UAC Bypassable or not?

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
you r taking security way way too serious, relax and enjoy using your pc without fear
you can create an image using windows or macrium reflect, create a partition for your data and separate it from the os
in case of crash no data lose and can easy be recovered. use a decent av and you r ok
I am examining TimeFreeze... actually it functions very much like Shadow defender which I have installed.
 
  • Like
Reactions: nissimezra

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
I am examining TimeFreeze... actually it functions very much like Shadow defender which I have installed.
yep
just remember its only for the os partition if you have another one you can include it

what i didn't like about it it is eating a lot of space for the image so if you have a lot of data it'll eat a lot of space
 

Littlebits

Retired Staff
May 3, 2011
3,893
Iface- You bring up a good thing to know regarding one of the differences between UAC in Win7 vs UAC in Win8. If you noticed the UAC breach analysis tool from TrustedSec yo which you linked only works on Win7 and below as it uses (I believe) the dll search order hijack method for malware to gain high integrity elevation.
While this "hole" has been remedied in Windows 8 they never have corrected it in Win7.

Maybe that is the reason that "Server.exe" hack tool wouldn't run on my Windows 8.1 test system.
After checking, I found more info on the Microsoft Blog about this hack tool, according to Microsoft since this hack tool is already blocked by MSE, Windows Defender and most other AV's plus it is block by SmartScreen Filter on IE and requires user to manually download it and run it. Also it hasn't not distributed in the wild in over 90 days, it is only available on hack tool websites and remote locations that most users don't visit. Therefore Microsoft didn't bother to block this hack tool with patches. So if you don't pay attention to what you download, run suspicious files with no valid certificates and have no AV protection then it is possible that you could download this hack tool in combination with other related malware, but this will be extremely rare unless you download it intentionally to test it. Microsoft added an generic signature to their database will should detect all variants of this hacking method because most users will just ignore UAC prompts anyway and run the file.

As I have said before if users recklessly downloads suspicious files no matter what kind of protection they have, sooner or later they will be infected. So I believe Microsoft pretty much fixed this problem on Vista and Windows 7, but Windows 8 is still more secure what it comes to hack tools.

Enjoy!! :D
 
  • Like
Reactions: nissimezra

Oxygen

Level 44
Verified
Feb 23, 2014
3,316
you click yes on UAC without knowing what was the executable about?

QyG19vyl.jpg





computer-meme.png
 
  • Like
Reactions: Venustus

Littlebits

Retired Staff
May 3, 2011
3,893
Version 2 is not yet out, I just checked their website.

I think the Free version will come out at the same time version 2 is released.

Just wait, I will tell it to you.

The main problem with VoodooShield is it disables UAC.
VoodooShield only runs at the software level below the Windows kernel level which makes it more easy to bypass compared to UAC.
If hack tools can be use to get around UAC, Comodo, Sandboxie and HIPS, virtualization and other protection, then they can be used to bypass VoodooShield without any problems as well.

Just remember anything can get hacked with the right tools especially software level programs.

Enjoy!! :D
 

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
The main problem with VoodooShield is it disables UAC.
VoodooShield only runs at the software level below the Windows kernel level which makes it more easy to bypass compared to UAC.
If hack tools can be use to get around UAC, Comodo, Sandboxie and HIPS, virtualization and other protection, then they can be used to bypass VoodooShield without any problems as well.

Just remember anything can get hacked with the right tools especially software level programs.

Enjoy!! :D
these days microsoft offer a good security thats included in the operating sys, there is no resum to add security stuf
back in the old days win xp there was no security products included and we were held by the mercy of the av companies, now we have a decent security even av is included, i don't see why to run and buy product that i doubt it'll do better then what you have build in.

regards
 

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
But those malware presented by cruelsis... that did not trigger UAC prompts... were blocked by VoodooShield. Sometimes I choose to run VoodooShield while using UAC to the max, but after some time I chose to disable UAC because UAC becomes unnecessary when VS is running Always On.
 

Littlebits

Retired Staff
May 3, 2011
3,893
But those malware presented by cruelsis... that did not trigger UAC prompts... were blocked by VoodooShield. Sometimes I choose to run VoodooShield while using UAC to the max, but after some time I chose to disable UAC because UAC becomes unnecessary when VS is running Always On.

They were also blocked by MSE, Windows Defender and most other AV's.
Scan these files on VirusTotal and you will see.

Here is one example of "Server.exe"- https://www.virustotal.com/en/file/...bf681c3e5b3544ecf5574c2ac9a0a8ffec1/analysis/

Like I said these files are not distributed in the wild, users will have to go to a malware hosting site, forum or hacking site, etc. and manually download them. If you manually download a file known to be malicious then you deserve whatever infection you get.

Why worry about about hacking tools bypassing UAC, if you have to manually hunt to find them and in return they are blocked by just about all AV's? What is the chance that you would accidentally download them if they are not available in the wild for accidental download?

Can you actually find any UAC hacking tools not detected by most AV's? Even in the previous video you can see that there is no real-time AV protection enabled in order to run this UAC hacking tool.

The point I'm trying to make you should never depend on only one component or product to secure a system.
UAC is intended to work with a real-time AV advised by Microsoft. MSE and Windows Defender fills in the gaps for these UAC hacks and I haven't found any that wasn't detected and blocked.

Thanks. :D
 

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
But those malware presented by cruelsis... that did not trigger UAC prompts... were blocked by VoodooShield. Sometimes I choose to run VoodooShield while using UAC to the max, but after some time I chose to disable UAC because UAC becomes unnecessary when VS is running Always On.
you are living in unnecessary fear, even if you'll get infected their are many tools these day's to clean an infected pc.
UAC can be bypassed as i said but any other software as well. no need to install unnecessary programs which will decrease the pc performance.

keep your sys up to date

use default UAC

create 2 partitions one for data one for OS

create an image

use mse or qihoo and done

ua keep your money in your wallet
 
Last edited:
D

Deleted member 178

you are living in unnecessary fear, even if you'll get infected their are many tools these day's to clean an infected pc.
UAC can be bypassed as i said but any other software as well. no need to install unnecessary programs which will decrease the pc performance.

keep your sys up to date

use default UAC

create 2 partitions one for data one for OS

create an image

use mse or qihoo and done

ua keep your money in your wallet

i agree with you for this one ^^
 

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
you are living in unnecessary fear, even if you'll get infected their are many tools these day's to clean an infected pc.
UAC can be bypassed as i said but any other software as well. no need to install unnecessary programs which will decrease the pc performance.

keep your sys up to date

use default UAC

create 2 partitions one for data one for OS

create an image

use mse or qihoo and done

ua keep your money in your wallet
I am certainly not living in unnecessary fear, my friend. In fact just recently have a friend gave me a laptop with over 900+ infections but still bootable, and still got managed to clean and repair some Windows components.

To be honest, I just over-secure my computer --- for the sake of playing with softwares and malwares, and to experience new things. The second reason is that I hate the time to be consumed in cleaning an infected computer. These two reasons may sound contradictory - but they are true on my part. In fact, I am only running ESET and MCShield and K9. I seldom run ShadowDefender and Voodooshield (both installed but disabled in startup), and only on-demand.
 

ifacedown

Level 18
Thread author
Verified
Jan 31, 2014
888
They were also blocked by MSE, Windows Defender and most other AV's.
Scan these files on VirusTotal and you will see.

Here is one example of "Server.exe"- https://www.virustotal.com/en/file/...bf681c3e5b3544ecf5574c2ac9a0a8ffec1/analysis/

Like I said these files are not distributed in the wild, users will have to go to a malware hosting site, forum or hacking site, etc. and manually download them. If you manually download a file known to be malicious then you deserve whatever infection you get.

Why worry about about hacking tools bypassing UAC, if you have to manually hunt to find them and in return they are blocked by just about all AV's? What is the chance that you would accidentally download them if they are not available in the wild for accidental download?

Can you actually find any UAC hacking tools not detected by most AV's? Even in the previous video you can see that there is no real-time AV protection enabled in order to run this UAC hacking tool.

The point I'm trying to make you should never depend on only one component or product to secure a system.
UAC is intended to work with a real-time AV advised by Microsoft. MSE and Windows Defender fills in the gaps for these UAC hacks and I haven't found any that wasn't detected and blocked.

Thanks. :D
Very much correct, no AV was enabled in realtime at that video, the focus was on UAC alone. I completely agree with you though that UAC should of course be obviously used with a realtime AV, at least the ones provided by Windows, MSE and WD.

The test primarily focused on UAC alone, without any help from AV, because it aimed to see if UAC (on its own) will be bypassed. But of course again UAC is not meant to be a single feature for security, I completely understand that.

And, I am not worried about any UAC-hacking bypassing tools. With my normal use of internet, I could not virtually find them unless I intended too.

In fact my system is infected - because I have some keygens and cracks... as ESET says. But my system is clean because it functions normally.
 

nissimezra

Level 25
Verified
Apr 3, 2014
1,460
Very much correct, no AV was enabled in realtime at that video, the focus was on UAC alone. I completely agree with you though that UAC should of course be obviously used with a realtime AV, at least the ones provided by Windows, MSE and WD.

The test primarily focused on UAC alone, without any help from AV, because it aimed to see if UAC (on its own) will be bypassed. But of course again UAC is not meant to be a single feature for security, I completely understand that.

And, I am not worried about any UAC-hacking bypassing tools. With my normal use of internet, I could not virtually find them unless I intended too.

In fact my system is infected - because I have some keygens and cracks... as ESET says. But my system is clean because it functions normally.
did u test timefreeze?
 

(BlackBox) Hacker

Level 2
Verified
Apr 21, 2014
179
Only trusted Software Vendors can bypass it, also try bypassing it with MSI files it failed. The second option you could try is to Compile it as unknown publisher that always works!!! Then tell the program to disable the UAC in the Software that works as well! But with Windows 8 UAC is forced to re-enable for the Metro Screen applications.

:rolleyes:


Why I know so much? I was a Virus Writer a long time back hahahaha
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top