Is UAC really needed ?

[NotMe]

I do understand that many programs can disable the AV software, firewalls,
anti-spyware, etc.
But it has to get installed before it does so.
Malware writers are getting better & better at social engineering and taking
advantage of security holes in all software.
That is why I use a dependable AV as well as Defender and Spybot/Tea Timer.
Usually what one misses the other catches.
UAC seems to just be another nag that doesn't really add anything to what I
have already been using.

 

[Plato]

I do understand that many programs can disable the AV software, firewalls,
anti-spyware, etc.

True. But it's easier just NOT to download and/or install odd ware.

 

[Jimmy Brush]

UAC seems to just be another nag that doesn't really add anything to what I
have already been using.

This is a common sentiment.

UAC is not a nag screen in the sense that it is asking you "are you
really REALLY sure you want to do this."

UAC is literally asking you "are YOU doing this?" (as opposed to a
program attempting to run itself or abuse a system utility without
your knowledge). The power behind the UAC prompt is that the ONLY way
a program can gain admin power is if it presents you a UAC prompt.

While "anti" software will protect you from using known malware by
preventing you from running them, UAC prevents any program (malware or
not) from running with admin rights if you did not start it.

UAC can prevent well-known and trusted system tools (such as
format.exe), from being used for malicious intent by shady programs to
control your computer - antivirus and antimalware cannot.

Antimalware can prevent a known bad program from running, while UAC
cannot.

These tools work together to provide a very secure system by
complimenting each other - neither is a replacement for each other.

 

[Jimmy Brush]

I can't help. Sorry.

I also envision one day, when a person starts his/her car with their very
own car key, the car will know for sure that it's the person's own will and
absolutely without any other outside influences on the decision or it won't
do so and make the certain the driver is taking every right decision when
driving the car, or it will not allow, the same thing for turning on TV,
cell phones, and every single product and device in our life.

That will be a wonderful world

I would want the car to know me vs. somebody else ...

but, I wouldn't want the car making decisions for me.

What I want is to be able to tell the car to do something and be 100%
sure that the car will do that and only that - and that is what I want
my computer to do as well.

 

[Not Me]

it sounds like Vista is trying to emulate the OSHA Cowboy...

This is a common sentiment.

UAC is not a nag screen in the sense that it is asking you "are you
really REALLY sure you want to do this."

UAC is literally asking you "are YOU doing this?" (as opposed to a
program attempting to run itself or abuse a system utility without
your knowledge). The power behind the UAC prompt is that the ONLY way
a program can gain admin power is if it presents you a UAC prompt.

<snip>

 

[Jimmy Brush]

Is putting control over what programs have full control over your
computer in your hands too much of a burden?

A lot of people think so, and there's nothing wrong with that. Some
people don't care if all programs on their computer run with full
control all of the time, because they don't wan't to deal with having
to make a decision whenever a program runs that wants admin control
over their computer.

I, personally, am glad for the extra control.

- JB

 

[Not Me]

How much control is 'enough'?
Where does it end?
A cop on every corner with a machine gun?

But for those who do want to turn it OFF, why did MS make it break other
things?
They forgot PPPPPP in this release!
And KISS too!

 

[xfile]

Hi,

You didn't get the point of my last post, which meant to tell you, it is as
ridiculous as what you said below for the purpose of using UAC.

-- the system will make sure that it will be impossible for anything
else to happen (like install nasty malwares).

Since you said "I would want the car to know me vs. somebody else ..."

And how could it be accomplished under the following scenario?

[...]when a person starts his/her car with their very

own car key, the car will know for sure that it's the person's own will
and
absolutely without any other outside influences on the decision or it
won't
do so[...]

Don't tell me using UAC.

So you don't like the car making decisions for you? Good for you.

But when someone (or something, in this case) interferes your decisions, it
is making decisions for you by questioning your decisions (I have to admit
the necessity of doing this occasionally but not always), and that's what
UAC does.

OK, I'm getting tired of this discussion. No worry, I always leave the last
words for someone else.

Take care anyway.

 

[Jimmy Brush]

Well, the "control" in this sense is a machine gun in YOUR hands,
since the only thing UAC does is defer judgement to you - it does not
protect you or keep you from doing anything (the "cop" analogy is
innacurate), it makes you decide what to do .

Of course, this decision is very easy - all you have to do is tell the
computer when you started something, and click cancel if something
happens that you didn't start.

And, you generally don't have to make this decision very often - since
it only pops up for applications that need full control over your
computer... but under certain scenarios (especially with old, outdated
software), this could certainly become "too much".

I think most people's issues with UAC are caused by noncompliant and
legacy software, and that these issues will mostly go away in the next
year or so, as the software industry adapts.

 

[Jimmy Brush]

Hi,

You didn't get the point of my last post, which meant to tell you, it is as
ridiculous as what you said below for the purpose of using UAC.

You're taking this statement out of context

I wasn't saying that this is what UAC does *now*, because it certainly
does not.

And I wasn't saying that I thought that in the future the computer
would be able to keep malware from installing... that is certainly
impossible.

What I said was that I imagine a computer in the future that would be
able to enforce that if a program said it was going to do something,
then the computer would only let the program do what it said it was
going to, and nothing else.

For instance, if the program said it was going to "save a file to my
documents folder" when I click on a button, then the system would not
let it "install a program (possibly malware)".

This would not keep me from installing malware ... but it would keep
me from installing malware *without me being aware that I was
installing a program*.

This is what I want from UAC, and I believe its core purpose -- not to
stop me from doing anything, but to make sure that I am aware of what
my computer is doing, and that I am the one in control, instead of at
the mercy of the programs running on my computer.

This is not possible today to the degree that I would like, but I
believe it will be possible in the future.

Since you said "I would want the car to know me vs. somebody else ..."

And how could it be accomplished under the following scenario?

[...]when a person starts his/her car with their very

own car key, the car will know for sure that it's the person's own will
and
absolutely without any other outside influences on the decision or it
won't
do so[...]

Don't tell me using UAC.

Absolutely not... UAC does not establish identity, and it was never
intended to. For that matter, UAC does not establish whether the user
is making a "good" or "bad" decision, and UAC does not steer the user
towards one direction or another... it simply offers as much unbiased
info about what's going on as is available, and asks the user to tell
UAC whether they started the program or not.

So you don't like the car making decisions for you? Good for you.

But when someone (or something, in this case) interferes your decisions, it
is making decisions for you by questioning your decisions (I have to admit
the necessity of doing this occasionally but not always), and that's what
UAC does.

UAC does not question your decisions... it is questioning the actions
of PROGRAMS... It *enforces* your decisions.

UAC's purpose is not to prompt when YOU run a program. It is very
unfortunate that it has to do this, but if it didn't, it wouldn't
work.

UAC's job is to STOP programs from running when you did NOT start
them. The power of the prompt is when it shows up when you are not
expecting it.

UAC's job is to keep programs from running with privilege that I did
not start, and I am very much willing to put up with a prompt every
now and then, if that is the cost of being able to ensure that only
progams that I run will have complete control over my computer.

OK, I'm getting tired of this discussion. No worry, I always leave the last
words for someone else.

Take care anyway.

Adios.

--
-JB
Microsoft MVP - Windows Shell
Windows Vista Support FAQ - http://www.jimmah.com/vista/

 

[Stephan Rose]

You're taking this statement out of context

I wasn't saying that this is what UAC does *now*, because it certainly
does not.

And I wasn't saying that I thought that in the future the computer
would be able to keep malware from installing... that is certainly
impossible.

What I said was that I imagine a computer in the future that would be
able to enforce that if a program said it was going to do something,
then the computer would only let the program do what it said it was
going to, and nothing else.

For instance, if the program said it was going to "save a file to my
documents folder" when I click on a button, then the system would not
let it "install a program (possibly malware)".

This would not keep me from installing malware ... but it would keep
me from installing malware *without me being aware that I was
installing a program*.

There is a major flaw with this entire approach (in any OS). The issue is
that a lot of malware, trojans, etc. tend to install themselves via
exploits. Exploits by their inherent definition usually defeat the security
mechanisms in place. No security system is invulnerable to exploits.

That is why I prefer Linux's approach to the problem rather than UAC. UAC
will still let the program do whatever it wants if the user clicks Yes.
Linux on the other hand (save for exploits) the program has *no chance*
whatsoever unless I personally started it with elevated permissions.

They key difference being between acting and reacting.

It's impossible under Linux to accidentally start an app with elevated
permissions! It just simply takes too much "work". It's a decision I have
to make ahead of time.

UAC all it takes is a wrong accidental mouse click on a prompt as all I am
doing is reacting to its prompt.

--
Stephan
2003 Yamaha R6

å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯
å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰

 

[Ray Rogers]

There is a major flaw with this entire approach (in any OS). The issue is
that a lot of malware, trojans, etc. tend to install themselves via
exploits. Exploits by their inherent definition usually defeat the
security
mechanisms in place. No security system is invulnerable to exploits.

That is why I prefer Linux's approach to the problem rather than UAC. UAC
will still let the program do whatever it wants if the user clicks Yes.
Linux on the other hand (save for exploits) the program has *no chance*
whatsoever unless I personally started it with elevated permissions.

They key difference being between acting and reacting.

It's impossible under Linux to accidentally start an app with elevated
permissions! It just simply takes too much "work". It's a decision I have
to make ahead of time.

UAC all it takes is a wrong accidental mouse click on a prompt as all I am
doing is reacting to its prompt.

--
Stephan
2003 Yamaha R6

å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯
å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰

Stephan, explain this in words of one syllable if you must, are you saying
that if Microsoft had, instead of a clickable prompt, created a root
password entry box, it would be as secure as Linux in this area?
The reason I'm asking, is that I'm having a difficult time understanding
what the hatred of UAC is about, and how it differs from Linux. I do have
Fedora on one of my boxes and I see no difference between entering root and
UAC, other than what you said about an accidental click.

 

[xfile]

Hi,

Thanks for the kind sharing.

UAC all it takes is a wrong accidental mouse click on a prompt as all I am
doing is reacting to its prompt.

That actually is a common sense well known by experienced computer users,
and have been stated many times, but couldn't be taken.

Many years ago, I made a conscious decision for being a technically
incompetent person so I won't be bound by own capabilities and preferences
and could adjust whenever there are new inputs and to use common sense to
determine the necessity of any "technology".

I appreciate technical professionals, like you and many others, who can
share and sit down to discuss the true pros and cons of different approaches
without getting into some meaningless and obviously out of common sense of
debates.

Over the years, I've learned so much from all of you and that decision was
one of very few good decisions that I ever made.

Thanks again for your kind sharing.

 

[xfile]

what the hatred of UAC is about[...]

Don't know about others, no hatred, except don't see any necessity of its
existence and it is annoying, plus it may still interfere one's work when it
is set to OFF.

But no hatred.

 

[Ray Rogers]

Maybe hatred was a rather strong word to use, but my question stands. What
is so different with UAC than how it is done in Linux, is it more, or less
secure, other than the user interface? And that's just a question of
personal preference, or so I would have thought.
--
Ray Rogers

what the hatred of UAC is about[...]

Don't know about others, no hatred, except don't see any necessity of its
existence and it is annoying, plus it may still interfere one's work when
it is set to OFF.

But no hatred.

Stephan, explain this in words of one syllable if you must, are you
saying that if Microsoft had, instead of a clickable prompt, created a
root password entry box, it would be as secure as Linux in this area?
The reason I'm asking, is that I'm having a difficult time understanding
what the hatred of UAC is about, and how it differs from Linux. I do have
Fedora on one of my boxes and I see no difference between entering root
and UAC, other than what you said about an accidental click.

 

[xfile]

I'd as much as like you to learn

But without comparing with others, the following statement still stands:

UAC all it takes is a wrong accidental mouse click on a prompt as all I am
doing is reacting to its prompt.

And we all know, a user can get used to clicking Yes rather quickly and
easily, and that's how many got infected in the first place.

Maybe hatred was a rather strong word to use, but my question stands. What
is so different with UAC than how it is done in Linux, is it more, or less
secure, other than the user interface? And that's just a question of
personal preference, or so I would have thought.
--
Ray Rogers

what the hatred of UAC is about[...]

Don't know about others, no hatred, except don't see any necessity of its
existence and it is annoying, plus it may still interfere one's work when
it is set to OFF.

But no hatred.

There is a major flaw with this entire approach (in any OS). The issue
is
that a lot of malware, trojans, etc. tend to install themselves via
exploits. Exploits by their inherent definition usually defeat the
security
mechanisms in place. No security system is invulnerable to exploits.

That is why I prefer Linux's approach to the problem rather than UAC.
UAC
will still let the program do whatever it wants if the user clicks Yes.
Linux on the other hand (save for exploits) the program has *no chance*
whatsoever unless I personally started it with elevated permissions.

They key difference being between acting and reacting.

It's impossible under Linux to accidentally start an app with elevated
permissions! It just simply takes too much "work". It's a decision I
have
to make ahead of time.

UAC all it takes is a wrong accidental mouse click on a prompt as all I
am
doing is reacting to its prompt.

--
Stephan
2003 Yamaha R6

§g???«ä?¥X?¤é???????
§g???§Ñ?????????

Stephan, explain this in words of one syllable if you must, are you
saying that if Microsoft had, instead of a clickable prompt, created a
root password entry box, it would be as secure as Linux in this area?
The reason I'm asking, is that I'm having a difficult time understanding
what the hatred of UAC is about, and how it differs from Linux. I do
have Fedora on one of my boxes and I see no difference between entering
root and UAC, other than what you said about an accidental click.

 

[Ronnie Vernon MVP]

Hi Ray

There really is no difference if you are using a Standard account
(Recommended) in Vista. You see the same type of prompt where you must
select an administrator account and enter the password. (I'm talking about
GKSudo as implemented in Ubuntu here.)

Gksudo, in Ubuntu locks the keyboard, mouse, and window focus to prevent
anything from interacting with the confirmation dialog. UAC in Vista runs on
the Secure Desktop that prevents anything from interacting with the
confirmation dialog.

If you are running Vista with an Administrator account, then you see a
different UAC confirmation dialog on the Secure Desktop that only requires a
click on the Continue Button.

Actually, with Vista, you can even add another layer of protection by
requiring a Trusted Path Entry with UAC. This would require pressing
CTRL+ALT+DEL as an extra step in the UAC confirmation. With this extra layer
in place, you would actually need to deal with 3 dialog boxes on a UAC
prompt.

Reference:
Comparison of privilege authorization features - Unix, Linux, Vista:
http://en.wikipedia.org/wiki/Comparison_of_privilege_authorization_features

Hatred really isn't too strong of a word to describe some users almost
violent reaction to UAC. But this comes from Windows users being spoiled for
too many years because they were always able to run with full administrator
privileges, unfettered. The problem was that this resulted in Windows being
the most unsecure platform of all operating systems. I think we should just
go back to DOS and make everyone run everything from a command line for a
short time, just to show them that one extra click really isn't that big of
a deal. )

--

Ronnie Vernon
Microsoft MVP
Windows Shell/User

Maybe hatred was a rather strong word to use, but my question stands. What
is so different with UAC than how it is done in Linux, is it more, or less
secure, other than the user interface? And that's just a question of
personal preference, or so I would have thought.
--
Ray Rogers

what the hatred of UAC is about[...]

Don't know about others, no hatred, except don't see any necessity of its
existence and it is annoying, plus it may still interfere one's work when
it is set to OFF.

But no hatred.

There is a major flaw with this entire approach (in any OS). The issue
is
that a lot of malware, trojans, etc. tend to install themselves via
exploits. Exploits by their inherent definition usually defeat the
security
mechanisms in place. No security system is invulnerable to exploits.

That is why I prefer Linux's approach to the problem rather than UAC.
UAC
will still let the program do whatever it wants if the user clicks Yes.
Linux on the other hand (save for exploits) the program has *no chance*
whatsoever unless I personally started it with elevated permissions.

They key difference being between acting and reacting.

It's impossible under Linux to accidentally start an app with elevated
permissions! It just simply takes too much "work". It's a decision I
have
to make ahead of time.

UAC all it takes is a wrong accidental mouse click on a prompt as all I
am
doing is reacting to its prompt.

--
Stephan
2003 Yamaha R6

§g???«ä?¥X?¤é???????
§g???§Ñ?????????

Stephan, explain this in words of one syllable if you must, are you
saying that if Microsoft had, instead of a clickable prompt, created a
root password entry box, it would be as secure as Linux in this area?
The reason I'm asking, is that I'm having a difficult time understanding
what the hatred of UAC is about, and how it differs from Linux. I do
have Fedora on one of my boxes and I see no difference between entering
root and UAC, other than what you said about an accidental click.

 

[Ray Rogers]

Thanks Ronnie, this helps a lot.
--
Ray Rogers

Hi Ray

There really is no difference if you are using a Standard account
(Recommended) in Vista. You see the same type of prompt where you must
select an administrator account and enter the password. (I'm talking about
GKSudo as implemented in Ubuntu here.)

Gksudo, in Ubuntu locks the keyboard, mouse, and window focus to prevent
anything from interacting with the confirmation dialog. UAC in Vista runs
on the Secure Desktop that prevents anything from interacting with the
confirmation dialog.

If you are running Vista with an Administrator account, then you see a
different UAC confirmation dialog on the Secure Desktop that only requires
a click on the Continue Button.

Actually, with Vista, you can even add another layer of protection by
requiring a Trusted Path Entry with UAC. This would require pressing
CTRL+ALT+DEL as an extra step in the UAC confirmation. With this extra
layer in place, you would actually need to deal with 3 dialog boxes on a
UAC prompt.

Reference:
Comparison of privilege authorization features - Unix, Linux, Vista:
http://en.wikipedia.org/wiki/Comparison_of_privilege_authorization_features

Hatred really isn't too strong of a word to describe some users almost
violent reaction to UAC. But this comes from Windows users being spoiled
for too many years because they were always able to run with full
administrator privileges, unfettered. The problem was that this resulted
in Windows being the most unsecure platform of all operating systems. I
think we should just go back to DOS and make everyone run everything from
a command line for a short time, just to show them that one extra click
really isn't that big of a deal. )

--

Ronnie Vernon
Microsoft MVP
Windows Shell/User

Maybe hatred was a rather strong word to use, but my question stands.
What is so different with UAC than how it is done in Linux, is it more,
or less secure, other than the user interface? And that's just a question
of personal preference, or so I would have thought.
--
Ray Rogers

what the hatred of UAC is about[...]

Don't know about others, no hatred, except don't see any necessity of
its existence and it is annoying, plus it may still interfere one's work
when it is set to OFF.

But no hatred.





There is a major flaw with this entire approach (in any OS). The issue
is
that a lot of malware, trojans, etc. tend to install themselves via
exploits. Exploits by their inherent definition usually defeat the
security
mechanisms in place. No security system is invulnerable to exploits.

That is why I prefer Linux's approach to the problem rather than UAC.
UAC
will still let the program do whatever it wants if the user clicks
Yes.
Linux on the other hand (save for exploits) the program has *no
chance*
whatsoever unless I personally started it with elevated permissions.

They key difference being between acting and reacting.

It's impossible under Linux to accidentally start an app with elevated
permissions! It just simply takes too much "work". It's a decision I
have
to make ahead of time.

UAC all it takes is a wrong accidental mouse click on a prompt as all
I am
doing is reacting to its prompt.

--
Stephan
2003 Yamaha R6

§g???«ä?¥X?¤é???????
§g???§Ñ?????????

Stephan, explain this in words of one syllable if you must, are you
saying that if Microsoft had, instead of a clickable prompt, created a
root password entry box, it would be as secure as Linux in this area?
The reason I'm asking, is that I'm having a difficult time
understanding what the hatred of UAC is about, and how it differs from
Linux. I do have Fedora on one of my boxes and I see no difference
between entering root and UAC, other than what you said about an
accidental click.

 

[Stephan Rose]

Stephan, explain this in words of one syllable if you must, are you saying
that if Microsoft had, instead of a clickable prompt, created a root
password entry box, it would be as secure as Linux in this area?

Not exactly. Here is the difference as I see it (though if I am wrong,
someone feel free to correct me).

When I start an app, it is run under my user account priviledges which is
just a standard user. It has no root access and cannot modify anything
system specific.

If this app now tries to modify anything in the system, it will simply be
denied access. No prompt is shown, ever. Anything that the app tries to
modify in the system will simply just not be possible. If in this state,
the app spawns a malware process the malware can't do a thing.

UAC on the other hand, if I understand correctly, would now present the user
with its prompt if it wants to allow the action or not despite the app not
having been started with elevated permissions. That is where I see the
problem with it. An app that has not been started with elevated permissions
should never be able to obtain them, not even through a prompt.

If I want the app to be able to modify system settings, I have to manually
start the app via "su appname", enter in my password...and then the app
will run under elevated priviledges and anything will be possible. Prompts
are again not necessary because I gave it permission ahead of time. Now if
in this state an app spawns a malware process...it could go out and have
fun. This is the reason why it is never advised to ever run an application
under elevated priviledges unlss you really know what you are doing. 99.99%
of the time, it is not necessary to run anything with elevated priviledges.

The only apps I ever run under elevated permissions are things such as the
package manager to install software and some of the system utilities to
modify system settings that are not stored in the user profile also require
elevated permissions. Everything else...gets run as a standard user and is
under that level no risk to the system unless there is some exploit.

--
Stephan
2003 Yamaha R6

å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯
å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰

 

[Stephan Rose]

Hi Ray

There really is no difference if you are using a Standard account
(Recommended) in Vista. You see the same type of prompt where you must
select an administrator account and enter the password. (I'm talking about
GKSudo as implemented in Ubuntu here.)

Gksudo, in Ubuntu locks the keyboard, mouse, and window focus to prevent
anything from interacting with the confirmation dialog. UAC in Vista runs
on the Secure Desktop that prevents anything from interacting with the
confirmation dialog.

Difference is though that Gksudo only presents itself when the user actually
runs it. Ie...if I run "gksudo myapp" I will see the prompt as you describe
it.

If I just run "myapp"...I will never see a prompt no matter what it tries to
do. Anything it tries to modify that it is not allowed will simply be
denied to it. An app not started under elevated permissions can never gain
elevated permissions.

The line "gksudo is a graphical frontend to sudo included with Ubuntu. It
comes up automatically when an application tries to perform an action
requiring root privileges." is actually a little bit misleading.

The only reason gksudo comes up automatically is because it is part of the
shortcut in the system menu for launching the app.

For example (from a commandline):

gksu synaptic

Starts the gksudo prompt for elevated access, and if I enter the password
correctly...then starts synaptic, the package manager. This is how it is
started via the system menu.

However...if I just run "synaptic"..I am greeted with a dialog from synaptic
telling me it has no elevated access and can therefore not perform certain
system related functions requiring that access. And that's it. It will
never gain elevated access until I close it and restart it with proper
access.

That to me is where UAC's problem lies. An application not started with
elevated permissions can still gain them via the UAC Prompt when the app
tries to do modify the system.

--
Stephan
2003 Yamaha R6

å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯
å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰