Re: I turned off UAC

---

• From: Jack the Ripper <Jack@xxxxxxxxxxx>
• Date: Tue, 17 Feb 2009 10:08:11 -0500

---

Not Even Me wrote:

"Jack the Ripper" <Jack@xxxxxxxxxxx> wrote in message news:eUh6F1LkJHA.4760@xxxxxxxxxxxxxxxxxxxxxxx

Justin wrote:

Jack the Ripper wrote:

Justin wrote:

Jack the Ripper wrote:

+Bob+ wrote:

On Sun, 15 Feb 2009 15:43:31 -0500, Jack the Ripper <Jack@xxxxxxxxxxx>
wrote:

Nothing is bulletproof, but one doesn't see a lot of posts by Vista users about virus or malware issues, not like you see on XP.

No, but you do see a lot of posts about how UAC sucks. Good idea, bad
implementation.

It's the posts of the ignorant. I would rather have it enabled so that I am not on the Internet with full admin rights, like the previous versions of the NT based O/S(s,) which are open by default O/S(s) and wide-open to attack/compromise by default.

Is that so hard for you or anyone else to understand?

As long as you're not logged on as admin you should be fine. At most I keep users at Power User rights.
While I understand running as admin is unsafe, simply having the account enabled is not a security risk.

I am going to try to explain this again. The out of the box admin account on Vista that is given to a user or any subsequent admin account that is created on Vista with UAC enabled is NOT a full-rights-admin account. It's only a Standard user account, which must be escalated to a use the full-adminrights token to do anything requiring admin-full-rights as an administrator.

I get it.
I don't need any escalation to admin. The problem is, what if there's some malware. Some malware named "winenhancer." The user sees the UAC prompt "Winenhancer must access the internet!" and the user clicks on yes.
So UAC only works when the user knows everything about the PC, which is unrealistic for a standard dumb user whose job is to type out proposals and reports.

Oh, I get it. It's not the responsibility of the dumb user to know what he or she is dumbly clicking on as they point and click. It's their responsibly to know the situation, but they don't and most never will.

However, network admins take that responsibly for this type of worker by using a network proxy that only allows the users to go to approved sites closing the attack vector and mitigating such damage, as its their responsibility to protect company's interest and not some office clerk, lock them down.

Just like with Linux which has the same kind of an approval process within its O/S, they point, click, approve and it's all bets are off. But with UAC enabled when one does this, the damages are mitigated to a certain degree as UAC protects critical areas and also not allowing the malware to continuously run under the context of the user-admin full-rights access token, to spread damage.

But rather with UAC enabled, the compromise runs under the context of the admin's Standard user token, because admin user on Vista is returned to using that token upon privileged escalation completion, and it's a limit rights token, which mitigates/limits damage.

Like I said, nothing is bulletproof not even god's O/S Linux, but UAC on the MS platform is better than have nothing at all, which is the case in fact with the previous versions of the NT based O/S platform, open by default O/S(s), to help protect the O/S.

Real time scanning by (even free) third party programs provides (in many cases) superior protection with less annoyance.

BS, as it's just a program that can be fooled like any other program's job that is to detect.

So why put something in the OS that just pisses many people off and is (by MS admission) made irritating on purpose?

Why put something in the O/S? Why put something in the O/S? It's because the buck stops at the O/S, and it stops nowhere else but the O/S.
.

---

• References:
  • I turned off UAC
    • From: Justin
  • Re: I turned off UAC
    • From: Kayman
  • Re: I turned off UAC
    • From: Justin
  • Re: I turned off UAC
    • From: Jack the Ripper
  • Re: I turned off UAC
    • From: Jack the Ripper
  • Re: I turned off UAC
    • From: Justin
  • Re: I turned off UAC
    • From: Jack the Ripper
  • Re: I turned off UAC
    • From: Justin
  • Re: I turned off UAC
    • From: Jack the Ripper
  • Re: I turned off UAC
    • From: Not Even Me

• Prev by Date: Re: can't get to websites
• Next by Date: Re: Seen on the Net
• Previous by thread: Re: I turned off UAC
• Next by thread: Re: I turned off UAC
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: I turned off UAC ... Vista users about virus or malware issues, not like you see on XP. ... I would rather have it enabled so that I am not on the Internet with full admin rights, like the previous versions of the NT based O/Swhich are open by default O/Sand wide-open to attack/compromise by default. ... The out of the box admin account on Vista that is given to a user or any subsequent admin account that is created on Vista with UAC enabled is NOT a full-rights-admin account. ... (microsoft.public.windows.vista.general) Re: I turned off UAC ... I would rather have it enabled so that I am not on the Internet with full admin rights, like the previous versions of the NT based O/Swhich are open by default O/Sand wide-open to attack/compromise by default. ... The out of the box admin account on Vista that is given to a user or any subsequent admin account that is created on Vista with UAC enabled is NOT a full-rights-admin account. ... what if there's some malware. ... However, network admins take that responsibly for this type of worker by using a network proxy that only allows the users to go to approved sites closing the attack vector and mitigating such damage, as its their responsibility to protect company's interest and not some office clerk, lock them down. ... (microsoft.public.windows.vista.general) Re: I turned off UAC ... Vista users about virus or malware issues, not like you see on XP. ... I would rather have it enabled so that I am not on the Internet with full admin rights, like the previous versions of the NT based O/Swhich are open by default O/Sand wide-open to attack/compromise by default. ... The out of the box admin account on Vista that is given to a user or any subsequent admin account that is created on Vista with UAC enabled is NOT a full-rights-admin account. ... (microsoft.public.windows.vista.general) Re: I turned off UAC ... users about virus or malware issues, not like you see on XP. ... but you do see a lot of posts about how UAC sucks. ... As long as you're not logged on as admin you should be fine. ... account enabled is not a security risk. ... (microsoft.public.windows.vista.general) Re: I turned off UAC ... The User Access Control (UAC) can detect rootkits before they install. ... The admin-user is only a user with Standard user rights, that must be escalated to admin rights, the escalation to full-admin rights only last for the moment of escalation to do the task, and then the admin user is returned to being a Standard user again with Standard user rights only, not admin rights. ... Malware or a virus can only run under the context of the user account that is using the computer. ... (microsoft.public.windows.vista.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Vista  > microsoft.public.windows.vista.general  > 2009-02