- Status
- Jan 9, 2013
- 1,457
- Mar 1, 2014
- 1,708
Thanks for this, @Umbra!
From what I understand:
Generally, malware authors target to get higher integrity level rights in a system (Windows Vista to Windows 10). These higher integrity levels require administrative rights. And UAC is the one that blocks and asks for elevation. So, given the Kaspersky Security Network statistics, just by enabling UAC and answering No, you prevent at least 80% of malware from completely infecting and/or causing major damage to the system. The rest of the malware, the 20% that don't ask for admin rights, may infect the system without causing major damage. So, it's better to keep malware at bay from those higher integrity levels by answering No to a UAC prompt.
Of course, you can't always say no to a UAC prompt, but the point is that when something out of the blue asks for an elevation, it's prudent to say no.
From what I understand:
Generally, malware authors target to get higher integrity level rights in a system (Windows Vista to Windows 10). These higher integrity levels require administrative rights. And UAC is the one that blocks and asks for elevation. So, given the Kaspersky Security Network statistics, just by enabling UAC and answering No, you prevent at least 80% of malware from completely infecting and/or causing major damage to the system. The rest of the malware, the 20% that don't ask for admin rights, may infect the system without causing major damage. So, it's better to keep malware at bay from those higher integrity levels by answering No to a UAC prompt.
Of course, you can't always say no to a UAC prompt, but the point is that when something out of the blue asks for an elevation, it's prudent to say no.
Last edited:
ExactThanks for this, @Umbra!
From what I understand:
Generally, malware authors target to get higher integrity level rights in a system (Windows Vista to Windows 10). These higher integrity levels require administrative rights. And UAC is the one that blocks and asks for elevation. So, given the Kaspersky Security Network statistics, just by enabling UAC and answering No, you prevent at least 80% of malware from completely infecting and/or causing major damage to the system. The rest of the malware, the 20% that don't ask for admin rights, may infect the system without causing major damage. So, it's better to keep malware at bay from those higher integrity levels by answering No to a UAC prompt.
Of course, you can't always say no to a UAC prompt, but the point is that when something out of the blue asks for an elevation, it's prudent to say no.
UAC become a security feature by chance, because malware writers wrote their code to get admin rights (they need their code to have advanced capabilities).
- Feb 13, 2017
- 1,486
Unfortunately, some malware do not require admin rights but are still dangerous.
Stampado ransomware for example, doesn't require administrator privileges in order to install itself on the pc and once infected the computer, the ransomware encrypts the data on the hard disk, and grants to the victim 96 hours to pay a ransom, thereafter, if the user doesn't pay, it starts to delete random files every six hours.
Stampado ransomware for example, doesn't require administrator privileges in order to install itself on the pc and once infected the computer, the ransomware encrypts the data on the hard disk, and grants to the victim 96 hours to pay a ransom, thereafter, if the user doesn't pay, it starts to delete random files every six hours.
- Mar 1, 2014
- 1,708
Yep! The author of the article took note of that kind of UAC bypass.
But his whole point in the article is just to explain the security hierarchy of Windows Vista, and higher, and that malware authors write codes to get to those higher integrity levels, asking for elevation through UAC, or bypassing UAC altogether.
- Jul 3, 2015
- 8,153
it sounds like ransomware is sometimes capable of running with low permissions, whereas most other baddies will probably be stopped by UAC+SUA. And ransomware can be laughed at if you have up to date offline backups.
- Feb 13, 2017
- 1,486
A question: if a malware doesn't require admin rights, can we speak of UAC bypass?
I mean, if a malware requires admin rights but UAC does not block its execution then it is UAC bypass, or both situations?
I mean, if a malware requires admin rights but UAC does not block its execution then it is UAC bypass, or both situations?
- Mar 1, 2014
- 1,708
Depends on the malware, I think. If a malware is designed to get to those higher integrity levels and is successful without UAC block/prompt (assuming UAC is enabled), then I think it would be a bypass. But if a malware is designed to just mess with Medium Integrity level or below, then it wouldn't be a bypass of UAC, since UAC isn't required in the first place. So, it all depends on how the author codes the malware.A question: if a malware doesn't require admin rights, can we speak of UAC bypass?
I mean, if a malware requires admin rights but UAC does not block its execution then it is UAC bypass, or both situations?
- Feb 13, 2017
- 1,486
Thanks @XhenEd to have confirmed what I was thinkingDepends on the malware, I think. If a malware is designed to get to those higher integrity levels and is successful without UAC block/prompt (assuming UAC is enabled), then I think it would be a bypass. But if a malware is designed to just mess with Medium Integrity level or below, then it wouldn't be a bypass of UAC, since UAC isn't required in the first place. So, it all depends on how the author codes the malware.
Humor about XP users:
The End.
Couldn't help myself when the Author mentioned XP.
"Windows XP can load in 5 seconds with 15 processes, it is faster than Windows 10 and I can keep it more secure than Windows Defender, since it's a crap Antivirus and not detect any samples from my 3 file Malware Pack, 0% detection rate, Emsisoft detected all 3 files for 100% protection. Its the best. I use Malwarebytes Anti-Exploit because Microsoft don't support this OS. Who are they to say to force users to Windows 10!! And XP don't spy on users, like NSA Windows 10."
Who are they to say to force users to Windows 10!! And XP don't spy on users, like NSA Windows 10."The End.
Couldn't help myself when the Author mentioned XP.
- Feb 13, 2017
- 1,486
- Status
Similar threads
