How many times a day do you deal with the UAC prompt?

Do you use User Access Control?

  • Yes, I have it enabled

    Votes: 31 70.5%
  • No, I have it disabled

    Votes: 13 29.5%
  • N/A (WinXP, Mac or Linux users)

    Votes: 0 0.0%

  • Total voters
    44

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
I don't want to overstate, but I always thought UAC was like a Romper Room PC behavior monitor compared to a solid firewall. If someone is not running one of the modern a-v/firewall combinations or a combination of a/v and firewall, I could see how the combination of Windows firewall and UAC would be at least comforting. However, a-v and Windows firewall is risky, even with UAC enabled. This is because UAC is not very specific in many cases with information about what is happening on the system. Also, the behaviors being monitored are limited in comparison to a good security firewall like Comodo.

I say go with a good a-v/firewall combo and either turn UAC off or leave it on a low setting. Or you can run a-v + Windows firewall + UAC and live with the results. UAC is too inflexible and comes across like an ineffective behavior monitor portion of a firewall to me. I have it turned off for that reason.

BTW, I use Private Firewall, which I know is not the best (and is no longer being updated :(), but there is a setting for every behavior/connection to generate a pop up. I use this setting and from there I can decide whether to allow once/block once/allow every time/block every time. Same applies to internet connections. Maybe that's similar to UAC, but PF gives easy access to the settings if I change my mind. Wish it were easier, so I could, for example, set an entire behavior to "ask" (like keyboard monitoring) system wide rather than just for each process one at a time. Over two years I've gotten fairly used to using PF, though, and I feel it's much more configurable than the Windows options of UAC + Windows firewall
 
D

Deleted member 178

I don't want to overstate, but I always thought UAC was like a Romper Room PC behavior monitor compared to a solid firewall

they have nothing in common...comparing each other definitely show a lack of knowledge of what they are.

If someone is not running one of the modern a-v/firewall combinations or a combination of a/v and firewall, I could see how the combination of Windows firewall and UAC would be at least comforting.

i have a very solid security setup and i still use UAC. UAC is Kernel level , so it is safer than any HIPS or BB who will never attain kernel level; those HIPS/BB have to set kernel hooks to works and by this weakening the Kernel if a malware managed to use those hooks to attain the kernel.

However, a-v and Windows firewall is risky, even with UAC enabled

not at all; learn what is Windows Firewall and UAC before making such statements.

This is because UAC is not very specific in many cases with information about what is happening on the system. Also, the behaviors being monitored are limited in comparison to a good security firewall like Comodo.
I say go with a good a-v/firewall combo and either turn UAC off or leave it on a low setting. Or you can run a-v + Windows firewall + UAC and live with the results. UAC is too inflexible and comes across like an ineffective behavior monitor portion of a firewall to me. I have it turned off for that reason.

UAC is not an HIPS or a Behavior Blocker or a firewall ! if a malware bypass your soft , only UAC may save your system.


BTW, I use Private Firewall, which I know is not the best (and is no longer being updated :(), but there is a setting for every behavior/connection to generate a pop up. I use this setting and from there I can decide whether to allow once/block once/allow every time/block every time. Same applies to internet connections. Maybe that's similar to UAC,

it will never be similar. HIPS/BB are what they are , UAC is UAC.

but PF gives easy access to the settings if I change my mind. Wish it were easier, so I could, for example, set an entire behavior to "ask" (like keyboard monitoring) system wide rather than just for each process one at a time. Over two years I've gotten fairly used to using PF, though, and I feel it's much more configurable than the Windows options of UAC + Windows firewall.

Because they have nothing in common... Windows Firewall is very strong if you know how to set it up.

final note:

That is amazing how you (and other people) don't understand what is UAC :

UAC is a tool that restrict privileges elevations, it means a process is disallowed to get admin rights if it not supposed to have them; unless the user expressly allow it. it is not a Firewall, behavior Blocker or HIPS.

User Account Control - Wikipedia, the free encyclopedia
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Thanks for the information.

I thought PF blocked programs and processes from running at the admin level. The reason I say so is because there is a behavior setting for each process called "Adjust Privilege".

That said, I can see where you are coming from on many levels. The problem for me in large degree is that UAC presents potentially complex changes as another prompt. The rest of the problem is with configurability. I can change the behaviors of processes on a PC here with PF in 3 clicks. I don't know where to start with UAC.

Windows firewall? It might be powerful, and I am seeing the light a little bit now that you mention it more and more over the last couple of days as I have been looking into Comodo Firewall and doing some research. I feel it's a good compliment for UAC, and the Trusted Installer and all of that are nice. I feel the problem with Windows Firewall is that making changes comes with limited information. I can see in PF what is connected and what is being blocked, all within a couple of clicks. Also, PF does have its own Trusted Publisher list that can be used and added to.

I feel like MS missed an opportunity with their firewall to be transparent with MS connections. If MS had chosen to somehow visually separate them from other connections, users could feel much more secure in knowing what is connecting that is NOT MS. Also, we could have a good discussion about which MS connections do what and which ones can be safely shut down and so on. For me, this creates a little bit of a shortfall of trust when it comes to the MS firewall in W7.

I feel like I have the configurability I require from the single PF interface. That works for me. It could be better if there were more information available I feel, but after two years and with programs like GlassWire for information, I am feel like for now this is a better option than MS.

As for why not using UAC, anyway. That's a good question. I guess I feel like I have outgrown the need for it at this point. I don't mean any disrespect at all. I am basing my confidence largely on the belief that a process attempting to change its privileges will be blocked by PF and that PF does what it says it does otherwise. After 2 years of the pop ups, it does seem to be doing the job...

Just for the record, I am curious to know how familiar you are with PFs behavior blocking capabilities. There are 21 behaviors monitored by PF, and each one can be set to ask, allow, block. In this way, I do feel like it is doing the job of UAC and more when it comes to kernel level and otherwise...
 
Last edited:
  • Like
Reactions: Hangtooth
D

Deleted member 178

Thanks for the information.

no problem :)

I thought PF blocked programs and processes from running at the admin level. The reason I say so is because there is a behavior setting for each process called "Adjust Privilege".

beware about the name of features in products, sometimes they wmeans nothing but eyepowder.

The rest of the problem is with configurability. I can change the behaviors of processes on a PC here with PF in 3 clicks. I don't know where to start with UAC.

you don't have to start with UAC, when UAC ask for a Process to be elevated, if you launch that process yourself , and you know it is safe ; then just allow; if you didn't launch it; just deny the elevation. UAC is more like a basic anti-executable (deny/default approach aka "yes or no")

Windows firewall? It might be powerful, and I am seeing the light a little bit now that you mention it more and more over the last couple of days as I have been looking into Comodo Firewall and doing some research. I feel it's a good compliment for UAC, and the Trusted Installer and all of that are nice. I feel the problem with Windows Firewall is that making changes comes with limited information. I can see in PF what is connected and what is being blocked, all within a couple of clicks. Also, PF does have its own Trusted Publisher list that can be used and added to.

because you never really play with Windows Firewall and its advanced settings, i have used Comodo for years , made plenty of guides about how to set it for max security, etc... and now what im using? Windows Firewall.

Windows Firewall is configured by default to be silent , but if you start playing with it , you can see its real power. Now as you said the only lacking feature of WF is there is not much alerts.

if we just talk about the inbound/outbound connection monitoring, WF is as good as other firewalls; the others just add features you seems to like (HIPS, etc...), but those features are not part of a firewall.

I feel like MS missed an opportunity with their firewall to be transparent with MS connections. If MS had chosen to somehow visually separate them from other connections, users could feel much more secure in knowing what is connecting that is NOT MS. Also, we could have a good discussion about which MS connections do what and which ones can be safely shut down and so on. For me, this creates a little bit of a shortfall of trust when it comes to the MS firewall in W7.

that is the only lack of WF. it is why we have some little softs like Binisoft Windows Firewall Control to do that. It is what i use.

I feel like I have the configurability I require from the single PF interface. That works for me. It could be better if there were more information available I feel, but after two years and with programs like GlassWire for information, I am feel like for now this is a better option than MS.

It is just a matter of taste; for me all the actual firewall (Comodo, Private, Zone Alarm, etc...) are not better than WF (about connections monitoring).

As for why not using UAC, anyway. That's a good question. I guess I feel like I have outgrown the need for it at this point. I don't mean any disrespect at all. I am basing my confidence largely on the belief that a process attempting to change its privileges will be blocked by PF and that PF does what it says it does otherwise. After 2 years of the pop ups, it does seem to be doing the job...

In fact you like HIPS/Behavior Blocker feature, which is totally different than UAC ; both works together, and do different jobs. I'm using anti-executables (more strict than HIPS).

Just for the record, I am curious to know how familiar you are with PFs behavior blocking capabilities. There are 21 behaviors monitored by PF, and each one can be set to ask, allow, block. In this way, I do feel like it is doing the job of UAC and more when it comes to kernel level and otherwise...

Tried it long time ago, i was not fan since we had better solutions like Comodo, more tweakable and secure to my taste. Now i use another approach : virtualization + anti-executable; which is stronger in term of security with less hassle (it block everything i dont allow myself, and if something manage to pass , it will not stay inmy system at the next boot); but this kind of setup is not for beginners.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Thanks for the information. Alot to think about...
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Tried it long time ago, i was not fan since we had better solutions like Comodo, more tweakable and secure to my taste. Now i use another approach : virtualization + anti-executable; which is stronger in term of security with less hassle (it block everything i dont allow myself, and if something manage to pass , it will not stay inmy system at the next boot); but this kind of setup is not for beginners.

SD + AG? :D
 
  • Like
Reactions: Deleted member 178

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
It takes a more time to appreciate the overall concept of UAC, as if you are intended as enthusiast use then you should understand that every actions taken must know very well by user approval cause once bypass then its a risk for you to encounter drive by executions already.
 

Anupam

Level 21
Verified
Well-known
Jul 7, 2014
1,017
I have UAC enabled.

It's like you live is a House. That house has a Big gate but still other rooms have doors in it.
Antiviruses are like that "Big Gate". But we still need that door. And yes a smart thief knows how to bypass both ;)

Enabling/ disabling it's personal choice though. You know what you are doing and should know there are consequences too irrespective of your choice.

I initially got irritated when I moved from XP but now all is well. I hardly install any new things and sometime UAC tells me I clicked the installer properly because it takes some times for the installer to respond meanwhile I keep clicking it :p . But UAC pop-up ensures that, yes I have clicked it :D
 
  • Like
Reactions: Cats-4_Owners-2

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top