UAC should have been a Business class feature, not for Home Users

[Chad Harris]

Read my lips Albright. I'm not in charge of any newsgroup. I've
participated in them for years. But I rarely see threads that have nothing
to do with the newsgroup on any of the hundreds of MSFT groups. This group
became an exception the day that MSFT began selling Vista in stores.

One of the reasons is that the masses, most of whom couldn't work the 5
second wizard to configure OE for groups, because they couldn't figure out
what to type for incoming and outgoing mail and were too lazy to google "OE
newsgroups" now are too lazy to use the easier pathway.

They are also too lazy to figure out how to search for newsgroups by putting
vista in the search interface and reading the list of groups and putting
their issue in the appropriate group.

There is no reason whatsoever to dump issues unrelated to setup in this
group and it distracts from the title and purpose of the group.

If you choose to distort this as an authority issue, it's easy to understand
that many things in your life revolve about the authority you perceive you
don't have.

I've said explicitly, I'm not trying to run anything, but I will piont out
when someone posts a totally unrelated message to put it in the right group.

If a answers start popping up in groups they have nothing to do with, it
impairs the ability of people to search a particular group for an answer
before they post, something the masses are apparently too lazy to do. These
are the same people that could easily get their answer but refuse to read
Help and Support and search it.

How dumb does someone have to be to dump off topic issues into a setup group
when there are a dozen or so more groups for them?

CH

CH

 

[Adam Albright]

Read my lips Albright. I'm not in charge of any newsgroup. I've
participated in them for years. But I rarely see threads that have nothing
to do with the newsgroup on any of the hundreds of MSFT groups. This group
became an exception the day that MSFT began selling Vista in stores.

As somebody has already pointed out Chad Harris, you're behaving like
a a-hole. I'm sure you're really a nice guy, but nobody will ever know
if you keep having temper tantrums, especially over nothing.

Again I need to ask you, what did you expect? Of COURSE this newsgroup
got more busy the day Vista hit the shelves. Does that surprise you?
It seems like half the posts here are from you bitching about cross
posting and bellyaching the question wasn't asked in the "right"
newsgroup. Sorry, the somewhat weird sense of humor I have, that's
damn funny to see you with your shorts all bunched up over nothing.
You're twisting in the wind due totally to what you yourself have said
and can't figure out why most people are probably laughing their ass
off over how you are acting. I'm not mad at you, doubt anybody really
is, we're just playing with you. You need to calm down.

There is no reason whatsoever to dump issues unrelated to setup in this
group and it distracts from the title and purpose of the group.

Listen fella, NOBODY distracts more in this newsgroup then you do. For
somebody that bitches about off-topic posts it should dawn on you that
your posts are more off topic than anybody's. Duh!

How dumb does someone have to be to dump off topic issues into a setup group
when there are a dozen or so more groups for them?

How dumb does somebody have to be to keep beating a dead horse?

 

[Chad Harris]

People who help consistently on groups have been posting when the OP is off
topic where to post it for years. You're just a newbie and instead of
putting up substantive help you seem obsessed with your delusion that I want
to be in charge.

I want people to read the name of the group and post appropriate to it. MSFT
names it. They purport to be "in charge." Take your bitching to them.

CH

 

[cquirke (MVP Windows shell/user)]

On Sat, 24 Feb 2007 02:30:11 -0500, "JD Wohlever"

MS should have made UAC a Business / Enterprise feature and left the
standard user and admin feature set of XP for the Home licenses of Vista.

95% of spam is sent through botnets, and them botted PCs aren't just
in the corporate world.

When 3-year-olds smack each other, it's ugly but harmless. When a
16-yer-old pulls an Uzi and goes postal, it matters.

When consumers were putting around with dial-up, it didn't matter to
the rest of us if they got infected. When they pack always-on
broadband and wide-open WiFi, it matters far more.

The real question is; how did the lanscape get so ugly that web pages,
email "messages" and "documents" can automate rings around users
without their noticing? That crap design is the Pandora flood that
we're trying to mop up with a UAC hankie.

--------------- ---- --- -- - - - -

Saws are too hard to use.
Be easier to use!

 

[Adam Albright]

People who help consistently on groups have been posting when the OP is off
topic where to post it for years. You're just a newbie and instead of
putting up substantive help you seem obsessed with your delusion that I want
to be in charge.

I want people to read the name of the group and post appropriate to it. MSFT
names it. They purport to be "in charge." Take your bitching to them.


CH

 

[BobS]

Chad,

We have read the name of the newsgroup and we read the quality of the posts
from the MVP's and others that are trying to help - and this is the place
that is offering the best solutions. You've been reading the other groups,
and I've made posts to the other groups as well as many others but we come
back here - wonder why?

It may be a matter of perception on what constitutes a set-up issue or not.
Your undefined definition is to narrow for our liking is what you're being
told by myself and others. Is there a charter for this group? I read
something on the MS site about keeping the threads "relevant to the topic
being discussed" and that is a pretty broad statement if I recall it
correctly. At any rate, the message also recognized that some off-topic
discussions will result from on-topic discussions simply (and I'm implying
this) because they aid in the understanding and troubleshooting effort.

So if someone can't get Vista setup on his system and along the way someone
here (like an MVP) suggests he may have a driver problem as well as some
other issues, does he now take his questions to "general", "devices" or
whatever? No, it stay's here - it's relevant and since it's "we" (the group
cabal) that decides what gets answered or not and not "you", your posts
about taking a question elsewhere will continued to be ignored and
criticized.

I think you're wound up a bit to tight over nothing and our jerking you
around a bit because of it has really got you in a dither. This is a
friggin newsgroup with people trying to help others the best they can.
Without us, M$ would not exist - right? Join in and quit being so
tight-ass - this isn't boot camp. Relax, help those you can and try to enjoy
life a little - it's only a computer operating system we're fussing about
here - not your wife or your girlfriend or boyfriend.

As for taking our bitching to MSFT.....yeah right. As I said in one of my
posts already, if the free MS tech support was any good, we would use them.
I made my one call, got some silly answer from someone in India, I said
thank you and came here to get the "real" help.

If you take a good read Chad you'll notice that we (the ones twisting you
around) have also been trying to help others here and saying Thanks to
others who have helped in-kind. A good example is some of Adam's
observations and detailed posts. Sure he ranted a bit, so did I - you're
dealing with a couple of frustrated perfectionists here (you can't win) who
have been around the block a few times, have written hardware drivers in
machine code and assembly language. We've dealt with many OS's, we and
many others have paid our dues so to speak and we've paid a good money for
Vista. It's good/bad and somewhere in-between.... and we're learning about
it just as MS and you still are.

This is a give and take group, very little spam and a whole lot of relevant
questions. May not seem like it to you because it's not you having the
problem and the last thing a person needs is someone telling him to take it
elsewhere. Ever think if he/she found this group - they also knows about
the others? They then did a lot of reading, saw the quality of the
information and decided "this is the place".

So be it... live with it.

Bob S.

 

[cquirke (MVP Windows shell/user)]

On Sat, 24 Feb 2007 08:19:55 -0800, "Kerry Brown"

And how does the security in 'nix work? By separating users and superusers
(administrators). If you ran Linux as root (administrator) all the time you
would be much less secure than running Vista with UAC enabled.

And when you run Linux, you get prompts to enter the root password
whenever you do something that needs root permissions.

Same thing in MacOS - I only had to use it for a few minutes,
troubleshooting a WiFi access issue, before I was appropriately
prompted for a system-rights password.

How is that different from UAC?

I don't think anyone who knows anything about security would disagree
with the statement that Windows XP cannot be secured. It can be made
more secure but if you run as an administrator malware can find a way in.

I'm not that impressed with the notion of "user rights" as the be-all
and end-all of security, or even basic safety.

The whole "user rights" ediface stands on deeper levels of abstraction
that go all the way down to NTFS. But the same sort of holes in the
assumption that "code only does what it was written to do" etc. that
allow malware to run via exploits, may also drill through user rights
in various ways - either by assuming higher rights as a consequence of
what they've drilled into, ot escalating rights, or just going under
the whole thing alltogether, as Witty did.

Witty drilled in though an exploitable surface in a 3rd-party firewall
(Black Ice Defender), which presumably gave it admin rights, if not
complete system rights. From there it trashed the file system by
doing raw writes to arbitrary sectors, right from within XP.

So all that fancy NTFS permissions stuff wasn't worth a pile of beans,
in this case. All sectors are the same, from raw hardware access.

With Vista and UAC zero day attacks will certainly happen but UAC
will at least give you a warning that something is up.

It may do, prolly should do. YMMV depending on the nature of the
attack, especially if an exploitable surface allows the malware to
drill into a process that's accepted by UAC as part of the system.

--------------- ---- --- -- - - - -

Saws are too hard to use.
Be easier to use!

 

[cquirke (MVP Windows shell/user)]

Hint: That means any malicious code can pretend to be a "installer"
too and in effect gain access to anything on your computer including
Windows kernel or YOUR data. It doesn't make much sense to me.

The basic mechanism of malware is to behave in a riskier manner than
what the user thought they were risking.

The most extreme cause of this is the clickless attack, such as
Lovesan waltzing in through RPC "service" (that should never have been
left waving it's ass at the Internet in the first place) without the
user doing anything at all.

OTOH, if you install a program, you are fully aware of the risk you're
taking. Installing software does position that software to do
anything it wants to do, including integrating itself so that it may
be impossible to run Windows without it running as well.

If you decide to give that much power to what turns out to be malware,
then really, you have only yourself to blame.

IOW, where's the risk escalation advantage in malware pretending to be
an installer? That is *exactly* what malware is, anyway.

This level of non-SE has been PoC'd, e.g. we've had malware called
VIRUS.EXE that pops up a dialog that says "I am a VIRUS and I will
attack your PC!" and yep, some users go right ahead and click "OK".

--------------- ---- --- -- - - - -

Saws are too hard to use.
Be easier to use!

 

[Adam Albright]

The basic mechanism of malware is to behave in a riskier manner than
what the user thought they were risking.

Why would anyone WILLINGLY give malware any permission to do anything?
You guys are priceless in your endless blind defense of Microsoft
decisions! The FACT is Microsoft ADMITS it had no choice but to leave
the door wide open to accept any installer request to have access
anything. Any reasonably clever hacker therefore can write code to
pretend his malware code is a installer of a "trusted" application and
such a attack will do whatever it wants.

OTOH, if you install a program, you are fully aware of the risk you're
taking.

If you include Windows in that statement you are entirely correct.

Windows is the biggest thread to your PC's security because of how it
was originally written and nothing to date changes that.

Windows has patches on top of previous patches over the course of 20
plus years. Just for kicks it would be damn interesting to see all the
source code don't you think?

Why is Windows so weak when in comes to security? Well Mr. Gates
himself made a poor decision. When Windows was first being developed
the Internet (main threat) was unknown to most. Microsoft originally
ignored the Internet. Gates is on record saying the Internet was a
passing fad that Microsoft wasn't interested in. Only after he
realized that was a huge miscaculation did Microsoft start to try to
patch the huge number of security holes hackers were starting to
exploit in Windows itself (stupid policy of turning everything on like
file sharing) making Windows easy prey to port sniffers and the
laughable early attempts with Microsoft's early browsers and Active X.

The problem is no matter how much Windows gets patched it still wasn't
designed as a secure OS. Microsoft had pleny of time to fix this
oversight by rewriting Windows from scratch. Surely they could have
with XP, may have with Windows 98, ever as far back as Windows 95, but
they chickened out fearful they would lose too many customers if
Windows suddendly became more secure but nobody's hardware or software
worked anymore with this new beefed up Windows. Surely with all the
attacks seen during XP's history you would think Vista would be more
secure, but all Microsoft did was put a bandaid on Windows called UAC
which is badly flawed and obviously has the serious drawback of really
pissing off current customers endlessly getting nag screens everytime
they do every little thing they always could easily do without
interference in prior versions of Windows which under Vista if UAC is
turned on as it is by default rather then choice as it should be
designed will often cause Vista to have one hissy fit after another.

I'm not against the concept of UAC, I'm simply surprised Microsoft did
such a crappy job with it considering its taken them over 5 years to
push Vista out the door. What have they been doing all this time?

 

[Mike Hall - MS MVP Windows Shell/User]

Adam

They willingly give permission to the 'fun stuff' that is used to disguise
malware.. chat room and messenger smiley faces and crap like Budweiser Frog
cursors are popular with kids and adults alike..

Some open the URL to a bogus Citibank website to check details as instructed
even though they know that they don't have a Citibank account..

They accept e-mails and open files sent to them by people who are known to
hate their guts..

They accept and open Valentine e-mails and the files therein from mysterious
lovers called Chi_ (e-mail address removed)

They download MS Publisher "yes this version really works' using P2P stuff
like Limewire without thinking that maybe the MS Publisher installation may
be just a little larger than 785.5k in size..

It is not so much a case of Windows leaving the door open as the user keeps
opening the door..

Why would anyone WILLINGLY give malware any permission to do anything?
You guys are priceless in your endless blind defense of Microsoft
decisions! The FACT is Microsoft ADMITS it had no choice but to leave
the door wide open to accept any installer request to have access
anything. Any reasonably clever hacker therefore can write code to
pretend his malware code is a installer of a "trusted" application and
such a attack will do whatever it wants.


If you include Windows in that statement you are entirely correct.

Windows is the biggest thread to your PC's security because of how it
was originally written and nothing to date changes that.

Windows has patches on top of previous patches over the course of 20
plus years. Just for kicks it would be damn interesting to see all the
source code don't you think?

Why is Windows so weak when in comes to security? Well Mr. Gates
himself made a poor decision. When Windows was first being developed
the Internet (main threat) was unknown to most. Microsoft originally
ignored the Internet. Gates is on record saying the Internet was a
passing fad that Microsoft wasn't interested in. Only after he
realized that was a huge miscaculation did Microsoft start to try to
patch the huge number of security holes hackers were starting to
exploit in Windows itself (stupid policy of turning everything on like
file sharing) making Windows easy prey to port sniffers and the
laughable early attempts with Microsoft's early browsers and Active X.

The problem is no matter how much Windows gets patched it still wasn't
designed as a secure OS. Microsoft had pleny of time to fix this
oversight by rewriting Windows from scratch. Surely they could have
with XP, may have with Windows 98, ever as far back as Windows 95, but
they chickened out fearful they would lose too many customers if
Windows suddendly became more secure but nobody's hardware or software
worked anymore with this new beefed up Windows. Surely with all the
attacks seen during XP's history you would think Vista would be more
secure, but all Microsoft did was put a bandaid on Windows called UAC
which is badly flawed and obviously has the serious drawback of really
pissing off current customers endlessly getting nag screens everytime
they do every little thing they always could easily do without
interference in prior versions of Windows which under Vista if UAC is
turned on as it is by default rather then choice as it should be
designed will often cause Vista to have one hissy fit after another.

I'm not against the concept of UAC, I'm simply surprised Microsoft did
such a crappy job with it considering its taken them over 5 years to
push Vista out the door. What have they been doing all this time?

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

 

[Adam Albright]

It is not so much a case of Windows leaving the door open as the user keeps
opening the door..

You get brownie points for defending Microsoft's poor design of Vista?

What part of "it is MY computer, I'll decide which features to
implement" don't you or Microsoft understand?

If UAC worked, transparently, behind the scenes, if it actually DID
offer some REAL protection it would be fine. From what I've read so
far it seems to do little if anything to protect the user but for sure
at the same time if UAC is turned on can get in the way of users with
constant nag screens.

Now sit back and learn how Windows in previous versions has "opened"
the door to hackers BY DESIGN.

As I've said before Windows wasn't designed to be a secure operating
system. Trying to patch holes is the most Microsoft seems willing to
do. For example I doubt many are aware that part of XP's design was to
automatically "turn on" file sharing. If your computer is connected to
the Internet, this is open door to your system hackers loved. The
irony is there was NO NEED to do this. It was done because originally
the Microsoft mindset was "turn everything on by default, otherwise
users would be too dumb to find out how to turn on features, that only
applies to LAN setups in this example.

Even fewer are aware that deep in the bowels of Windows there's a
hidden feature that without your knowledge is automatically turned on
and if you attempt to delete or turn off this feature through normal
means Windows, on its own, behind your back, will just install it
again the next time you boot. Microsoft likes to call these security
holes "features". Does not apply to XP home.

One of many, read all about it:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q314984

http://www.windowsnetworking.com/kb...WindowsNTW2KXPHiddenAdministrativeShares.html

I haven't had time to check how many things like this may still remain
in lurking deep in Vista or if hopefully they have been corrected. My
point, is while Microsoft talks a good game, what it has actually done
in the past in way of design suggests a lot more work needs to be done
if they are truly serious about making Windows really secure.

 

[Kerry Brown]

On Sat, 24 Feb 2007 08:19:55 -0800, "Kerry Brown"


And when you run Linux, you get prompts to enter the root password
whenever you do something that needs root permissions.

Same thing in MacOS - I only had to use it for a few minutes,
troubleshooting a WiFi access issue, before I was appropriately
prompted for a system-rights password.

How is that different from UAC?

UAC allows you to run as an administrator for backwards compatibility. In
Linux or OS X this isn't possible. A task either has full superuser
privileges or it doesn't. UAC gives a task two security tokens, Linux and OS
X one. This has both good and bad points. Personally I think it is mostly
bad points but in the interest of backwards compatibilty I can see why it
was done. It improves security greatly over XP while still allowing the
majority of old programs to run with little or no changes. It allows
programmers to catch up before the next OS comes out which will be even more
secure

I'm not that impressed with the notion of "user rights" as the be-all
and end-all of security, or even basic safety.

The whole "user rights" ediface stands on deeper levels of abstraction
that go all the way down to NTFS. But the same sort of holes in the
assumption that "code only does what it was written to do" etc. that
allow malware to run via exploits, may also drill through user rights
in various ways - either by assuming higher rights as a consequence of
what they've drilled into, ot escalating rights, or just going under
the whole thing alltogether, as Witty did.

Witty drilled in though an exploitable surface in a 3rd-party firewall
(Black Ice Defender), which presumably gave it admin rights, if not
complete system rights. From there it trashed the file system by
doing raw writes to arbitrary sectors, right from within XP.

I've always been against software firewalls. They are an easy attack vector
as by definition they must have very low level access to the system. This
situation is better in Vista because of the reduced ability of a low
privilege task to affect higher privileged tasks but I still see it as an
attack vector.

So all that fancy NTFS permissions stuff wasn't worth a pile of beans,
in this case. All sectors are the same, from raw hardware access.


It may do, prolly should do. YMMV depending on the nature of the
attack, especially if an exploitable surface allows the malware to
drill into a process that's accepted by UAC as part of the system.

I am sure that zero day attacks that work around UAC will eventually happen.
There is no doubt in my mind Vista is much more secure than XP could ever be
made through updates or service packs. How much more secure only time will
tell.

 

[Mike Hall - MS MVP Windows Shell/User]

Adam

I didn't say that there were not holes, and I do not need lecturing on the
early design of Windows.. I was merely remarking that many users bring on
problems themselves..

You get brownie points for defending Microsoft's poor design of Vista?

What part of "it is MY computer, I'll decide which features to
implement" don't you or Microsoft understand?

If UAC worked, transparently, behind the scenes, if it actually DID
offer some REAL protection it would be fine. From what I've read so
far it seems to do little if anything to protect the user but for sure
at the same time if UAC is turned on can get in the way of users with
constant nag screens.

Now sit back and learn how Windows in previous versions has "opened"
the door to hackers BY DESIGN.

As I've said before Windows wasn't designed to be a secure operating
system. Trying to patch holes is the most Microsoft seems willing to
do. For example I doubt many are aware that part of XP's design was to
automatically "turn on" file sharing. If your computer is connected to
the Internet, this is open door to your system hackers loved. The
irony is there was NO NEED to do this. It was done because originally
the Microsoft mindset was "turn everything on by default, otherwise
users would be too dumb to find out how to turn on features, that only
applies to LAN setups in this example.

Even fewer are aware that deep in the bowels of Windows there's a
hidden feature that without your knowledge is automatically turned on
and if you attempt to delete or turn off this feature through normal
means Windows, on its own, behind your back, will just install it
again the next time you boot. Microsoft likes to call these security
holes "features". Does not apply to XP home.

One of many, read all about it:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q314984

http://www.windowsnetworking.com/kb...WindowsNTW2KXPHiddenAdministrativeShares.html

I haven't had time to check how many things like this may still remain
in lurking deep in Vista or if hopefully they have been corrected. My
point, is while Microsoft talks a good game, what it has actually done
in the past in way of design suggests a lot more work needs to be done
if they are truly serious about making Windows really secure.

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

 

[Kerry Brown]

Why would anyone WILLINGLY give malware any permission to do anything?
You guys are priceless in your endless blind defense of Microsoft
decisions! The FACT is Microsoft ADMITS it had no choice but to leave
the door wide open to accept any installer request to have access
anything. Any reasonably clever hacker therefore can write code to
pretend his malware code is a installer of a "trusted" application and
such a attack will do whatever it wants.

In Linux or OS X or any other OS what would happen if someone downloaded a
program that said it needed to run as superuser, root, or whatever to
install, the user ran the program as root, and the program turned out to be
malware? There is no protection against a social engineering attack other
than user education. I know you really don't like Vista but this is a stupid
argument. Pick on areas where real flaws exist if you want to criticise
something.

 

[Adam Albright]

In Linux or OS X or any other OS what would happen if someone downloaded a
program that said it needed to run as superuser, root, or whatever to
install, the user ran the program as root, and the program turned out to be
malware? There is no protection against a social engineering attack other
than user education. I know you really don't like Vista but this is a stupid
argument. Pick on areas where real flaws exist if you want to criticise
something.

You really don't understand UAC, but that's alright, get educated in a
new thread I just started called:

Giving UAC a second chance or why putting a silk dress on a sow its
still a pig.

 

[Adam Albright]

Adam

I didn't say that there were not holes, and I do not need lecturing on the
early design of Windows.. I was merely remarking that many users bring on
problems themselves..

True, some users do, and the flip side is many "security" issues are
directly traceable to the shortcoming of the design of Windows going
all the way back to the early days.

Only fair to present BOTH sides of the UAC story, which seems to be
something no MVP seems willing to do openly in these newsgroups
probably out of fear of losing their cherrished MVP status, so it
seems with rare exception MVP's are cheer leaders for UAC and don't
really explain the pitfalls.

I'm not lecturing anybody, I'm simply detailing what I learn about UAC
as I go. So far, ain't been pretty. See seperate thread I started.
Comments welcome.

 

[Guest]

If you've just arrived to this "help" board, plan to be here awhile. I read
this post below by JD and thought.. "Yes, this is what I need to learn about
and the bulk of my questions and problems".... so are the following 53 posts
following in this thread helpful? hmmm... They are long and windy and most do
not clean up and remove previous posts like they should to leave only what
they are replying to. I have stayed away from newsgroups like this for a long
time because I seem to be very good at stirring up testostorone among male
web techs and I apologize for that. If you read on, you will LOL. The
testostorone is bouncing off the wall in this section. The name calling isn't
too funny, but a sentence or two in all of that is helpful. You will learn
more about security and/or lack of, and it may provoke more fear and concerns
for you. I did come back and noticed there are 17 pages to sort through. OH
brother indeed! If someone, anyone will reply to my questions, I will be
extremely greatful? I did search for UAC in the help section on my computer
and it's not there. Someone in this thread posted the need for an instruction
sheet ---YES, please .. for the average joe! Some simple, basic information
would be nice... I'll keep looking, but until then:
1. Does UAC mean "user admin. control"?
2. How do I turn it off only temporarily to say... play an online game like
slingo? or would I even need to? (i'm guessing since it doesn't work)
3. I would like to be able to adjust the settings so that when I drop/drag
files from say a flash drive to my hard drive that the two or three popups
wouldn't keep asking me.. "am i sure I want to do this". I can't even drop a
shortcut on my desktop without the idiot notes. Where is the UAC located that
I can see the options?
4. I "think" I understood from somewhere in the 53 replies that if I DO turn
off the UAC, then I'm at the same level of security as I am on my
XP---correct? or no?

and one more.. kinda OT
--- I have FoxTor (add-on) tool for Mozilla browser. It's an anomymous web
browsing tool. I cannot get it to work. ANd/or do you think Mozilla is a more
secure browser?
If anyone would please remove everything they are not replying to or
answering---that would be Wonderful! I look forward to reading the replies
and also surfing this board some more for helpful information. So far I've
noticed it takes a good while to surf through the mud.
Thank you! Ceece

 

[Mike Hall - MS MVP Windows Shell/User]

Typing 'UAC' in the search box of Vista's Help and Support will bring up a
window that answers all of your questions re UAC (User Application
Control)..

Being constantly asked if you 'are sure that you really do' want to carry
out an action is frustrating for sure, but when you come across an
application that does not ask, and just deletes or sets in motion something
from which turning back is impossible, then you get to feel real
frustration.. finding a happy medium somewhere in between is difficult, as
we all have different tolerance levels..

I have made the executive choice to turn it off, and anybody esle, other
than in corporations where the guy in charge does not feel that all of users
are fit to make their own executive decisions, can do the same and take the
consequences just as I may have to..

Re Mozilla, I don't use it, have never had the desire to use it, as IE has
performed well enough for me..

Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

 

[Kerry Brown]

Answered inline

If you've just arrived to this "help" board, plan to be here awhile. I
read
this post below by JD and thought.. "Yes, this is what I need to learn
about
and the bulk of my questions and problems".... so are the following 53
posts
following in this thread helpful? hmmm... They are long and windy and most
do
not clean up and remove previous posts like they should to leave only what
they are replying to. I have stayed away from newsgroups like this for a
long
time because I seem to be very good at stirring up testostorone among male
web techs and I apologize for that. If you read on, you will LOL. The
testostorone is bouncing off the wall in this section. The name calling
isn't
too funny, but a sentence or two in all of that is helpful. You will learn
more about security and/or lack of, and it may provoke more fear and
concerns
for you. I did come back and noticed there are 17 pages to sort through.
OH
brother indeed! If someone, anyone will reply to my questions, I will be
extremely greatful? I did search for UAC in the help section on my
computer
and it's not there. Someone in this thread posted the need for an
instruction
sheet ---YES, please .. for the average joe! Some simple, basic
information
would be nice... I'll keep looking, but until then:
1. Does UAC mean "user admin. control"?

User Account Control

2. How do I turn it off only temporarily to say... play an online game
like
slingo? or would I even need to? (i'm guessing since it doesn't work)
http://www.jimmah.com/vista/Security/disable_uac.aspx

3. I would like to be able to adjust the settings so that when I drop/drag
files from say a flash drive to my hard drive that the two or three popups
wouldn't keep asking me.. "am i sure I want to do this". I can't even drop
a
shortcut on my desktop without the idiot notes. Where is the UAC located
that
I can see the options?

There are some group policies that control how UAC behaves.

http://technet2.microsoft.com/Windo...8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true

4. I "think" I understood from somewhere in the 53 replies that if I DO
turn
off the UAC, then I'm at the same level of security as I am on my
XP---correct? or no?

Vista without UAC enabled is a little more secure than XP because the file
system is locked down with NTFS permissions but yes disabling UAC and
running with an administrator account gives very similar security to XP -
almost none.

and one more.. kinda OT
--- I have FoxTor (add-on) tool for Mozilla browser. It's an anomymous web
browsing tool. I cannot get it to work. ANd/or do you think Mozilla is a
more
secure browser?

In Vista I think IE7 is more secure than Mozilla based browsers because of
IE's protected mode.

http://www.microsoft.com/windows/products/windowsvista/features/details/ie7protectedmode.mspx

 

[Hurricane Andrew]

In Vista I think IE7 is more secure than Mozilla based browsers because of
IE's protected mode.

http://www.microsoft.com/windows/products/windowsvista/features/details/ie7protectedmode.mspx

It's my understanding though, that for IE7 to run in protected mode on
Vista, UAC has to be enabled. Just thought that was relevant given the OP's
issues regarding UAC.