A second post by Ronnie Vernon MS MVP to Bob
Quote:"Bob" <bob@nowhere.net> wrote in message
news:8MOdnY5hI8aWaHvanZ2dnUVZ_gKdnZ2d@comcast.com...
> Ronnie
> Even with the prompt enabled it still requires the user to be
> knowledgeable of the application UAC is prompting about. Once elevation is
> allowed UAC does not protect the user. Clicking allow becomes nothing more
> than an annoying additional click which in many cases becomes automatic.
It's only annoying until you run into something unexpected. Right after
Vista was first released, we went through all of the debates about users
getting to the point where clicking on the prompt became an 'automatic'
response.
One user told us about a utility that he downloaded and installed and he got
the expected 'security warning' about the file not having a digital
signature. He clicked to run the file anyway and the utility installed. He
then got a message to 'click here' to configure your personal settings. He
then received this prompt.
http://i196.photobucket.com/albums/aa86/rvmv/UACPrompt2.jpg
Without UAC, he never would have been aware of the second file being
installed, since he had already permitted the program to run. Needless to
say, he decided that he would leave UAC on.
> Additionally, the most common way a PC becomes infected is by downloading
> something from the net and even with the UAC prompts disabled you still
> receive a security warning when you attempt a download.
Only in specific instances, such as an installation file that does not have
a digital signature attached. The security warning does nothing to protect
against 'drive-by' downloads that run automatically. Most of the smaller
software developers will not bother with a digital signature, simply because
it is time consuming and expensive for them.
>
> Personally, when I decide to run something I don't have a need to be asked
> to confirm it. If I didn't want to run it I would not have clicked on it
> in the first place.
It's not about you deciding to run a program, it's about 'isolation', it's
about 'integrity levels', it's about what background actions the program
will take when you do run it. Have you ever wondered why an application,
that does nothing more than make images look better, needs full and
unrestricted access to every part of your computer?
>
> The bottom line is UAC does no more than protect the user from himself,
> and even that still requires the user to be knowledgeable.
This is the whole point of UAC. The only way that a malicious program can be
installed is if the user gets complacent and stops paying attention to what
they are doing.
When Vista is first installed, a user will typically see a ton of UAC
prompts as they install all of their software programs and utilities, but
these will gradually become more rare. Windows has to overcome almost twenty
years of being a 'push button' operating system before it will attain any
semblance of a 'secure' operating system. The education of users as well as
developers will take some time. UAC and other security 'hardening'
procedures are not going to 'go away'.
When the majority of developers see the benefits, and start following the
Microsoft developer guidelines for coding their programs and applications to
run in a 'least user privilege' environment, UAC will become a prompt that
is rarely seen. The vast majority of windows software should not even need
to initiate a UAC prompt.
Take a few minutes to read the following article. It will give you a better
understanding, and show you the underlying reasons and goals of UAC.
The Long-Term Impact of User Account Control:
http://technet.microsoft.com/en-us/magazine/cc137811.aspx
EndQuote
--
All the best,
SG
Is your computer system ready for Vista?
https://winqual.microsoft.com/hcl/
"Mark" <jmhonzell@nospam.comcast.net> wrote in message
news:B66A217C-BC8D-4B5A-9A68-DF729C6A43EE@microsoft.com...
> As I said before...
> Common sense goes a long way and with it, you need almost no protection.
> (How did we ever survive before UAC?)
> But, you will not convince the majority who become alarmist when you turn
> off the mandated or perceived need for lots of protection. For some
> reason, they seem to think that clicking a button stating Continue is
> protecting them from harm. Do they understand the warning? If they've
> decided to Continue after the first warning, do they need to read the same
> warning when it pops up for the third or fourth time for the same program
> start? Better yet, do they even read the message anymore? The only thing
> accomplished by UAC is the absolution of MS from damaging your computer...
> ...MS tried to warn you before krzpqtz.exe at 0x8007700b executed and YOU
> pressed Continue anyway.
>
> Enjoy your sense of security. Press Continue to end message.
>
>
> "Wil" <wilfridtaylor@gmail.com> wrote in message
> news:ecbf7184-a660-4d9a-91e5-5b5d9cd361b4@p39g2000prm.googlegroups.com...
>> On Apr 19, 2:40 pm, "SG" <so...@nomail.com> wrote:
>>> Quote from Ronnie Vernon Microsoft MVP whom IMO best explains the
>>> drawbacks
>>> of doing as this website suggest as well as any other Tweak program or
>>> Registry hack that runs UAC in quiet mode.
>>>
>>> Quote:
>>> This is a fallacy! If UAC cannot notify the user that a program is
>>> trying to
>>> gain global access to the system, then it is effectively 'disabled'.
>>> This so
>>> called 'quite mode' setting just changes a UAC registry setting to
>>> 'automatically elevate everything without prompting'. This means that
>>> when
>>> you click to open a file, it is 'assumed' that you already know that the
>>> file will have unrestricted access to your computer.
>>>
>>> The main thing that UAC does is to detect when a program or application
>>> tries to access restricted parts of the system or registry that requires
>>> administrator privileges. When a program does this, UAC will prompt the
>>> user
>>> for administrative elevation. Without this prompt, UAC cannot warn the
>>> user,
>>> which means that it is effectively disabled.
>>>
>>> Some people will tell you that using "quiet mode" will still let IE run
>>> in
>>> protected mode, but this just isn't true. Without the UAC prompt, a
>>> malicious file that runs from a website can run, without restrictions,
>>> and
>>> silently.
>>>
>>> Another issue is that with UAC prompt disabled, some legitimate
>>> procedures
>>> will just silently fail to work properly, with no notification, if you
>>> are
>>> logged on with a Standard User account, since the application cannot
>>> notify
>>> you that administrative privileges are required.
>>>
>>> Even the developer of the TweakUAC utility includes this statement about
>>> his
>>> product.
>>> "if you are an experienced user and have some understanding of how to
>>> manage
>>> your Windows settings properly, you can safely use the quiet mode of
>>> UAC."
>>> In my opinion, if you are an experienced user, the last thing you would
>>> want
>>> to do is turn off the UAC notification.
>>>
>>> If you 'are' an experienced user, then you would already know how to
>>> temporarily bypass the UAC prompt to perform just about any procedure in
>>> Vista, such as running programs from an elevated command prompt, or
>>> using an
>>> elevated instance of windows explorer.
>>>
>>> The last problem I have with this so-called 'quiet mode' is that it
>>> dissuades developers from programming their applications to run in a
>>> least
>>> user privilege environment.
>>> End Quote
>>>
>>> --
>>> All the best,
>>> SG
>>>
>>> Is your computer system ready for
>>> Vista?https://winqual.microsoft.com/hcl/
>>>
>>> "t-4-2" <t-4-2.383...@no-mx.forums.net> wrote in message
>>>
>>> news:t-4-2.3833k1@no-mx.forums.net...
>>>
>>>
>>>
>>> > rowanc88685289 Wrote:
>>> >> Every single time I log in to Windows, that bloody little pop-up
>>> >> comes
>>> >> in the
>>> >> notification area saying that my UAC is off and that this is a
>>> >> horrible
>>> >> problem.
>>> >> I know it's off. I turned it off. Why the hell would I be unaware of
>>> >> that?
>>>
>>> >> So my question is, how do I stop that annoying notice coming up every
>>> >> single
>>> >> time I start Windows?
>>> > Hello rowance,
>>> > This is t-4-2 again. Here is another link whose purpose is to elevate
>>> > your previledges to higher level in order to avoid the annoyance of
>>> > UAC
>>> > It's a compromise whereby Uac is still on but won't bother you as long
>>> > as you are on admin.account. Read the tutorial, it explains better
>>> > than
>>> > I can.
>>>
>>> >http://www.vistax64.com/tutorials/80938-user-account-control-uac-elev...
>>>
>>> > --
>>> > t-4-2
>>
>> Personally I think there should be more of an annoyance for people who
>> turn UAC off like it should change their wallpaper to bright red or
>> something every time they boot windows.
>>
>> There is never a good reason to turn off UAC on a system that you use
>> day to day.
>>
>> The only excuses I hear are as follows:
>>
>> * Oh the pop-up is so annoying so i turned it off.
>> A: Sorry stop being lazy. It is 2008 time to take responsibility for
>> your own security.
>>
>> * I am a power user so I don't need this kind of protection.
>> A: This one always cracks me up. By turning off UAC you are proving
>> you are actually a less experienced computer user then you think. UAC
>> is not just an annoying pop-up. If anything it actually makes using
>> your system easier. Without UAC you would have to right click
>> executables and select run as then enter your admin account
>> credentials. Would you rather doing that? Other option is to run
>> everything as an Administrator but only inexperienced users do that.
>>
>> * I never had that problem before in XP why change now.
>> A: Sure you never had problems before, doesn't make it any less stupid
>> to do though. It is like saying I put a blind fold on and ran across a
>> road and haven't been hit by a car yet. Sure you haven't had a problem
>> yet, doesn't make it any less stupid though.
>>
>> The whole UAC thing is a perception. Most people think oh its an
>> annoying dialogue, when yes it can be annoying but you should be
>> thinking ok why does this program need admin rights. If you think it
>> doesn't need them then click Deny then email the program vendor and
>> tell them to fix their buggy program. If the program actually does
>> need admin rights then click allow.
>