- Apr 13, 2013
- 3,224
Scenario- You have a Windows 7 system with UAC at maximum. An alert on file run would count as protection.
This WILL count toward your Final Grade.
This WILL count toward your Final Grade.
Pop Quiz Regarding UAC
- Thread starter cruelsister
- Start date
- Jun 16, 2014
- 781
I am a little confused.Does UAC set on always notify protect me from these things or not? I have UAC set on always notify at present time.
It won't protect you per se. If something runs and attempts to modify your system files etc, UAC will notify you. Of course, the filename might be something 'innocent' like Windows-Update-KB1083208.exe and so you might just let it run without realising it's malicious. There are also ways around UAC (I'm not sure how effective they are now on fully patched systems).
So short answer, not UAC won't protect you completely but it is a great first line of defense.
- Apr 13, 2013
- 3,224
Sorry- I call Zappers those Malware that delete critical system files (normally the System32 directory) making the computer totally unbootable.
Everyone seems to call these things differently, see: https://www.virustotal.com/en/file/...6fd45d89b90bb87914ba8649/analysis/1393817019/
Everyone seems to call these things differently, see: https://www.virustotal.com/en/file/...6fd45d89b90bb87914ba8649/analysis/1393817019/
- Apr 13, 2013
- 3,224
OK- that should be long enough. UAC is essentially protection from System files being played with and blocks files that request advanced privileges (Admin functions). Even if you start an application like Task manager that basically inventories critical system functions an alert will be triggered.
Microsoft incompletely puts it thus: "User Account Control (UAC) is a feature in Windows that can help you stay in control of your computer by informing you when a program makes a change that requires administrator-level permission. UAC works by adjusting the permission level of your user account. If you’re doing tasks that can be done as a standard user, such as reading e‑mail, listening to music, or creating documents, you have the permissions of a standard user—even if you’re logged on as an administrator."
Please understand malware that avoid doing these things will run quite nicely, and sadly the great bulk of malware that's in the Wild will never trigger a prompt from UAC.
1). Keyloggers- These nasties usually have three components- the keylogger itself that will hook on to (normally) the keyboard, recording strokes in some fashion, an autorun component (so the recording can proceed even after system shutdown), and coding to allow the recorded data to be transmitted out. As no privilege elevation is needed and no install routine is done, UAC will totally ignore most well coded keyloggers.
2). System File Zappers- as this type of malware attempts to screw with System files, UAC will not only block this action, but do it totally silently. Note that on Win 7 this is done at any UAC level above Never Notify. whereas with Windows 8 the action will be always blocked even at what is perceived to be the UAC off level of Never Notify (you can't really totally kill UAC in Win8 without much playing around which only the totally frayed would even want to do).
3). Ransomware Encryptors- This type of malware does nothing more than do a search for certain file types like documents, pictures, email, etc. As it avoids things like exe. sys, dll, UAC couldn't care less. When the ransomware files and encrypts these files it can be viewed as a simple manipulation (like a user changing a Word document, editing a jpeg, or deleting an email. None of these actions need Admin functions, and nothing disturbs Sytem files.
So- UAC allows both keyloggers and Encryptors, and only blocks Zappers.
Microsoft incompletely puts it thus: "User Account Control (UAC) is a feature in Windows that can help you stay in control of your computer by informing you when a program makes a change that requires administrator-level permission. UAC works by adjusting the permission level of your user account. If you’re doing tasks that can be done as a standard user, such as reading e‑mail, listening to music, or creating documents, you have the permissions of a standard user—even if you’re logged on as an administrator."
Please understand malware that avoid doing these things will run quite nicely, and sadly the great bulk of malware that's in the Wild will never trigger a prompt from UAC.
1). Keyloggers- These nasties usually have three components- the keylogger itself that will hook on to (normally) the keyboard, recording strokes in some fashion, an autorun component (so the recording can proceed even after system shutdown), and coding to allow the recorded data to be transmitted out. As no privilege elevation is needed and no install routine is done, UAC will totally ignore most well coded keyloggers.
2). System File Zappers- as this type of malware attempts to screw with System files, UAC will not only block this action, but do it totally silently. Note that on Win 7 this is done at any UAC level above Never Notify. whereas with Windows 8 the action will be always blocked even at what is perceived to be the UAC off level of Never Notify (you can't really totally kill UAC in Win8 without much playing around which only the totally frayed would even want to do).
3). Ransomware Encryptors- This type of malware does nothing more than do a search for certain file types like documents, pictures, email, etc. As it avoids things like exe. sys, dll, UAC couldn't care less. When the ransomware files and encrypts these files it can be viewed as a simple manipulation (like a user changing a Word document, editing a jpeg, or deleting an email. None of these actions need Admin functions, and nothing disturbs Sytem files.
So- UAC allows both keyloggers and Encryptors, and only blocks Zappers.
Littlebits
Retired Staff
- May 3, 2011
- 3,893
UAC on Windows 8 set to max also blocks many Windows features, on Windows 7 it will give you far too many prompts.
I only recommend using default settings, common sense don't download suspicious files then you will not have to worry.
Windows Firewall blocks keyloggers from sending data to servers.
If you encrypt your documents with a free program like Axcrypt, they can not be accessed by Encryptors.
Enjoy!!
I only recommend using default settings, common sense don't download suspicious files then you will not have to worry.
Windows Firewall blocks keyloggers from sending data to servers.
If you encrypt your documents with a free program like Axcrypt, they can not be accessed by Encryptors.
Enjoy!!
- Mar 28, 2014
- 497
I don't think "system file zappers" are so common in the wild today. It was way back then, when most malware was written by laid back "hacker" friends to annoy their neighbours or as a joke. That "joke" could've been crippling the computer. These days, when the only thing that matters is money, most malware WANTS the computer to stay as functional as possible as they either use its resources (mining, click fraud, botnets, etc) or hold it hostage (encryptors, ransomware).
Someone voted after @cruelsister posted the solution...
- Jun 16, 2014
- 781
Well the term "system file zappers" is a bit vague. UAC won't "protect" you from anything that modifies system files. And in fact having UAC set at maximum will produce so many false positive alerts you're more susceptible to "alert fatigue" which is when you get so many alerts you start to ignore them or just click allow by default without fully considering the information.
Not to mention UAC won't protect you against a malicious process which has been injected into an allowed process from doing damage
That's why I voted "None of the above"
Not to mention UAC won't protect you against a malicious process which has been injected into an allowed process from doing damage
That's why I voted "None of the above"
- Apr 13, 2013
- 3,224
Cowpipe- I totally agree with you that there really is not a great many pieces of malware whose sole purpose is to trash a system as there is no monetary benefit to the BlackHats (as Mateotis has elegantly affirmed). But sadly that's about all UAC is good for. And although I certainly also agree that UAC at max is the very definition of annoying, setting it at the max level would be the only honest way to test any resultant protection afforded.
The purpose of this Quiz was just to correct any mistaken impressions that UAC actually protects against anything relevant (as I'm sure you already know). I frequently read where a user will be berated for shutting off UAC, but I rarely have read anything (in a non-tech forum) that states UAC provides no protection against a vast majority of malware.
The purpose of this Quiz was just to correct any mistaken impressions that UAC actually protects against anything relevant (as I'm sure you already know). I frequently read where a user will be berated for shutting off UAC, but I rarely have read anything (in a non-tech forum) that states UAC provides no protection against a vast majority of malware.
- Mar 28, 2014
- 497
You are completely right. Still, UAC is something that's better enabled than disabled (at least on default, max is indeed pretty annoying and wastes more time than it saves). Despite not being nearly as effective as your "primary" protection layers (AV, AM, firewall, etc), it's one little added layer of security, which is always appreciated.
Of course, it should not lure you into a false sense of security. You simply cannot trust a file only because UAC let it through.
Similar threads
