Coffeehouse Thread

61 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

What UAC Controversy?

Back to Forum: Coffeehouse
  • User profile image
    Minh

    I vaguely remember turning off some 3-letter acronym security "feature" after trying it out for a short period. Me and my computer couldn't be happier.

    I never looked back... Just some common sense:

    • Don't run executable from unknown sites
    • Beware of Media Player dangerous codec downloading "feature"
    • Don't open executable attachments, even from your friends

    Seriously... When was the last time (if at all) that UAC caught something and alerted you of an imminent danger, which you cancelled the execution of?

    PS... Not to say that this is OK for my dad... Probably 50% of his CPU cycles go towards security apps... Such a waste... Maybe when O/Ses grew up, we would have a better security model

  • User profile image
    intelman

    In Vista we could choose the Anti Anti Virus. If we remain as standard users on 7 we can still.

    I think a lot of people can do without an anti virus. The machine feels so snappy without one. As long as Windows Updates are never infected, and files from their official sources are safe, I should always be safe. I have not ran an Anti Virus since Vista. I run as a standard user and never get patches from the vendor themselves. We'll see if I get burned.

    http://www.codinghorror.com/blog/archives/000803.html

  • User profile image
    contextfree

    Should we all run as root when using Ubuntu or Mac OS X too, then?

  • User profile image
    AndyC

    Minh said:
    Seriously... When was the last time (if at all) that UAC caught something and alerted you of an imminent danger, which you cancelled the execution of?

    That's not what UAC is about or does.

  • User profile image
    Bas

    AndyC said:

    Minh said:
    *snip*

    That's not what UAC is about or does.

    Which has been stated over and over, and then disregarded by Minh with a lame joke followed by 'lol'.

  • User profile image
    giovanni

    I found UAC useful when I installed a wellknown and very expensive 3D cad program and found out that on admins account there is an updater.exe that requires admin privileges at EVERY log on. I think UAC is usefull to discriminate good and bad programming practice, but hey, you can tweak it according to your needs.

  • User profile image
    LeoDavidson

    Another one for the list:

    • Don't browse the web ever, not even "trusted" sites as they get hijacked these days, or, if you must browse the web, don't install Flash (bye bye YouTube) or anything else and ideally use Lynx as your browser.

    Smiley

     

  • User profile image
    Minh

    AndyC said:

    Minh said:
    *snip*

    That's not what UAC is about or does.

    What is the ultimate end of UAC for you Andy?

  • User profile image
    Minh

    LeoDavidson said:

    Another one for the list:

    • Don't browse the web ever, not even "trusted" sites as they get hijacked these days, or, if you must browse the web, don't install Flash (bye bye YouTube) or anything else and ideally use Lynx as your browser.

    Smiley

     

    Lynx? No way... To many entry points for vectors... I use TELNET to port 80 HAHA

  • User profile image
    Minh

    contextfree said:

    Should we all run as root when using Ubuntu or Mac OS X too, then?

    Should we all run as root when using Ubuntu or Mac OS X too, then?

     

    I'm just saying that putting a prompt up isn't really a good security measure... There will be people who say, UAC isn't a security feature because it can be bypassed so easily... then why am I taking a performance hit for something so useless?

  • User profile image
    AndyC

    Minh said:
    AndyC said:
    *snip*

    What is the ultimate end of UAC for you Andy?

    I'd rather like developers to write their applications correctly so that I don't have to spend half my life working round the bodges they put in place because as far as they are concerned there's no world outside their rather blinkered view that it's fine for everybody to run as an Administrator.

    That fine by you?

  • User profile image
    wastingtime​withforums

    Minh said:
    contextfree said:
    *snip*

    Should we all run as root when using Ubuntu or Mac OS X too, then?

     

    I'm just saying that putting a prompt up isn't really a good security measure... There will be people who say, UAC isn't a security feature because it can be bypassed so easily... then why am I taking a performance hit for something so useless?

    "There will be people who say, UAC isn't a security feature because it can be bypassed so easily"

    ------------------

    Read the following postings, from the linked post to the bottom of the page:

    http://channel9.msdn.com/forums/Coffeehouse/473037-UAC-controversy-the-last-episode/?CommentID=473716

    It's not that easy to circumvent UAC (on Vista at least).

  • User profile image
    Bass

    wastingtimewithforums said:
    Minh said:
    *snip*

    "There will be people who say, UAC isn't a security feature because it can be bypassed so easily"

    ------------------

    Read the following postings, from the linked post to the bottom of the page:

    http://channel9.msdn.com/forums/Coffeehouse/473037-UAC-controversy-the-last-episode/?CommentID=473716

    It's not that easy to circumvent UAC (on Vista at least).

    If I have a museum and put laser detectors, cameras, 10 security guards, etc, to protect the towel rack in the bathroom, while all my priceless artwork is completely unguarded, that's not good security. UAC (and yes, UNIX root/user permissions also) is protecting the towel rack (eg: \Program Files), while all the user's personal files and network integrity, stuff that could ruin that individual for life thanks to identity theft and the like, is completely frecken unguarded.

  • User profile image
    wastingtime​withforums

    Bass said:
    wastingtimewithforums said:
    *snip*

    If I have a museum and put laser detectors, cameras, 10 security guards, etc, to protect the towel rack in the bathroom, while all my priceless artwork is completely unguarded, that's not good security. UAC (and yes, UNIX root/user permissions also) is protecting the towel rack (eg: \Program Files), while all the user's personal files and network integrity, stuff that could ruin that individual for life thanks to identity theft and the like, is completely frecken unguarded.

    You know what, I agree! But with root access, you can do more nasty things. Say, installing a service, that periodicaly scans your home folder for files with a specific criteria and sends them back "home".

    It's possible to do that with a standard account too (instead of a service, it would be background program, that starts automaticaly, because it copied itself into the autostart folder or modified HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\run) but with root access, it's much harder to detect, because it can use rootkit-techniques.

    The NT/UNIX model is far from perfect, but, even considering all that, I can't still see how the new UAC behaviour in Win7 is a good thing.

  • User profile image
    Bass

    wastingtimewithforums said:
    Bass said:
    *snip*

    You know what, I agree! But with root access, you can do more nasty things. Say, installing a service, that periodicaly scans your home folder for files with a specific criteria and sends them back "home".

    It's possible to do that with a standard account too (instead of a service, it would be background program, that starts automaticaly, because it copied itself into the autostart folder or modified HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\run) but with root access, it's much harder to detect, because it can use rootkit-techniques.

    The NT/UNIX model is far from perfect, but, even considering all that, I can't still see how the new UAC behaviour in Win7 is a good thing.

    Because it annoys people less. Believe it or not, that's a feature in itself. You need to figure out a way to improve security that doesn't involve unrequested modal dialogs, which IMO is the biggest failure in UI design since the GUI was first conceived.

  • User profile image
    ManipUni

    If anyone has alternative suggestions for increasing computer security they're welcome to bring them up here. We can evaluate them

  • User profile image
    wastingtime​withforums

    Bass said:
    wastingtimewithforums said:
    *snip*

    Because it annoys people less. Believe it or not, that's a feature in itself. You need to figure out a way to improve security that doesn't involve unrequested modal dialogs, which IMO is the biggest failure in UI design since the GUI was first conceived.

    It annoys people less, right.. and it creates a fake security too, wich pretty much negates the whole un-annoyingness.

    UAC still does show prompts for third party software, but third party software can circumvent that prompts with mind blowing ease now (not possible before). Therefore, it controls only those applications, which WANT to be controlled! It's like as if the police arrests only those criminals, that want to arrested. This is so stupid, how can anyone defend it?

    Seriously, it would be better now if Windows 7 would auto elevate everything at the default setting, at least the whole fakeness of if it would be gone. The new UAC default is the worst of both worlds.

  • User profile image
    Minh

    AndyC said:
    Minh said:
    *snip*

    I'd rather like developers to write their applications correctly so that I don't have to spend half my life working round the bodges they put in place because as far as they are concerned there's no world outside their rather blinkered view that it's fine for everybody to run as an Administrator.

    That fine by you?

    I'd rather like developers to write their applications correctly so that I don't have to spend half my life working round the bodges they put in place because as far as they are concerned there's no world outside their rather blinkered view that it's fine for everybody to run as an Administrator.

    That fine by you?

    That's fine by me, but UAC isn't going to help get us there. When confronted w/ a UAC prompt for an app, would a user more likely to:
    a) Call up the developer of that app
    b) Turn off UAC
    ?
    I say b)

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.