Jump to content

Poll: What UAC Level do you use?


What UAC Level do you use?  

100 members have voted

  1. 1. What UAC Level do you use?

    • Always notify me and dim my desktop until I respond
      4
    • Default
      22
    • Notify me only when programs try to make changes to my computer
      11
    • Turn off UAC
      63


Recommended Posts

The way I see it is it's only a matter of time before these methods are used against us.

when Windows 7 hits RTM and will be sold this will happen :realmad:

I think I'll write a short text (in the "For Dummies" Style so that average users understand it) about UAC tommorow ( what UAC is and how it works) so that all people to disable it change their opinion.

Link to post
Share on other sites

Well, that is true, although there's not much you can do if you run code that has autoelevate at the default level. This is the security vs usability meme all over again. You get the folks complaining about UAC, but the vendor needing to use the tool in their products, so you get "autoelevation" by signed binaries to bypass things the user would do manually, except that creates potential for abuse. I suppose they could fix it, but by it's very design Windows allows injection into other .dlls and processes this way (they're using the Win32 API!), so I'm not sure what you could do short of use TPM to check binaries on execution to make sure they don't change once in memory. It would be a pain, and not everyone (in fact, I'd wager most people who will end up running Win7) don't have a TPM chip in their motherboards to enable it.

I don't like it, but I guess you shouldn't use UAC as a security boundary by itself anyway. I'd guess antivirus could catch this with heuristics, although again I'm not sure how feasible it is on older machines.

Link to post
Share on other sites

Another thing I noticed is although the author there states that this elevation trick could still work if the target process had ASLR enabled - I don't think it's been demonstrated.

Also for those that are concerned about security running as a limited user is still sound AFAIK.

Link to post
Share on other sites

Security vs. Usability:

someone explain to me why there has to be an autoelevation?

If I know what I am doing, I can as well elevate the program on my own. With SuRun it works like this: run "surun program.exe" or you can "restart as admin" from the programs system menu.

(I am not thinking SuRun is perfectly secure, but the way it works (unless you enable its own autoelevation options, I disabled on my machine) looks more sane than MS UAC IMHO)

Edited by bj-kaiser
Link to post
Share on other sites
Security vs. Usability:

someone explain to me why there has to be an autoelevation?

If I know what I am doing, I can as well elevate the program on my own.

This is what people whined about most on Vista, and why UAC on Vista got disabled most often. People want the system to be secure, but they don't want to be bothered by it - hence autoelevation for tasks you are expected to run on your own (although regedit.exe wasn't signed, which is odd).
Link to post
Share on other sites
someone explain to me why there has to be an autoelevation?

Do you seriously expect end-users to use surun and the like? Besides, most people seem to think just getting a prompt (allow/deny) is already too much of a hassle, now ask them do run things from the command line instead, and see how that'll turn out.

Link to post
Share on other sites

Also note this will only affect users running as admin anyway, although by default OOBE puts you in this group. I'll be very glad when the default behavior for new users (all new users, not just the second one on) are regular users, and the admin account *isn't* disabled so that this *does* work properly.

Link to post
Share on other sites
someone explain to me why there has to be an autoelevation?

Do you seriously expect end-users to use surun and the like? Besides, most people seem to think just getting a prompt (allow/deny) is already too much of a hassle, now ask them do run things from the command line instead, and see how that'll turn out.

I see, someone didnt read my post to the end.

If I know what I am doing, I can as well elevate the program on my own. With SuRun it works like this: run "surun program.exe" or you can "restart as admin" from the programs system menu.

I dont know if "system menu" was the right phrase, what I mean is the context menu you get when you right-click a programs title bar.

Hope that makes it clear.

Link to post
Share on other sites

I have it disabled and it will always be for me. In Vista too.

The reason is that I don't want to get bothered with programs I use and TRUST. For everything else, there are Firewalls (software or hardware and Anti-virus applications. I use Hardware FW + Anti-virus/Software FW (KIS 2010).

For the average user UAC is a good measure against common threats like malware or spyware.

Link to post
Share on other sites

I've taken a rather unique approach to UAC, which I'm actually quite proud of.

As some of you may know, there's an option buried deep within secpol.msc to require even administrators to authenticate with their password when presented with a UAC prompt, the same as how unprivileged users are usually required to. I looked around a bit, and saw that the UAC response is determined by a registry variable:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:(value)

Setting it to 00000005 puts it to the default, secure desktop, prompt for consent for applications that need elevation only setting.

Setting it to 00000001 puts it into "paranoid" mode, where it prompts for any and all system changes, and requires the user's password.

I have two registry files, one to set it to default mode, and one to set it to paranoid mode. I then have two scheduled tasks. One detects the eventlog event for disconnecting from a network, and it sets the system to paranoid mode. This way, when I'm away from my home network, if someone walks up to my computer when I didn't lock it, they can't do any major changes without my password, or by sticking a USB flash drive with a virus in, etc. The 2nd task runs when connecting to a network, but is set to only run when connecting to my home network. It sets it to normal mode, so that at home everything is simple and un-annoying. It works great and is secure both in the way UAC intended and in the additional protection of password protected elevation.

Link to post
Share on other sites
  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...