will be people who say, UAC isn't a security feature because it can be bypassed so easily... then why am I taking a performance hit for something so useless?

Minh said:

AndyC said:

*snip*

What is the ultimate end of UAC for you Andy?

I'd rather like developers to write their applications correctly so that I don't have to spend half my life working round the bodges they put in place because as far as they are concerned there's no world outside their rather blinkered view that it's fine for everybody to run as an Administrator.

That fine by you?

Minh said:

contextfree said:

*snip*

Should we all run as root when using Ubuntu or Mac OS X too, then?

 

I'm just saying that putting a prompt up isn't really a good security measure... There will be people who say, UAC isn't a security feature because it can be bypassed so easily... then why am I taking a performance hit for something so useless?

"There will be people who say, UAC isn't a security feature because it can be bypassed so easily"

------------------

Read the following postings, from the linked post to the bottom of the page:

http://channel9.msdn.com/forums/Coffeehouse/473037-UAC-controversy-the-last-episode/?CommentID=473716

It's not that easy to circumvent UAC (on Vista at least).

wastingtimewithforums said:

Minh said:

*snip*

"There will be people who say, UAC isn't a security feature because it can be bypassed so easily"

------------------

Read the following postings, from the linked post to the bottom of the page:

http://channel9.msdn.com/forums/Coffeehouse/473037-UAC-controversy-the-last-episode/?CommentID=473716

It's not that easy to circumvent UAC (on Vista at least).

If I have a museum and put laser detectors, cameras, 10 security guards, etc, to protect the towel rack in the bathroom, while all my priceless artwork is completely unguarded, that's not good security. UAC (and yes, UNIX root/user permissions also) is protecting the towel rack (eg: \Program Files), while all the user's personal files and network integrity, stuff that could ruin that individual for life thanks to identity theft and the like, is completely frecken unguarded.

Bass said:

wastingtimewithforums said:

*snip*

If I have a museum and put laser detectors, cameras, 10 security guards, etc, to protect the towel rack in the bathroom, while all my priceless artwork is completely unguarded, that's not good security. UAC (and yes, UNIX root/user permissions also) is protecting the towel rack (eg: \Program Files), while all the user's personal files and network integrity, stuff that could ruin that individual for life thanks to identity theft and the like, is completely frecken unguarded.

You know what, I agree! But with root access, you can do more nasty things. Say, installing a service, that periodicaly scans your home folder for files with a specific criteria and sends them back "home".

It's possible to do that with a standard account too (instead of a service, it would be background program, that starts automaticaly, because it copied itself into the autostart folder or modified HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\run) but with root access, it's much harder to detect, because it can use rootkit-techniques.

The NT/UNIX model is far from perfect, but, even considering all that, I can't still see how the new UAC behaviour in Win7 is a good thing.

wastingtimewithforums said:

Bass said:

*snip*

You know what, I agree! But with root access, you can do more nasty things. Say, installing a service, that periodicaly scans your home folder for files with a specific criteria and sends them back "home".

It's possible to do that with a standard account too (instead of a service, it would be background program, that starts automaticaly, because it copied itself into the autostart folder or modified HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\run) but with root access, it's much harder to detect, because it can use rootkit-techniques.

The NT/UNIX model is far from perfect, but, even considering all that, I can't still see how the new UAC behaviour in Win7 is a good thing.

Because it annoys people less. Believe it or not, that's a feature in itself. You need to figure out a way to improve security that doesn't involve unrequested modal dialogs, which IMO is the biggest failure in UI design since the GUI was first conceived.

If anyone has alternative suggestions for increasing computer security they're welcome to bring them up here. We can evaluate them

Bass said:

wastingtimewithforums said:

*snip*

Because it annoys people less. Believe it or not, that's a feature in itself. You need to figure out a way to improve security that doesn't involve unrequested modal dialogs, which IMO is the biggest failure in UI design since the GUI was first conceived.

It annoys people less, right.. and it creates a fake security too, wich pretty much negates the whole un-annoyingness.

UAC still does show prompts for third party software, but third party software can circumvent that prompts with mind blowing ease now (not possible before). Therefore, it controls only those applications, which WANT to be controlled! It's like as if the police arrests only those criminals, that want to arrested. This is so stupid, how can anyone defend it?

Seriously, it would be better now if Windows 7 would auto elevate everything at the default setting, at least the whole fakeness of if it would be gone. The new UAC default is the worst of both worlds.

AndyC said:

Minh said:

*snip*

I'd rather like developers to write their applications correctly so that I don't have to spend half my life working round the bodges they put in place because as far as they are concerned there's no world outside their rather blinkered view that it's fine for everybody to run as an Administrator.

That fine by you?