You seriously saying that?The security concern is that by giving your admin password to the task you want to perform, you will be giving it also to any malware that is trying to run.
That was the point of SUA ....Things just work better in an admin account. There are settings that you can't control properly in SUA.
@Umbra, please link us to the article that was posted on MT about a month ago about this very subject, and explain what point I misunderstood, or what point in the article you disagree with.You seriously saying that?
That was the point of SUA ....
Here's an example. I have two input languages: English and Hebrew. If I switch to SUA, Windows automatically gives me two versions of Hebrew keyboard, making it very frustrating to switch between languages, because I have three input methods to juggle. I can only stop this stupid Windows behavior if I am working in an admin account. As soon as I switch to SUA, the unwanted Hebrew input method comes right back.That is why it is not possible to have SUA without Admin.
i don't have time to search it.
Sorry to hurt your ego, but since you aren't a total noob and you like to give technical advices to beginner members, i will be harder on you than any other "classic" members, especially when your statements are (wanted ot not) unclear, undocumented and misleading, nothing to do with respect or not. You did this several times before, you stated things believing it is factual instead of researching beforehand. Each time i (or someone) had to correct you.Also, and this might be a little harder for you to do, but I really think you should respond to MT posters with a little common respect. If you are a moderator and a staff member, please behave accordingly.
As for the factual point, I think you got me wrong. I meant like this:i don't have time for that.
1- Usual malware doesn't "read" your admin account ! They don't have small eyes over your shoulder then sudden say "got its password ! i can elevate myself" .... (Malware that can grab grab logon password are another topic.) .
2- You are concerned by an issue you clearly doesn't fully comprehend. You were saying that on SUA you are concerned by a malware "reading" the admin password to elevate itself.
For that , they use Privilege Escalation to get higher privileges via various methods mostly code injection (the malware inject itself into un-elevated Explorer process , hook "SHELL32!AicLaunchAdminProcess " and wait a program to be elevated by the users) .
3- Finally , why would you be concerned about SUA? because a malware is escalating from it? No reason to be, because if you are on admin account, there is not even need of escalation, the malware already has the proper privileges to do its job,without the need of privilege escalation.
So SUA is safer than admin, why? because using an admin account as daily account is helping the malware to infect you.
Also, on SUA to be victim of privileges escalation, you had the malware or a remote attacker got in already.
Sorry to hurt your ego, but since you aren't a total noob and you like to give technical advices to beginner members, i will be harder on you than any other "classic" members, especially when your statements are (wanted ot not) unclear, undocumented and misleading, nothing to do with respect or not. You did this several times before, you stated things believing it is factual instead of researching beforehand. Each time i (or someone) had to correct you.
Who said that ?As for the factual point, I think you got me wrong. I meant like this:
1 I am in SUA.
2 I unknowingly execute a malware file.
3 It is loaded in memory, but cannot perform the attack, because it lacks permissions.
4 While still in SUA, I enter my admin password, in order to run my macrium reflect backup job.
5 Bang! the malware got elevated permissions, and pawns my computer.
Is this right?
As for the respect issue: I usually read articles and posts carefully before responding, and if I don't understand a point, I often engage in long discussions with other forum members who know more, until I get it. Once I get the point, I do share it with others.
So if I post something you disagree with, go right ahead and disagree, but with a little common decency, please.
EDIT: My request is that you show common decency to all MT posters, not just me. It is a general issue.
Okay, I finally found it.Who said that ?
No. It doesn't work like that. You can test easily for yourself. Install Process Explorer or Hacker in a SUA, make sure you show the permissions and integrity columns. Execute something that requires elevated privileges and enter the Admin password. Pay attention to the permissions column in Process Explorer\Hacker. Upon entering the Admin password and elevating the process requesting it, Admin privileges are not granted to all other processes.
The person you need to ask is fixer because he knows those Windows internals inside-and-out because of the way ReHIPS works.
In a nutshell, it is a Proof-of-Concept (PoC) UAC exploit.Okay, I finally found it.
There is a thread that discusses the split-token issue with SUA. Please explain the issue in plain terms, so that all (even me) can understand.
Removing User Admin Rights Mitigates 94% of All Critical Microsoft Vulnerabilities
I'd say you have a better chance of hitting the worldwide lotto for $1 billion U.S. than your system being miserably infected.Okay, so what is the risk with entering the admin password, when you are in SUA?
Here's more of the author's words in Part 3:I wouldn't mind hitting the lotto, but basically, all that discussion about the risk, on the thread I linked to, was extreme paranoia?