Disabling UAC doesn't actually decrease security?

  • Thread starter Thread starter Roof Fiddler
  • Start date Start date
R

Roof Fiddler

With UAC enabled in Vista build 5536, I get confirmation prompts in admin
accounts, and I get password dialog boxes in standard user accounts. And of
course standard users can't read each other's home directories.
Then I ran secpol.msc and under Local Policies\Security Options I disabled
User Account Control: Run all administrators in Admin Approval Mode, and
then rebooted. Now, as expected, admin accounts silently grant privilege
elevation and no longer give confirmation prompts, but in standard user
accounts, instead of getting a password dialog or a silent granting of
privilege elevation, I get automatic denial. And standard users still can't
read each other's home directories.
So, if non-admin users are using standard user accounts, and the admin
accounts are used only to run trusted software, then what security is
actually lost by disabling UAC? Standard user accounts haven't gained any
new privileges by having UAC disabled.
 
Hello,

This actually does disable UAC.

The security loss comes into play because all programs now silently run with
the full privileges of the user. When logged in as an administrator, all
programs run with full admin privileges, even the ones that don't need it.
This is bad news in today's world, regardless of operating system.

UAC does three things for you, and you see the most benefit when running
under the admin account, but this also benefits normal users by allowing
them to elevate:

1) Programs run only with the least privileges necessary. Notepad shouldn't
be able to take control of your domain and format all the hard drives on
your network. Why give it so much power?

2) Programs that NEED admin access MUST be approved to run by YOU at the
time that they start, every time. So, if somehow some nasty software burrows
onto your system and gets itself to start somehow, you can stop it from
starting. There is no way to bypass this behavior with UAC enabled - if you
allow something to run elevated, you can no longer blame Windows for the
intrusion.

3) UAC provides the infrastructure for more advanced security controls such
as Internet Explorer protected mode. I would expect that future versions of
windows will add more security controls based on the core UAC model.
 
Jimmy Brush said:
Hello,

This actually does disable UAC.

The security loss comes into play because all programs now silently run
with the full privileges of the user. When logged in as an administrator,
all programs run with full admin privileges, even the ones that don't need
it. This is bad news in today's world, regardless of operating system.

UAC does three things for you, and you see the most benefit when running
under the admin account, but this also benefits normal users by allowing
them to elevate:

1) Programs run only with the least privileges necessary. Notepad
shouldn't be able to take control of your domain and format all the hard
drives on your network. Why give it so much power?

2) Programs that NEED admin access MUST be approved to run by YOU at the
time that they start, every time. So, if somehow some nasty software
burrows onto your system and gets itself to start somehow, you can stop it
from starting. There is no way to bypass this behavior with UAC enabled -
if you allow something to run elevated, you can no longer blame Windows
for the intrusion.

3) UAC provides the infrastructure for more advanced security controls
such as Internet Explorer protected mode. I would expect that future
versions of windows will add more security controls based on the core UAC
model.


--
- JB

Windows Vista Support Faq
http://www.jimmah.com/vista/


Sounds similar to how XP was set up . . . but at least new users in Vista
are defaulted to Standard (only the first user set up is defaulted to
Admin).

Mic
 
Back
Top