DigeratiPrime Posted June 14, 2009 Share Posted June 14, 2009 I personally like UAC and run it on the highest settings and logon as a Limited User. So since I can't vote add +1 to the first poll option Link to comment Share on other sites More sharing options...
computerwizkid Posted June 14, 2009 Share Posted June 14, 2009 I run UAC at default when I'm using it in my VM.My computer won't make a partition large enough to use Win7.I have over 300gb free though. Link to comment Share on other sites More sharing options...
Guest Posted June 15, 2009 Share Posted June 15, 2009 Off. I survive just fine without it in XP. Link to comment Share on other sites More sharing options...
cluberti Posted June 15, 2009 Share Posted June 15, 2009 Having UAC on does give you access to other features too, like process integrity level and registry/file system virtualization. Some people don't need or want these, but I find them quite useful. Link to comment Share on other sites More sharing options...
MagicAndre1981 Posted June 15, 2009 Share Posted June 15, 2009 Always notify (slider to top position)All other settings are insecure. With the default settings (shown at the picture) all applications (good aps or malware) can easily execute code with elevated rights by using MS apps included inside Win7 without showing the UAC. This is an incredible security vulnerability. Link to comment Share on other sites More sharing options...
nitroshift Posted June 15, 2009 Share Posted June 15, 2009 Default. Link to comment Share on other sites More sharing options...
PC_LOAD_LETTER Posted June 15, 2009 Share Posted June 15, 2009 Default for now. I figure if im evaluating an OS i shouldnt change much unless it really gets in my way. Vista UAC = In my way from 3 seconds after the first boot and therefore gone after the second boot.7 UAC = Slightly annoying at first but now its only annoying when it one of the times it forces the screen black, locks up any video im playing and then forces a redraw of the entire desktop. The rest of the time its OK. Link to comment Share on other sites More sharing options...
Smiley89 Posted June 15, 2009 Share Posted June 15, 2009 D'oh I voted default when I'm on "Always notify me and dim my desktop until I respond" Link to comment Share on other sites More sharing options...
Maleko Posted June 15, 2009 Share Posted June 15, 2009 "Notify me only when programs try to make changes to my computer"Another simple level of protection, so I like it. Link to comment Share on other sites More sharing options...
Access Denied Posted June 15, 2009 Share Posted June 15, 2009 Turn it off, then install all my stuff and turn it back to default. Link to comment Share on other sites More sharing options...
cluberti Posted June 15, 2009 Share Posted June 15, 2009 7 UAC = Slightly annoying at first but now its only annoying when it one of the times it forces the screen black, locks up any video im playing and then forces a redraw of the entire desktop. The rest of the time its OK.Video driver issue. However:Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemValue: PromptOnSecureDesktopType: REG_DWORDData: 0Or you can do it in secpol.msc under Security Settings > Local Policies > Security Options > User Account Control: Switch to the secure desktop when prompting for elevation (set it to disabled). Link to comment Share on other sites More sharing options...
cluberti Posted June 15, 2009 Share Posted June 15, 2009 All other settings are insecure. With the default settings (shown at the picture) all applications (good aps or malware) can easily execute code with elevated rights by using MS apps included inside Win7 without showing the UAC. This is an incredible security vulnerability.Rundll32 will not be whitelisted in Win7 RTM. Making use of rundll32 to launch an app that would normally bypass UAC prompts behaving as if a user manually ran the app will not work on Win7 RTM, making the default more secure.http://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx Link to comment Share on other sites More sharing options...
bj-kaiser Posted June 15, 2009 Share Posted June 15, 2009 (edited) UAC disabled, using a normal user account together with Kay Bruns's SuRun. Edited June 15, 2009 by bj-kaiser Link to comment Share on other sites More sharing options...
MagicAndre1981 Posted June 15, 2009 Share Posted June 15, 2009 @clubertithe security vulnerability is still there, because only one app with this manifest entry can be used to bypass the uac when the uac is running at the default level. I also able to inject notepad, dwm, explorer and a lot more app to run any code in elevated mode without accepting the UAC prompt.Mark posted that MSFT knows this issue and will never fix it. Look here for a video: http://nudel.kelbv.com/W7E_VID_INT/W7E_VID_INT.htm and take a look at the demo app+code:http://www.pretentiousname.com/misc/W7E_So...Inject.cpp.html Link to comment Share on other sites More sharing options...
DigeratiPrime Posted June 15, 2009 Author Share Posted June 15, 2009 Full disclosure I've been aware of the issue myself and recently took the time to investigate it, but I wanted to hear how others use UAC so I can judge Microsofts reasoning here.If you go up one level on that site they have videos of this http://www.pretentiousname.com/misc/win7_uac_whitelist2.htmlIf I understand Secure Desktop correctly, it's there to stop an application from being able to click in it's own UAC dialog box to elevate itself. So I leave it on now The way I see it is it's only a matter of time before these methods are used against us. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now