Living with Vista's UAC

It's still a nusiance, but I'm slowly getting used to it after running Vista for over 2 years :D
 
I've been using UAC for about a year and a half myself. My problem is that I play EverQuest 2 and it refuses to run without a UAC prompt. I just used Ed's suggestions to get around that. That was the last application I run that needed a UAC prompt. What's great is it gives you a way to "white list" specific applications.
 
Not tooting my own horn here (who, me?) but a read-through of some of the stickies in this thread:

http://www.hardforum.com/showthread.php?t=937835

can provide some very useful info too. I mention this because I know a lot of people, especially new members to the forum (and I've been around here far longer than the current account hints at, I assure you), don't actually read the stickies when posted, nor the contents of 'em. So instead of us having like 15 stickied posts at the top of every single forum page (or subforums), the Mods created a single sticky post, and inside that post linked above are the good ones - and I've got two in there myself that I've received a lot of thanks for since they were "published":

"Vista, Admin rights, UAC, and You" and "The best Vista tip I can offer and one that is sorely needed"

The information in those two threads should prove to be highly useful to most anyone, even to long-time users of Vista. Bott's article is great, and basically reiterates a lot of stuff already mentioned in several of the stickies, not just mine.

Good luck...
 
I just leave it on. I run into it maybe once a week with my laptop (because everyday user activities don't trigger it). Obviously, if you do a lot of install/uninstall you're going to see a lot more UAC, but I think few people would argue with that because the one of the main reasons for UAC is to monitor and give last-chance-to-avoid on program installs anyway.

I turn it off when I'm setting up a new system (or if I've just formatted) because I put all my shortcuts in the global, not User, start menu and it is very annoying to constantly have UAC in your face when all you're doing is moving shortcuts around.
 
I'm glad that Ed Bott explains the real purpose of UAC in that post; too many people think that it's all pointless nagging about if you're really sure if you want to do actions, and about trying to protect you from yourself, and so people who "know what they're doing" turn it off. The prompts themselves aren't really the feature, it's what the prompts allow - for all other programs to run with limited user privileges.

You can know perfectly well what you're doing, but running with administrator privileges all the time means all your programs have those privileges, and a security hole in your browser could be used to take over the system, for example. UAC means your web browser and most other programs don't have access to system resources, and the damage potential is significantly reduced. The end result is a smaller number of potential attack vectors.
 
I leave it on on my laptop and desktop. Other than changing system settings (i.e. where I SHOULD get prompted), I never run into it. I like the feature - it's another level of confirmation that nothing I don't know about is running on the machine.
 
I agree. That said, I play EverQuest 2, which won't run without UAC prompts. These tips are great for getting around that without disabling UAC.
 
I had to disable UAC due to software conflicts with Ventrilo + TSOverlay that are used for both my Vanguard guild and UT2k4/UT3 clan, I would get popup messages everytime someone entered or left the channel I was in, this is bad as it would alt-tab the game out which is bad when doing tournament fights and raids. I would also get the user control permissions box when starting Vanguard, rather annoying.

I live alone and the computer sits behind a hardware +software firewall box so I doubt I will have any hacking issues. I am also careful about what software I load on the computer and what sites I go to.

I wouldn't have a problem with UAC if it had a "this software is safe stop bugging me" button or the ability to white list specific apps.
 
Mithent said:
I'm glad that Ed Bott explains the real purpose of UAC in that post; too many people think that it's all pointless nagging about if you're really sure if you want to do actions, and about trying to protect you from yourself, and so people who "know what they're doing" turn it off. The prompts themselves aren't really the feature, it's what the prompts allow - for all other programs to run with limited user privileges.

You can know perfectly well what you're doing, but running with administrator privileges all the time means all your programs have those privileges, and a security hole in your browser could be used to take over the system, for example. UAC means your web browser and most other programs don't have access to system resources, and the damage potential is significantly reduced. The end result is a smaller number of potential attack vectors.
Click to expand...

But you know what UAC is back asswards. It doesnt make any sense.... UAC by default allows all programs full access, and then restricts on an action by action basis. This is backwards. It doesnt make any sense...

Heres how it should work..... Users should belong to a limited group by default. applications should belong to it's own group, and if you want a user to have access to that application, then they should join that applications group. If a user does not belong to that applications group, then they should be prompted for that groups password. The way UAC works is it allows everything by default, then restricts on an action by action basis, which you can then bypass using an OK prompt... How is that secure? All I gotta do is hit OK... Where is the security at?

Heres my advice... Disable UAC and run your users in a limited group like Users or something similar. Create groups for the applications that you use, and add your users to those groups. This will automatically block everything that you dont specifically allow and allow everything that you do..... This method is secure becouse there wont be a on OK box to click on, and cant be bypassed.... Way better then UAC.
 
is UAC even still an issue? after more than a year on Vista now, UAC is as transparent as everything else..

i've come so accustomed to it that i know when to expect it and when it comes up

when i am not expecting it i really can take the time to see what is going on and what is trying to access the system..
 
duby229 said:
But you know what UAC is back asswards. It doesnt make any sense.... UAC by default allows all programs full access, and then restricts on an action by action basis. This is backwards. It doesnt make any sense...
Click to expand...

Umm.. UAC by defualt gives programs User Level access. That's kind of the whole point. It doesn't grant admin access by default even when logged in as admin. If the application needs to do something that requires admin access it then triggers before the admin token is granted or allowed.

Heres how it should work..... Users should belong to a limited group by default. applications should belong to it's own group, and if you want a user to have access to that application, then they should join that applications group. If a user does not belong to that applications group, then they should be prompted for that groups password. The way UAC works is it allows everything by default, then restricts on an action by action basis, which you can then bypass using an OK prompt... How is that secure? All I gotta do is hit OK... Where is the security at?
Click to expand...

You seem to be misunderstanding how UAC works. It does not allow everything by default at all.

Heres my advice... Disable UAC and run your users in a limited group like Users or something similar. Create groups for the applications that you use, and add your users to those groups. This will automatically block everything that you dont specifically allow and allow everything that you do..... This method is secure becouse there wont be a on OK box to click on, and cant be bypassed.... Way better then UAC.
Click to expand...
Part of the problem of relying on limited accounts like that is that there are some games like EQ2 that patch before they run. This requires them to update folders that are considered system files and therefor limited accounts can not write. That means you can't play.
 
AMD_Gamer said:
i turn it off but thats just me
Click to expand...


Yeah, but then you are not living with UAC, are you? :p

I prefer to use UAC for the extra layer of security, but there are times when I want to "white list" certain applications that still require admin access. These tips allow me to do that.
 
griffinhart said:
Umm.. UAC by defualt gives programs User Level access. That's kind of the whole point. It doesn't grant admin access by default even when logged in as admin. If the application needs to do something that requires admin access it then triggers before the admin token is granted or allowed.
Click to expand...

It doesnt grant anything. What it does is it revokes permission. But not on an application basis instead on an action basis. And it is completely backwards. It allows access by default and revokes permission when an action triggers UAC. This is how it works.

You seem to be misunderstanding how UAC works. It does not allow everything by default at all.
Click to expand...

There certainly is no misunderstanding. That is how UAC works. To prove it all you have to do is click on an OK prompt to bypass it.

Part of the problem of relying on limited accounts like that is that there are some games like EQ2 that patch before they run. This requires them to update folders that are considered system files and therefor limited accounts can not write. That means you can't play.
Click to expand...

Which should be totally impossible to do. Under any and every circumstance. An application should --never-- modify system files ever. And this is --exactly-- what running under a limited user account is going to protect you from. If MS enforced limited user accounts, software developers would have no choice but to fix there software. And it --CAN-- be done. Look at OSX, or BSD, or Linux, or Solaris... These OS's have been using limited users by default for many years and dont have these problems. It's not impossible to fix, it'll just take MS enforcing sound security policies.
 
Product unit manager David Cross made the comment last week at the RSA Conference, in reference to a Vista security feature called User Access Controls (UAC). UAC requires users to run Vista without administrator privileges, and it prompts users when they attempt to install some new applications.

“The reason we put UAC into the [Vista] platform was to annoy users,” Cross said, according to published reports.

Cross said his team designed UAC to force independent software vendors (ISVs) to make their software more secure. Apparently, they thought that annoyed users would lash out against the ISVs whose software generated the prompts.

Cross also responded to claims that the UAC prompts don’t make Vista more secure, because most users just click “yes” no matter what. Here’s what he said, according to CNET:

“It’s a myth that users click ‘yes,’ ‘yes,’ ‘yes,’ ‘yes.’ Seven percent of all prompts are canceled. Users are not just saying ‘yes.’”


Flatly, screw MS. I disabled that crap.
 
duby229 said:
It doesnt grant anything. What it does is it revokes permission. But not on an application basis instead on an action basis. And it is completely backwards. It allows access by default and revokes permission when an action triggers UAC. This is how it works.
Click to expand...
Wrong. As has been stated before, applications run at a minimal permissions level. When they need more, they prompt you to allow them to be promoted to a higher level.
Which should be totally impossible to do. Under any and every circumstance. An application should --never-- modify system files ever.
Click to expand...
The Registry is a system file. And apps have to modify that all the time. Etc. Plus UAC isn't just about files, it's about other privileges like accessing low-level drivers and such. You have a fundamental misunderstanding about what UAC does and how it works.
 
Arainach said:
Wrong. As has been stated before, applications run at a minimal permissions level. When they need more, they prompt you to allow them to be promoted to a higher level.The Registry is a system file. And apps have to modify that all the time. Etc. Plus UAC isn't just about files, it's about other privileges like accessing low-level drivers and such. You have a fundamental misunderstanding about what UAC does and how it works.
Click to expand...

No I dont, and you are wrong sir. UAC monitors a list of actions, and when it captures one of those actions it revokes permission... That --is-- how it works... UAC does --not-- escalate permissions. Instead it monitors a list of predefined actions, and when one of those actions occurs it revokes permission. I dont understand what the problem here is. It really is that simple.
 
duby229 said:
It doesnt grant anything. What it does is it revokes permission. But not on an application basis instead on an action basis. And it is completely backwards. It allows access by default and revokes permission when an action triggers UAC. This is how it works.



There certainly is no misunderstanding. That is how UAC works. To prove it all you have to do is click on an OK prompt to bypass it.
Click to expand...
Repeating this doesn't make it any less wrong.

When a user of the administrator group is logged in the are given two tokens. A standard user token and an admin token. The admin token is not used unless the user or application specifically requests the admin token. In the case of standard users it requires credentials of an account in the administrators group through UAC. In the case of a user in the admin group UAC prompts for confirmation before granting use of the Administrator Token. Without granting use of the admin token the user, be it standard or admin, does not have access.

Clicking OK doesn't bypass anything. You definitely have not done much reading on this.


Which should be totally impossible to do. Under any and every circumstance. An application should --never-- modify system files ever. And this is --exactly-- what running under a limited user account is going to protect you from.
Click to expand...
And this is exactly what MS has been trying to enforce. One of the whole reasons for UAC was to move developers to the proper model.

If MS enforced limited user accounts, software developers would have no choice but to fix there software. And it --CAN-- be done. Look at OSX, or BSD, or Linux, or Solaris... These OS's have been using limited users by default for many years and dont have these problems. It's not impossible to fix, it'll just take MS enforcing sound security policies.
Click to expand...

MS was going to do exactly that, but, it would of had the result of breaking a significant amount of existing applications. MS doesn't have the luxury of just throwing away backwards compatibility.
 
duby229 said:
No I dont, and you are wrong sir. UAC monitors a list of actions, and when it captures one of those actions it revokes permission... That --is-- how it works... UAC does --not-- escalate permissions. Instead it monitors a list of predefined actions, and when one of those actions occurs it revokes permission. I dont understand what the problem here is. It really is that simple.
Click to expand...

Care to show us proof of this? You are completely wrong here. You clearly have no idea how UAC works.

Here's a link that explains UAC.

http://weblogs.asp.net/kennykerr/ar...1320_-Part-4-_1320_-User-Account-Control.aspx

When an administrator logs on to a computer things are a little different and this is where Windows Vista differs dramatically from previous versions. Although the system creates a new logon session, it creates not one but two different tokens representing the same logon session. The first token grants all the permissions and privileges afforded to the administrator while the second token is a restricted token, sometimes called a filtered token, offering far fewer permissions and privileges. This restricted token offers practically the same capabilities and constraints as would be granted to a standard user. The system then creates the shell application using the restricted token. This means that although the user is logged on as an administrator, applications are by default run with limited permissions and privileges.

When the administrator needs to perform some task that requires additional permissions or privileges not granted to the restricted token, he or she can elect to run an application using the full security context provided by the unrestricted token. What protects the administrator from malicious code is that this elevation to the unrestricted token is only allowed after the administrator has confirmed the desire to use the unrestricted token by means of a secure prompt provided by the system. Malicious code cannot suppress this prompt and thereby gain complete control over the computer without the user’s knowledge.
Click to expand...
 
retrorocketz said:
“The reason we put UAC into the [Vista] platform was to annoy users,” Cross said, according to published reports.

Cross said his team designed UAC to force independent software vendors (ISVs) to make their software more secure. Apparently, they thought that annoyed users would lash out against the ISVs whose software generated the prompts.
Click to expand...

Well, Cross evidently doesn't have a way with words, but people are slightly misinterpreting this; it's a nice soundbite but obviously it would be incredibly stupid for Microsoft to put a feature in which was purely there to annoy people. Somehow I don't think that the project managers would have a team who focused on making their customers annoyed. He means that developers hadn't been proactive enough in making their programs limited user friendly and wouldn't do so unless there was some incentive - ie, their programs would annoy the user by asking for elevation unless they wrote them with limited users in mind.

That's not the only role of UAC either; UAC is also important in encouraging the user to run as a limited user in the first place, of course - some tasks will always require admin privileges (or there would be no such thing as admin privileges in the first place!), and UAC allows simple elevation of privileges for those tasks. It's no good if the programs run fine as a limited user if everyone runs as administrator anyway.

duby229 said:
No I dont, and you are wrong sir. UAC monitors a list of actions, and when it captures one of those actions it revokes permission... That --is-- how it works... UAC does --not-- escalate permissions. Instead it monitors a list of predefined actions, and when one of those actions occurs it revokes permission. I dont understand what the problem here is. It really is that simple.
Click to expand...

That would be pretty stupid behaviour, if it did that. However, as has been explained, it doesn't. A program has to ask for elevation at launch, and a running program cannot have its privileges extended or otherwise altered. This is why Task Manager closes and opens again if you choose the "Show processes from all users" option. If it doesn't ask at launch, it gets standard user privileges.
 
griffinhart said:
Care to show us proof of this? You are completely wrong here. You clearly have no idea how UAC works.

Here's a link that explains UAC.

http://weblogs.asp.net/kennykerr/ar...1320_-Part-4-_1320_-User-Account-Control.aspx
Click to expand...

The dude who wrote that blog has no clue what he is talking about....

http://technet2.microsoft.com/WindowsVista/en/library/0d75f774-8514-4c9e-ac08-4c21f5c6c2d91033.mspx

This is coming straight from the horses mouth. Users have two tokens, Admin, and User. Yes that is right two. You heard straight from the horses mouth.

What UAC does is when an action triggers UAC it'll either use the user token or the admin token depending on whether --you-- chose to revoke permission or not. In the end it essentially is the same thing as starting the desktop with user privileges and then when UAC is triggered by one of these actions it allows you to determine whether or not to revoke the admin token. It is --not-- password protected. All you have to do is simply click on allow.

It has nothing to do with privilege escalation. All UAC does is it allows you to revoke permissions on the condition of whether you click allow or block. The deal is though that becouse it isnt password protected anybody can click allow. This is no different from Windows 98 allowing you to log in as local admin by simply clicking the cancel button on the logon prompt. Additionally the Windows Vista GUI fully supports scripting. Anybody could write a script to automatically click on allow when that dialog pops up.
 
duby229 said:
The dude who wrote that blog has no clue what he is talking about....
Click to expand...

His bio on his blog says this:
Kenny Kerr is a software craftsman specializing in software development for Windows. He has a passion for writing and teaching developers about programming and software design.

Kenny received the Microsoft MVP award in 2005 for his work on windows developer security and again in 2007 for his contributions to the Visual C++ community.

Microsoft doesn't seem to agree with your assessment of him.


http://technet2.microsoft.com/WindowsVista/en/library/0d75f774-8514-4c9e-ac08-4c21f5c6c2d91033.mspx

This is coming straight from the horses mouth. Users have two tokens, Admin, and User. Yes that is right two. You heard straight from the horses mouth.

What UAC does is when an action triggers UAC it'll either use the user token or the admin token depending on whether --you-- chose to revoke permission or not. In the end it essentially is the same thing as starting the desktop with user privileges and then when UAC is triggered by one of these actions it allows you to determine whether or not to revoke the admin token. It is --not-- password protected. All you have to do is simply click on allow.
Click to expand...

Hitting decline on UAC does not revoke anything. Clicking no tells Windows that you do not want to escalate to the admin token. You are correct that when you are logged in as an admin that you do not need to enter a password because you are logged in as admin. But you do have to enter in admin credentials if you are logged in as a standard user. This was the compromise that MS used because it was requested.


It has nothing to do with privilege escalation. All UAC does is it allows you to revoke permissions on the condition of whether you click allow or block.
Click to expand...

From your link:
After an administrator logs on, the full administrator access token is not invoked until the user attempts to perform an administrative task.
That is privilege escalation. It can not do these functions without using the admin token. It can not use the admin token until the user gives permission. That is privilege escalation.

The deal is though that becouse it isnt password protected anybody can click allow. This is no different from Windows 98 allowing you to log in as local admin by simply clicking the cancel button on the logon prompt. Additionally the Windows Vista GUI fully supports scripting. Anybody could write a script to automatically click on allow when that dialog pops up.
Click to expand...

Here is where you are wrong again. While Vista's GUI is scriptable, all UAC prompt are done on a secure desktop which is not scriptable or spoofable.

from:
http://blogs.msdn.com/uac/archive/2006/05/03/589561.aspx
The Secure Desktop’s primary difference from the User Desktop is that only trusted processes running as SYSTEM are allowed to run here (i.e. nothing running as the User’s privilege level) and the path to get to the Secure Desktop from the User Desktop must also be trusted through the entire chain.

So what does this experience look like? When you click on a UAC shielded control, your user desktop will appear to dim and the window that caused the elevation request – typically the window you were most recently using - and the elevation UI will be made more prominent. This is to provide you with the highest level of context possible when interacting with the elevation dialog. It’s worthwhile to note that we could have continued to use the blue-green background that Logon UI uses, but we felt that it was an important part of the overall user experience to maintain as much of your current task context as possible since you were likely in the middle of doing something specific when you were presented with the elevation UI.
Click to expand...

Just for emphasis on showing it's a privilege elevation vs the nonsense you are spouting, I bolded where MS themselves say it's an elevation.

You keep making statements that you clearly are not informed about.

Edit:
Removed an unnecessary personal comment. It wasn't called for.
 
What's funny about these kind of threads is that generally the people participating in the arguments don't have any ground to stand on with their points except to turn the entire "discussion" into a massive URL-flinging match, with each participant throwing out wiki stuff, knowledge base links, quotes from articles from 2001 (been a lot of those lately), and basically nothing of any real consequence getting discussed.

It's the new way to compete online, like "Googling For Dollars" or whatever, except the "prize" just ends up giving yourself a warm fuzzy feeling knowing that you got the e-best of someone when your developer quote trumped a clip from an article written by a pundit copied from a podcast discussion that was based on hearsay overheard at a Starbucks between a Mac user bashing Microsoft and a Windows user that never gets past the fact that some people just like Macs regardless.

Yeah... it's kinda like that.
 
Joe Average said:
What's funny about these kind of threads is that generally the people participating in the arguments don't have any ground to stand on with their points except to turn the entire "discussion" into a massive URL-flinging match, with each participant throwing out wiki stuff, knowledge base links, quotes from articles from 2001 (been a lot of those lately), and basically nothing of any real consequence getting discussed.

It's the new way to compete online, like "Googling For Dollars" or whatever, except the "prize" just ends up giving yourself a warm fuzzy feeling knowing that you got the e-best of someone when your developer quote trumped a clip from an article written by a pundit copied from a podcast discussion that was based on hearsay overheard at a Starbucks between a Mac user bashing Microsoft and a Windows user that never gets past the fact that some people just like Macs regardless.

Yeah... it's kinda like that.
Click to expand...


I sorta agree with you... Though I'd like to make the distinction between the facts, and twisting the facts.
 
I guess some of you have a problem understanding that developers, lazy developers, are the reason that such a security technique was necessary in the first place.

Don't get me wrong, Microsoft's just as much at fault for going this long with elevated privileges for all user accounts. But blame should also be placed squarely on the software vendors/developers because it is there duty to ensure they are leveraging optimization, efficiency and security. Some of them seem to forget 1 or 2 out of 3.

I also guess those of you who don't understand that, also don't understand that you can disable UAC on a per program basis.
 
Wow. It's not that hard. UAC elevates permissions when you click Continue or enter an administrator password. Without a specific action from the user, the requesting application is not allowed to run with administrative privileges. I can see why some people can confuse this and believe that "UAC revokes permissions" but that implies that all applications run at an administrator level by default which is completely false. The whole point of UAC is that applications do NOT run at an administrator level by default and have to ask permission (request elevation) in order to do anything.

It's there for a reason. It is annoying, but it's better than the previous security model (if you can call it a "security" model) when all applications have default administrator privileges...
 
duby229 said:
I sorta agree with you... Though I'd like to make the distinction between the facts, and twisting the facts.
Click to expand...
The latter being what you've done. Way to ignore griffin's post where he shows that even your source confirms that it's privledge escalation.
 
dot_Zen said:
I guess some of you have a problem understanding that developers, lazy developers, are the reason that such a security technique was necessary in the first place.

Don't get me wrong, Microsoft's just as much at fault for going this long with elevated privileges for all user accounts. But blame should also be placed squarely on the software vendors/developers because it is there duty to ensure they are leveraging optimization, efficiency and security. Some of them seem to forget 1 or 2 out of 3.

I also guess those of you who don't understand that, also don't understand that you can disable UAC on a per program basis.
Click to expand...

That's a good link. Unfortunately, it didn't work for the SOE games I run. The third suggestion in Bott's article did the trick for me though. And It didn't require me disabling UAC either. :) In a nutshell, I created a scheduled task that runs the program with admin rights then created a shortcut to execute the scheduled task. It works very well too.
 
dot_Zen said:
I guess some of you have a problem understanding that developers, lazy developers, are the reason that such a security technique was necessary in the first place.
Click to expand...

That's true, though something to easily elevate for admin commands would be required anyway to convince people to actually run as limited users. In a corporate environment that wouldn't be too much of a problem if programs ran well a a limited user, but home users would just keep running as administrator if there was no obvious way to change the time, for example.
 
duby229 said:
Which should be totally impossible to do. Under any and every circumstance. An application should --never-- modify system files ever. And this is --exactly-- what running under a limited user account is going to protect you from. If MS enforced limited user accounts, software developers would have no choice but to fix there software. And it --CAN-- be done. Look at OSX, or BSD, or Linux, or Solaris... These OS's have been using limited users by default for many years and dont have these problems. It's not impossible to fix, it'll just take MS enforcing sound security policies.
Click to expand...

Your method would be more annoying than UAC. Lots of MP games need admin access for their anti cheat software to check your files. Using your method you would have to enter an admin password for every time you play those games. As it is now if you get an issue like that you simply right click the game shortcut and give it admin access. I think punkbuster games have fixed that because it now runs as a service.
 
rockfella said:
Whats the harm in disabling it? BTW i am still on XP SP3 and extremely happy :)
Click to expand...

With UAC disabled, you get the same level of security as XP - ie, if you're running as a local administrator (as nearly everyone is), all programs automatically have access to virtually the entire computer. You don't get the benefits of running most programs as a limited user to reduce potential attack vectors, or notification when a program requests administrative privileges. This doesn't mean that the computer is insecure, but there's far more code running with privileges that would allow it to do damage (whether intentionally or through an exploit) than under Vista with UAC - it's a form of inherent security that's also used in a similar way under Linux and OS X.
 
rockfella said:
Whats the harm in disabling it? BTW i am still on XP SP3 and extremely happy :)
Click to expand...

Once could say the same thing about leaving ones house or car unlocked all the time. What's the harm? I've never been robbed or had my car stolen.

You are just far less likely to have your system compromised while using UAC. It's very possible to not use it and not have a problem. It's also just as possible to be careful and still have a problem.
 
You must log in or register to reply here.
Back
Top