Re: I turned off UAC

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

"Jack the Ripper" <Jack@xxxxxxxxxxx> wrote in message
news:eUh6F1LkJHA.4760@xxxxxxxxxxxxxxxxxxxxxxx
Justin wrote:
Jack the Ripper wrote:
Justin wrote:
Jack the Ripper wrote:
+Bob+ wrote:
On Sun, 15 Feb 2009 15:43:31 -0500, Jack the Ripper
<Jack@xxxxxxxxxxx>
wrote:

Nothing is bulletproof, but one doesn't see a lot of posts by Vista
users about virus or malware issues, not like you see on XP.

No, but you do see a lot of posts about how UAC sucks. Good idea, bad
implementation.


It's the posts of the ignorant. I would rather have it enabled so that
I am not on the Internet with full admin rights, like the previous
versions of the NT based O/S(s,) which are open by default O/S(s) and
wide-open to attack/compromise by default.

Is that so hard for you or anyone else to understand?


As long as you're not logged on as admin you should be fine. At most I
keep users at Power User rights.
While I understand running as admin is unsafe, simply having the
account enabled is not a security risk.

I am going to try to explain this again. The out of the box admin
account on Vista that is given to a user or any subsequent admin account
that is created on Vista with UAC enabled is NOT a full-rights-admin
account. It's only a Standard user account, which must be escalated to a
use the full-adminrights token to do anything requiring
admin-full-rights as an administrator.


I get it.
I don't need any escalation to admin. The problem is, what if there's
some malware. Some malware named "winenhancer." The user sees the UAC
prompt "Winenhancer must access the internet!" and the user clicks on
yes.
So UAC only works when the user knows everything about the PC, which is
unrealistic for a standard dumb user whose job is to type out proposals
and reports.

Oh, I get it. It's not the responsibility of the dumb user to know what he
or she is dumbly clicking on as they point and click. It's their
responsibly to know the situation, but they don't and most never will.

However, network admins take that responsibly for this type of worker by
using a network proxy that only allows the users to go to approved sites
closing the attack vector and mitigating such damage, as its their
responsibility to protect company's interest and not some office clerk,
lock them down.

Just like with Linux which has the same kind of an approval process within
its O/S, they point, click, approve and it's all bets are off. But with
UAC enabled when one does this, the damages are mitigated to a certain
degree as UAC protects critical areas and also not allowing the malware to
continuously run under the context of the user-admin full-rights access
token, to spread damage.

But rather with UAC enabled, the compromise runs under the context of the
admin's Standard user token, because admin user on Vista is returned to
using that token upon privileged escalation completion, and it's a limit
rights token, which mitigates/limits damage.

Like I said, nothing is bulletproof not even god's O/S Linux, but UAC on
the MS platform is better than have nothing at all, which is the case in
fact with the previous versions of the NT based O/S platform, open by
default O/S(s), to help protect the O/S.

Real time scanning by (even free) third party programs provides (in many
cases) superior protection with less annoyance.
So why put something in the OS that just pisses many people off and is (by
MS admission) made irritating on purpose?


.

Relevant Pages

  • Re: Validation of XP
    ... except to mention that UAC caused me to reboot to WinXP ... there shouldn't be any reason you need to run as admin to play a game. ... Windows doesn't do this or that natively, and one of those things is ... As for the default admin account, ...
    (microsoft.public.windowsxp.general)
  • Re: I turned off UAC
    ... Vista users about virus or malware issues, not like you see on XP. ... I would rather have it enabled so that I am not on the Internet with full admin rights, like the previous versions of the NT based O/Swhich are open by default O/Sand wide-open to attack/compromise by default. ... The out of the box admin account on Vista that is given to a user or any subsequent admin account that is created on Vista with UAC enabled is NOT a full-rights-admin account. ...
    (microsoft.public.windows.vista.general)
  • Re: I turned off UAC
    ... I would rather have it enabled so that I am not on the Internet with full admin rights, like the previous versions of the NT based O/Swhich are open by default O/Sand wide-open to attack/compromise by default. ... The out of the box admin account on Vista that is given to a user or any subsequent admin account that is created on Vista with UAC enabled is NOT a full-rights-admin account. ... what if there's some malware. ...
    (microsoft.public.windows.vista.general)
  • Re: I turned off UAC
    ... I would rather have it enabled so that I am not on the Internet with full admin rights, like the previous versions of the NT based O/Swhich are open by default O/Sand wide-open to attack/compromise by default. ... The out of the box admin account on Vista that is given to a user or any subsequent admin account that is created on Vista with UAC enabled is NOT a full-rights-admin account. ... It's only a Standard user account, which must be escalated to a use the full-adminrights token to do anything requiring admin-full-rights as an administrator. ...
    (microsoft.public.windows.vista.general)
  • Re: writing to registry in vista from guest account
    ... After the installation I create new user/guest account and runs the ... Is there a way to write to a HKLM key which was created in admin ... are not user-admin accounts with UAC ... and how Virtualization works on Vista with UAC. ...
    (microsoft.public.dotnet.languages.csharp)