Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Playing with UAC
Message
<blockquote data-quote="Trident" data-source="post: 1079588" data-attributes="member: 99014"><p>I have to agree that UAC can’t increase the overall security posture for single home users, as it’s not well understood what the software will do once allowed, and fail to do once denied admin rights. When you display the same dialogues upon trying to change the system time and upon trying to launch malware, this dialogue starts to be meaningless to the user.</p><p></p><p>HIPS can be considered an “overblown” version of UAC (per-action-permission system) and for obvious reasons, only 2-3 vendors offer it in home products now, with Eset and Comodo being primary and Kaspersky offering “smarter”, more autonomous HIPS with less questions. <strong>Asking the user what should be done in terms of security is a concept that is not preferred</strong> — it didn’t work for Panda in 2005 and it didn’t work for Bitdefender in 2008. It certainly doesn’t work for Comodo, Eset, Microsoft or anyone else in 2024 either. It didn’t work for WOT when they relied on the “huge user base” to tell them which website seems safe and which doesn’t.</p><p><strong>Security is the job of professionals</strong> and not the grandma looking to Skype or the teenager looking to play Dota and watch YouTube.</p><p></p><p>In this relation, the permission system in iOS/Android/MacOS/ChromeOS can be considered modern version of UAC that allows users to understand what exactly they are allowing — still far from perfect though. Perhaps if UAC evolved to be something similar, it would be somewhat useful.</p><p>The Mac implementation of UAC is this, also not great but much less noisy and users understand that <strong>elevating is a big deal</strong>. All apps, including installers work non-elevated.</p><p>Fingerprint is required when actions affecting personal files are to be performed - obviously to confirm that it’s you, the owner. Password is required for system-related events like updates. </p><p>[URL unfurl="true"]https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/AccessControl.html[/URL]</p><p>And Linux Polkit (similar to Apple):</p><p>[URL unfurl="true"]https://en.m.wikipedia.org/wiki/Polkit[/URL]</p><p></p><p>Some may say SAC or smart screen filter are natural evolution of UAC but they cover what’s allowed to run, whilst UAC covers what’s allowed to make changes that can turn out to be harmful.</p><p>They are essentially very different and all 3 complement each other, together with Microsoft Defender.</p></blockquote><p></p>
[QUOTE="Trident, post: 1079588, member: 99014"] I have to agree that UAC can’t increase the overall security posture for single home users, as it’s not well understood what the software will do once allowed, and fail to do once denied admin rights. When you display the same dialogues upon trying to change the system time and upon trying to launch malware, this dialogue starts to be meaningless to the user. HIPS can be considered an “overblown” version of UAC (per-action-permission system) and for obvious reasons, only 2-3 vendors offer it in home products now, with Eset and Comodo being primary and Kaspersky offering “smarter”, more autonomous HIPS with less questions. [B]Asking the user what should be done in terms of security is a concept that is not preferred[/B] — it didn’t work for Panda in 2005 and it didn’t work for Bitdefender in 2008. It certainly doesn’t work for Comodo, Eset, Microsoft or anyone else in 2024 either. It didn’t work for WOT when they relied on the “huge user base” to tell them which website seems safe and which doesn’t. [B]Security is the job of professionals[/B] and not the grandma looking to Skype or the teenager looking to play Dota and watch YouTube. In this relation, the permission system in iOS/Android/MacOS/ChromeOS can be considered modern version of UAC that allows users to understand what exactly they are allowing — still far from perfect though. Perhaps if UAC evolved to be something similar, it would be somewhat useful. The Mac implementation of UAC is this, also not great but much less noisy and users understand that [B]elevating is a big deal[/B]. All apps, including installers work non-elevated. Fingerprint is required when actions affecting personal files are to be performed - obviously to confirm that it’s you, the owner. Password is required for system-related events like updates. [URL unfurl="true"]https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/AccessControl.html[/URL] And Linux Polkit (similar to Apple): [URL unfurl="true"]https://en.m.wikipedia.org/wiki/Polkit[/URL] Some may say SAC or smart screen filter are natural evolution of UAC but they cover what’s allowed to run, whilst UAC covers what’s allowed to make changes that can turn out to be harmful. They are essentially very different and all 3 complement each other, together with Microsoft Defender. [/QUOTE]
Insert quotes…
Verification
Post reply
Top