Re: I turned off UAC

Justin wrote:
Jack the Ripper wrote:
+Bob+ wrote:
On Sun, 15 Feb 2009 15:43:31 -0500, Jack the Ripper <Jack@xxxxxxxxxxx>
wrote:

Nothing is bulletproof, but one doesn't see a lot of posts by Vista users about virus or malware issues, not like you see on XP.

No, but you do see a lot of posts about how UAC sucks. Good idea, bad
implementation.


It's the posts of the ignorant. I would rather have it enabled so that I am not on the Internet with full admin rights, like the previous versions of the NT based O/S(s,) which are open by default O/S(s) and wide-open to attack/compromise by default.

Is that so hard for you or anyone else to understand?


As long as you're not logged on as admin you should be fine. At most I keep users at Power User rights.
While I understand running as admin is unsafe, simply having the account enabled is not a security risk.

I am going to try to explain this again. The out of the box admin account on Vista that is given to a user or any subsequent admin account that is created on Vista with UAC enabled is NOT a full-rights-admin account. It's only a Standard user account, which must be escalated to a use the full-adminrights token to do anything requiring admin-full-rights as an administrator.

The escalation is only held for the moment of privileged escalation, and the user is returned to being a Standard user using the Standard user token.

It's being explained in the link, read it man read it and understand what it is telling you.

http://technet.microsoft.com/en-us/library/cc709691.aspx

If one knows what is happening and one knows the context in which malware will infect the machine, which is based on the context of the user account rights being used as a logged-in user, then one knows that with UAC enabled there is very little chance of the machine being infected if one can recognize the condition based on the UAC prompt.

I have been on a couple of sites where something tried to install itself on the machine with me being admin user/really only a Standard user that UAC prompted me for approval, which I was able to kill it based on me knowing that it was dubious in nature.

You cannot say the same and there is nothing in place on the previous versions of the NT based O/S to notify of the condition from an O/S standpoint.

UAC does other things as well to protect the O/S such as using virtulization on the registry and other protected areas like Program Files and the Windows/System32 directories.

Now, some users can turn UAC off and play the cowboy role like they were and are doing with XP, as they have that right to turn UAC off, but I am not one of the them. And on top of that, turning UAC off even with them being an admin-user, they are still not an admin with full-admin-rights.

There is only one admin account on Vista that has full-admin-rights and that account must be activated. And even that account is prohibited from doing certain things, unless one knows how to come around the restrictions.

<http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-windows-vista/>

UAC will remain on. And I don't care what anyone on the negative tip on UAC has to say about it.








.