O
Opinicus
Bob said:
After doing some research on "UAC" (it means "user account control") I must
ask:
If I'm the only person who has access to the computer and I know what I'm
doing, why do I need UAC at all?
After doing some research on "UAC" (it means "user account control") I must
ask:
If I'm the only person who has access to the computer and I know what I'm
doing, why do I need UAC at all?
M
marty
Please share how.
S
Steve Thackery
If I'm the only person who has access to the computer and I know what I'm
There's a mistake in your logic. You aren't the only person who has access
to your computer (and in fact UAC is NOT primarily about securing one user
from another anyway).
Every piece of software on your machine has access to your computer, too,
and software can easily do hostile and damaging things to your computer,
either maliciously or due to incompetence on the part of the programmer.
In other words, the programmers who wrote the software on your machine also
have access to it, and UAC (like the elevation prompts in Linux or MacOSX)
helps constrain them and prevent damage.
Here's my suggestion - make your account an administrator. It doesn't
undermine the basic security (admin accounts run restricted most of the time
anyway), but it lets you dismiss the UAC prompts with a single click,
instead of having to type a password in. Thus UAC prompts still alert you
when something with security implications is about to happen, but can be
acknowledged instantly.
It's a great way to make UAC more tolerable.
SteveT
There's a mistake in your logic. You aren't the only person who has access
to your computer (and in fact UAC is NOT primarily about securing one user
from another anyway).
Every piece of software on your machine has access to your computer, too,
and software can easily do hostile and damaging things to your computer,
either maliciously or due to incompetence on the part of the programmer.
In other words, the programmers who wrote the software on your machine also
have access to it, and UAC (like the elevation prompts in Linux or MacOSX)
helps constrain them and prevent damage.
Here's my suggestion - make your account an administrator. It doesn't
undermine the basic security (admin accounts run restricted most of the time
anyway), but it lets you dismiss the UAC prompts with a single click,
instead of having to type a password in. Thus UAC prompts still alert you
when something with security implications is about to happen, but can be
acknowledged instantly.
It's a great way to make UAC more tolerable.
SteveT
M
mayayana
Indeed. These discussions often involve people
who own their PCs, getting advice from people
who are accustomed to a corporate environment.
On a corporate network, security means protecting
the PC (and restricted data) from the person using the
PC. The network is generally safe.
For a home or small business PC, security means
protection from things that come down the wire.
The people using the PC are generally trustworthy.
Unfortunately, Micorosft designs all versions of
Windows as corporate workstation PCs. Even the home
versions come with irrelevant and risky networking
functions enabled, while also adding unnecessary
system security.
Worse, Microsoft is gradually taking the role of
"default system administrator" for anyone not in a
corporate environment, as part of their move toward
what Steve Ballmer refers to as "software AND services".
(If Microsoft hopes to sell you services, rent you movies,
etc. online then they need to restrict your control
over the core operating system and also restrict the
access of software that you might install, such as
media "ripping" programs. To reach that goal they need
to gradually transition from "Windows the software platform"
to "Windows the interactive TV set".)
The latest rationalization for all of this security on
home or small business systems is that your software
might attack you. Of course, that's true, up to a
point. But anyone who's installing disreputable software
deliberately has bigger problems than PC security.
Such a person has probably already given their credit
card numbers to phishing websites while "safely" logged on
as a limited user. And now the repo man is on the way
over to take away that ultra-safe Vista box.
K
Kerry Brown
Are Java, Flash, QuickTime, and Adobe Reader disreputable applications?
Older versions of all of them are vulnerable to exploits that would be
stopped if UAC was enabled but not stopped if UAC is disabled.
K
keepout
I did what this thread promotes as soon as I found out what was causing
everything to fail, [UAC] and turned it off.
I bought the machine for my amusement and home use.
UAC destroyed both with asking me constantly to tell the machine TWICE what to
do on every key press.
Installing programs was a nightmare.
Un-Installing programs was a nightmare.
Using programs was a nightmare.
What does UAC do ? Best I could figure it secures my machine. That's whatI
have Trend micro for, that I pay for every year.
When did I last see a virus or Trojan ? I can't remember and that's a good
thing.
UAC may or may not work, It didn't work for me.
M
mayayana
That list comes under the category of "protection
from what comes down the wire". People obviously have
to deal with online security - keeping track of risks,
updating, etc. Of course it's safer running with limited rights.
And walking down stairs is safer with a helmet on. But
there are tradeoffs.
Which gets back to my original point, that security
means different things for people in different situations.
I don't question people using UAC. I question the attitude
that any other way of doing things is just plain wrong.
As for the items in your list, I know you meant those
items as just examples, but they're interesting examples
of risks that are entirely unnecessary for most people:
* Most people don't need the Java VM installed. I certainly don't.
* Flash, actually, I do consider to be disreputable.
It's rarely used for anything other than animated ads
or superfluous "special effects". It's a proprietary format
with no place online. And it's not particularly safe.
In fact, there's a news item running currently about
a vulnerability in routers when Flash 8+ is installed.
And it's a vulnerability that UAC won't save you from:
http://www.darkreading.com/document.asp?doc_id=143329
Anyone who wants to see Flash video from Youtube,
etc. can do so without allowing Flash in their browser.
* QuickTime and Adobe Reader - Personally I avoid
Apple and Adobe when possible. With the free, small
and fast FoxIt Reader available I don't see any reason
to use the bloated Adobe reader. And I would never allow
PDFs to open in the browser, anyway. There's no reason
to do so.
D
DanS
Why would you be using older version of those and not just update to the
newer versions, all freebies of no cost.
That would only be logical, since you update your OS because of the new
security features right ?
Of course, my personal opinion is that older versions of some s/w is still
used because it still works fine, and newer versions of some have become so
bloated, like Acrobat Reader, that you just don't want to update. AR is
ridiculously huge !!!! And it *really* is *just* a file viewer.
K
Kerry Brown
mayayana said:
I agree that those programs are not needed. I don't really like them either.
Most people do want them though and they are certainly nor disreputable.
We disagree on UAC
P
Paul Knudsen
Here's another! Don't quote three pages and top-post one line!
A
Anthony
Quit using Administrator and UAC will go away.
C
Colo2008
[email protected] said:
C
Colo2008
I thought I turned of our friend the UAC, but lo and behold, it was turned on
again after I turned on my laptop after a few days. Any ideas folks?
Thanks,
Ed
again after I turned on my laptop after a few days. Any ideas folks?
Thanks,
Ed
B
Backspace
Did you install Vista SP1 maybe?Colo2008 said:
G
Gene K
Sure, if you installed any OS change which affected that portion;
the OS defaults will be restored. If you installed SP1, check your "Internet
Options", your options in Windows Mail, Folder Options, and other such
things. Microsoft has always done the "Restore Defaults" thing for factors
they consider to be security related (at least since XP came about).
Gene K
the OS defaults will be restored. If you installed SP1, check your "Internet
Options", your options in Windows Mail, Folder Options, and other such
things. Microsoft has always done the "Restore Defaults" thing for factors
they consider to be security related (at least since XP came about).
Gene K
C
Curja Distl
Ok.....lets look at things here....he doesn't like the UAC of Vista and then
has spam for a keystroke logger on his post.....sounds like he is trying to
set people up with a security loop-hole...
has spam for a keystroke logger on his post.....sounds like he is trying to
set people up with a security loop-hole...