- Jan 26, 2020
- 1,628
UAC - Quick notes on why I disable it. - TweakHound
I thought to share, since its a very nice post.
I thought to share, since its a very nice post.
UAC – Quick notes on why I disable it by TweakHound
- Thread starter amirr
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Dec 23, 2014
- 8,119
Nice article. The author explained his choice and also wrote:
"I install operating systems for many people and I would never disable it for someone else unless specifically requested to do so. I also ask if they were aware of the implications of disabling UAC. I reckon a line in the sand is better than nothing for some folks."
I would like to add an additional note. UAC is not a "security boundary" (whatever it means), especially when it is not set on the MAX level. Otherwise, many UAC bypasses on Admin account are prevented from silently elevating the privileges of malicious processes (UAC on MAX level).
On the contrary to Admin account, disabling UAC notifications on Standard User Account is in fact kind of the anti-malware feature. Simply, the user cannot execute any application (also digitally signed) which would require high privileges to run. So, many malware (also 0-day and sophisticated) will fail to run. Of course, this UAC setting will also prevent the installation/update of applications in "Program Files..." folders (kind of lockdown).
"I install operating systems for many people and I would never disable it for someone else unless specifically requested to do so. I also ask if they were aware of the implications of disabling UAC. I reckon a line in the sand is better than nothing for some folks."
I would like to add an additional note. UAC is not a "security boundary" (whatever it means), especially when it is not set on the MAX level. Otherwise, many UAC bypasses on Admin account are prevented from silently elevating the privileges of malicious processes (UAC on MAX level).
On the contrary to Admin account, disabling UAC notifications on Standard User Account is in fact kind of the anti-malware feature. Simply, the user cannot execute any application (also digitally signed) which would require high privileges to run. So, many malware (also 0-day and sophisticated) will fail to run. Of course, this UAC setting will also prevent the installation/update of applications in "Program Files..." folders (kind of lockdown).
Similar threads
