Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
UAC – Quick notes on why I disable it by TweakHound
Message
<blockquote data-quote="Andy Ful" data-source="post: 922538" data-attributes="member: 32260"><p>Nice article. The author explained his choice and also wrote:</p><p><em>"I install operating systems for many people and I would never disable it for someone else unless specifically requested to do so. I also ask if they were aware of the implications of disabling UAC. I reckon a line in the sand is better than nothing for some folks."</em></p><p></p><p>I would like to add an additional note. UAC is not a "security boundary" (whatever it means), especially when it is not set on the MAX level. Otherwise, many UAC bypasses on Admin account are prevented from silently elevating the privileges of malicious processes (UAC on MAX level).</p><p></p><p>On the contrary to Admin account, disabling UAC notifications on Standard User Account is in fact kind of the anti-malware feature. Simply, the user cannot execute any application (also digitally signed) which would require high privileges to run. So, many malware (also 0-day and sophisticated) will fail to run. Of course, this UAC setting will also prevent the installation/update of applications in "Program Files..." folders (kind of lockdown).</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 922538, member: 32260"] Nice article. The author explained his choice and also wrote: [I]"I install operating systems for many people and I would never disable it for someone else unless specifically requested to do so. I also ask if they were aware of the implications of disabling UAC. I reckon a line in the sand is better than nothing for some folks."[/I] I would like to add an additional note. UAC is not a "security boundary" (whatever it means), especially when it is not set on the MAX level. Otherwise, many UAC bypasses on Admin account are prevented from silently elevating the privileges of malicious processes (UAC on MAX level). On the contrary to Admin account, disabling UAC notifications on Standard User Account is in fact kind of the anti-malware feature. Simply, the user cannot execute any application (also digitally signed) which would require high privileges to run. So, many malware (also 0-day and sophisticated) will fail to run. Of course, this UAC setting will also prevent the installation/update of applications in "Program Files..." folders (kind of lockdown). [/QUOTE]
Insert quotes…
Verification
Post reply
Top