Do you use a Standard User Account (SUA)?

Do you use Standard User Account?

  • Yes

    Votes: 33 37.5%
  • No

    Votes: 55 62.5%

  • Total voters
    88

Windows Defender Shill

Level 7
Verified
Well-known
Apr 28, 2017
326
Reasons I don't use Standard

*Computer used more resources versus just having an admin account.
*File storage was less complicated
*I'm pathological about ensuring my settings are at their desired level. Using a Standard account made this much more tedious
 
  • Like
Reactions: shmu26 and frogboy
5

509322

Most people realize UAC has serious flaws. It's all the blowing stuff out of proportion that sows confusion - which is normal for most things reported on the forums.
 
  • Like
Reactions: SHvFl
D

Deleted member 178

As for the factual point, I think you got me wrong. I meant like this:
1 I am in SUA.
2 I unknowingly execute a malware file.
3 It is loaded in memory, but cannot perform the attack, because it lacks permissions.
4 While still in SUA, I enter my admin password, in order to run my macrium reflect backup job.
5 Bang! the malware got elevated permissions, and pawns my computer.
Is this right?
Nope, read carefully my post earlier. (and also the articles/threads you are quoting)


As for the respect issue: I usually read articles and posts carefully before responding, and if I don't understand a point, I often engage in long discussions with other forum members who know more, until I get it. Once I get the point, I do share it with others.
So if I post something you disagree with, go right ahead and disagree, but with a little common decency, please.
EDIT: My request is that you show common decency to all MT posters, not just me. It is a general issue.]
Issue to you, so honestly, i don't care. Everybody here knows how i am from the start.
I was like that on MT far become being mod, while i am mod and far after i will not be mod. I dont care of others opinion on my character, i just care they got the right infos whatever it displease a member, a developer or even another mod.
I'm not here to sugarcoat my words to people for their ego's sake or sensitivity; it is a security forum, a place people comes for help and learn security. Computer security is important, we are not in facebook where we let people spread wrong/incorrect stuff. I'm straight towards people, even rude so what i say get right into their brain, far better than sugarcoated words; because people remember better when they get slapped.
If you don't like my way, just ignore me but you can be sure i won't ignore anyone incorrectness as far i can find it.
 
Last edited by a moderator:
5

509322

Actually I re-read Part 2 and the author mocks Microsoft by mentioning that the CIA has more than likely long known about UAC's flaws. So maybe all the 3 and 4 letter security agencies of the world are already using it. So what if that is true ? It's not something that should knock your security socks off.
 
D

Deleted member 178

So maybe all the 3 and 4 letter security agencies of the world are already using it. So what if that is true ? It's not something that should knock your security socks off.
Yep, beginners/average security forums members get their paranoia levels skyrocketting after reading (and 90% of the time not understanding) every PoC articles; then go posting "but if that blablabla , if this blablabla, we are owned !"
 
  • Like
Reactions: SHvFl
5

509322

Yep, beginners/average security forums members get their paranoia levels skyrocketting after reading (and 90% of the time not understanding) every PoC articles; then go posting "but if that blablabla , if this blablabla, we are owned !"

It is because most infos on the web (and elsewhere) are not explained in practical, easily understood terms for the non-IT professional. Hell, there are IT pros with PhDs that scratch their heads too. It's the lack of readily accessible, easy to understand infos.
 
5

509322

Yep, beginners/average security forums members get their paranoia levels skyrocketting after reading (and 90% of the time not understanding) every PoC articles; then go posting "but if that blablabla , if this blablabla, we are owned !"

It is just like the SMB\Eternal Blue\DoublePulsar ballyhoo. It had some people figuratively buying arms & ammunition along with survival gear.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,041
Okay, I finally found it.
There is a thread that discusses the split-token issue with SUA. Please explain the issue in plain terms, so that all (even me) can understand.
Removing User Admin Rights Mitigates 94% of All Critical Microsoft Vulnerabilities
The source of this article are :
Tyranid's Lair: Reading Your Way Around UAC (Part 1)
Tyranid's Lair: Reading Your Way Around UAC (Part 2)
Tyranid's Lair: Reading Your Way Around UAC (Part 3)


The conclusion about SUA:
"What about Over-The-Shoulder elevation, where you need to supply a username and password of a different user, does that suffer from the same problem? Due to the design of UAC those "Other User" processes also have the same Logon Session SID access rights so a normal, non-admin user can access the elevated token in the same way. Admittedly just having the token isn't necessarily exploitable, but attacks only get better, would you be willing to take the bet that it's not exploitable?"

The author pointed out the theoretical elevation vulnerability when supplying credentials on SUA. It could be exploited (maybe). But, there is known vulnerability related to stealing credentials on SUA. The Malware is running in the background and waiting. When you try to elevate something, then it hides the UAC prompt and shows the fake one. After stealing credentials, it elevates without problems. Windows has a policy (and reg tweak) to prevent this vulnerability - if activated, then you must press CTRL-ALT-DEL to show the credentials window.

Edit.
Another well known possibility, is stealing admin credentials from the cache. Caching the credentials is not very useful in home networks, so it should be disabled by policy setting or the reg tweak.
 
Last edited:

Deletedmessiah

Level 25
Verified
Top Poster
Content Creator
Well-known
Jan 16, 2017
1,469
It is because most infos on the web (and elsewhere) are not explained in practical, easily understood terms for the non-IT professional. Hell, there are IT pros with PhDs that scratch their heads too. It's the lack of readily accessible, easy to understand infos.
Right! Many information on web is explained in very difficult ways. Can't understand those complex technical words. To a non native english person, it becomes even harder. So many times I end up misunderstanding or not understanding at all.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
The source of this article are :
Tyranid's Lair: Reading Your Way Around UAC (Part 1)
Tyranid's Lair: Reading Your Way Around UAC (Part 2)
Tyranid's Lair: Reading Your Way Around UAC (Part 3)


The conclusion about SUA:
"What about Over-The-Shoulder elevation, where you need to supply a username and password of a different user, does that suffer from the same problem? Due to the design of UAC those "Other User" processes also have the same Logon Session SID access rights so a normal, non-admin user can access the elevated token in the same way. Admittedly just having the token isn't necessarily exploitable, but attacks only get better, would you be willing to take the bet that it's not exploitable?"

The author pointed out the theoretical elevation vulnerability when supplying credentials on SUA. It could be exploited (maybe). But, there is known vulnerability related to stealing credentials on SUA. The Malware is running in the background and waiting. When you try to elevate something, then it hides the UAC prompt and shows the fake one. After stealing credentials, it elevates without problems. Windows has a policy (and reg tweak) to prevent this vulnerability - if activated, then you must press CTRL-ALT-DEL to show the credentials window.
Thanks once again to @Andy Ful for interesting and understandable info!
 

Transhumana

Level 6
Verified
Well-known
Jul 6, 2017
271
Imo if you need to write admin password while SUA then you are using it wrong. All admin related work should be done with an admin account when needed. More experienced members here can explain it better why that's the case.
Edit: I forgot to say, I am using SUA.

I might be misinformed but I still prefer doing those few things that need administrator privileges via SUA than logging into Admin account. If I'm that extremely unlucky to catch some kind of malware of which presence I'm not aware and that could exploit my granting administrator privileges to some legit process, I'm fairly sure that logging into my Admin account to do the job wouldn't help at all. :D But if I'm wrong, I'll gladly stand corrected and learn something new. :)
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,041
Many MalwareTips members (like me) treat their computer as experimental lab, so they often need admin rights. Default deny protection is also my favorite. And of course, using SUA if far away of bullet proof security.

But it is also true that default deny protection can be for many users far more frustrating than SUA!
SUA is still the most efficient solution, for people who do not need frequently admin rights.

Edit1.
Here is some statistics (again), let's look at it in the context of the 0-day malware:
  • About 80% malware run with the rights higher than standard user.
  • 86% of Critical vulnerabilities affecting Windows could be mitigated by removing admin rights.
  • 99.5% of all vulnerabilities in Internet Explorer could be mitigated by removing admin rights.
  • 82% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights.
  • 85% of Remote Code Execution vulnerabilities could be mitigated by removing admin rights.
  • 82% of Critical vulnerabilities affecting Windows 10 could be mitigated by removing admin rights.
  • 63% of all Microsoft vulnerabilities reported in 2015 could be mitigated by removing admin rights.
I know many antivirus solutions that have worse statistics on Admin account.:)

Edit2.
Every security solution is stronger on SUA as compared to Admin account.
 
Last edited:

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Many MalwareTips members (like me) treat their computer as experimental lab, so they often need admin rights. Default deny protection is also my favorite. And of course, using SUA if far away of bullet proof security.

But it is also true that default deny protection can be for many users far more frustrating than SUA!
SUA is still the most efficient solution, for people who do not need frequently admin rights.

Edit1.
Here is some statistics (again), let's look at it in the context of the 0-day malware:
  • About 80% malware run with the rights higher than standard user.
  • 86% of Critical vulnerabilities affecting Windows could be mitigated by removing admin rights.
  • 99.5% of all vulnerabilities in Internet Explorer could be mitigated by removing admin rights.
  • 82% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights.
  • 85% of Remote Code Execution vulnerabilities could be mitigated by removing admin rights.
  • 82% of Critical vulnerabilities affecting Windows 10 could be mitigated by removing admin rights.
  • 63% of all Microsoft vulnerabilities reported in 2015 could be mitigated by removing admin rights.
I know many antivirus solutions that have worse statistics on Admin account.:)

Edit2.
Every security solution is stronger on SUA as compared to Admin account.
I changed my vote to "yes".
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
That is the best thing you could do, you said you need admin account to use Hebrew character, doesn't Win10 support it ? or you need a dedicated software?
The story is I gave in to Microsoft. They are aggressively pushing the new Hebrew keyboard layout, so I decided I would learn it, and I gave up on the legacy keyboard layout. Everything comes with a price.
 
F

ForgottenSeer 55474

I am using an outlook account if that is what SUA means:)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top