Win 7 64
Is UAC tied to any other applications?
i.e disabling UAC reduces the protection of any other applications.
Is UAC tied to any other applications?
i.e disabling UAC reduces the protection of any other applications.
Here is a little reading...
What is User Account Control:
http://windows.microsoft.com/en-us/windows/what-is-user-account-control#1TC=windows-7
What are User Account Control Settings:
http://windows.microsoft.com/en-us/windows/what-are-user-account-control-settings#1TC=windows-7
This all I know.
As UAC is windows inbuilt protection, I want to know if disabling will reduce any other windows programs protection like Internet Explorer, Windows Updates, etc...
- Apr 13, 2013
- 3,225
Should I disable it on my family system?
Coz they just sometimes click YES & Sometimes NO without checking the alert.
And they are average users. Dont know anything about security & neither want to learn.
- Apr 13, 2013
- 3,225
I personally wouldn't even consider using UAC, but this is because I have other protection that duplicates and far surpasses UAC on my computer.So a person with no other meaningful protection I suppose UAC is better than nothing (even a blind squirrel finds a nut sometimes). But to be specific, here are 3 cases:
1). The main reason that UAC is not effective is what you yourself noted in your post-
2). Let's say I am a malware writer and I want to infect a computer that has UAC active and set at the max. All I need to do is code the malware (let's say a trojan downloader) not to ask for Privilege Escalation. This isn't hard to do as 85-90% of all malware don't need Admin privilege to work. Further, let's say for maximum effectiveness I want the malware to start with Windows. Once again, no big issue. Although UAC will stop a file from creating a Startup registry key in HK Local Machine, it will not stop an autostart registry entry being created in HK Current User! Pretty stupid, yes? Even easier is just to spawn a file into the Startup folder to have the malware autostart with Windows. UAC won't stop that either.
3). Cryptologgers- This is real easy to explain- UAC keeps on sleeping as the Ransomware keeps on encrypting. Not a peep from it.
So although UAC is without value in many cases, the real issue with UAC (like with Windows defender) is that people actually think that they have meaningful protection when they actually don't.
1). The main reason that UAC is not effective is what you yourself noted in your post-
2). Let's say I am a malware writer and I want to infect a computer that has UAC active and set at the max. All I need to do is code the malware (let's say a trojan downloader) not to ask for Privilege Escalation. This isn't hard to do as 85-90% of all malware don't need Admin privilege to work. Further, let's say for maximum effectiveness I want the malware to start with Windows. Once again, no big issue. Although UAC will stop a file from creating a Startup registry key in HK Local Machine, it will not stop an autostart registry entry being created in HK Current User! Pretty stupid, yes? Even easier is just to spawn a file into the Startup folder to have the malware autostart with Windows. UAC won't stop that either.
3). Cryptologgers- This is real easy to explain- UAC keeps on sleeping as the Ransomware keeps on encrypting. Not a peep from it.
So although UAC is without value in many cases, the real issue with UAC (like with Windows defender) is that people actually think that they have meaningful protection when they actually don't.
A user in wilders mentioned
It affects IEs protected mode, and some types of windows virtualisation.
By the way, on my personal laptop, I use CIS suite with default settings & have disabled UAC, no need, right?
It affects IEs protected mode, and some types of windows virtualisation.
By the way, on my personal laptop, I use CIS suite with default settings & have disabled UAC, no need, right?
Hi cruelsister,
The problem with this theory is the simple fact, that most people will never come across such pieces of Malware. Just like most will not have their system flooded with 300 pieces at once such as in the review tests we bare witness to from time to time
How can i prove such a thing, well, that is simple, ask the handfuls of advanced users using nothing but windows built in security in this forum how many times they have been nailed by advanced malware since transitioning over to default security. I myself have run the default security for months on end, a few on demand scans showed i picked up nothing...
Nothing is 100% in computer security, there will always be a way around. One can enjoy the web without having to dawn bullet proof vest and anti-personal carriers to do so, all they need is as an AV, an on-demand, and a couple forms of system backup should that fail.
- Jun 10, 2014
- 316
- Mar 15, 2011
- 13,070
UAC or User Account Control as a layman's term its design to prompt all applications as well if wanted to execute for higher privilege.
Its one hold the primary aims for protection in Windows from application.
Actually different function like DEP (Data Execution Prevention) provides protection to prevent any unknown viruses/malware as hardening and others.
You may try EMET (Enhanced Mitigation Experience Toolkit) which adds security defense for hardening against any vulnerability which you can configure it based on the preferences you wanted.
Actually in order to prove that, you need to analyze every process and check for any injection that cause trouble which needs an experience knowledge to do it.
Its one hold the primary aims for protection in Windows from application.
Actually different function like DEP (Data Execution Prevention) provides protection to prevent any unknown viruses/malware as hardening and others.
You may try EMET (Enhanced Mitigation Experience Toolkit) which adds security defense for hardening against any vulnerability which you can configure it based on the preferences you wanted.
Actually in order to prove that, you need to analyze every process and check for any injection that cause trouble which needs an experience knowledge to do it.
- Apr 13, 2013
- 3,225
Illum- An advanced user can almost certainly get along without any protection at all because of experience, but this doesn't validate the usefulness of Windows built in protection. Also, YesNoo stated:
so the experience of the computer savvy doesn't apply.
Yesnoo- The Behavior Blocker of Comodo duplicates what UAC does and way more (you will get a popup for Privilege Escalation , so there is no need to keep it on unless you want aggravation.
so the experience of the computer savvy doesn't apply.
Yesnoo- The Behavior Blocker of Comodo duplicates what UAC does and way more (you will get a popup for Privilege Escalation , so there is no need to keep it on unless you want aggravation.
Cruelsister,
You have an expert understanding of Comodo Internet Security.
I want to know something.
Does CIS sandbox protects from volume deletion?
CIS Internet Security, Default settings i.e Internet Security config.
I tested with Delete Volume from testmypcsecurity.
It was sandboxed & volume other than C on the system were deleted.
I reset sandbox, remove unrecognized files.
Restart system
Volume were not present.
So CIS sandbox doesn't protects from volume deletion?
The harmless sample is detected by CIS so to test sandbox I disabled cloud & AV was not installed.
You have an expert understanding of Comodo Internet Security.
I want to know something.
Does CIS sandbox protects from volume deletion?
CIS Internet Security, Default settings i.e Internet Security config.
I tested with Delete Volume from testmypcsecurity.
It was sandboxed & volume other than C on the system were deleted.
I reset sandbox, remove unrecognized files.
Restart system
Volume were not present.
So CIS sandbox doesn't protects from volume deletion?
The harmless sample is detected by CIS so to test sandbox I disabled cloud & AV was not installed.
Complete nonsense and a deep misunderstanding of how Windows works.
UAC are not a HIPS prompt and should not be confused with this.
UAC are designed to lessen the burden on end users when running as a limited user or standard user.
The security comes from applications not running with admin rights.
Sure, you can find samples that are annoying in user space, but the whole point is that the damage an infection can do when it is blocked from having access to all critical areas in OS are severely limited compared with what the infection could do if it had admin rights.
And since the user asking this question are on Windows 7, then disabling UAC will effectively make everything on his system to run with integrity level High.
That is not just unsafe - that's plain dumb.
The smart move for any PC user are to move UAC to max and set up an standard user account, and then only use the PC from the standard user account.
That is how this specific feature are designed to protect Windows.
There are tons of writing and testing done to back this up easily available everywhere, so instead I will give the OP this link : http://www.greyhathacker.net/?p=796 , where you can read a fresh walk-through of UAC bypasses and more importantly - how to mitigate these.
As already said. The solution are easy. Use a standard user account for daily activities and set UAC to max.
- Jun 10, 2014
- 316
Ah but does it not? Part two of my though provoking style of statements and questions
If an advanced member can get by with default security, they do so, not because they have special powers of observation, that allow them to see through walls, but because they have routines and safe surfing habits in place learned from experience.
Hips and Behavior blockers, have proven themselves time and again, to be a little much for average/novice users, and are mainly used by advanced users "see the irony" ...
At this point, would it be wise to persuade average/novice users to not use UAC which can still help them protect their system?
- Apr 13, 2013
- 3,225
Yesnoo- At default settings as you demonstrated the sandbox will not prevent a legitimate API call even if the file is unknown. The reason for this is that there is a potential for legitimate applications perhaps having issues (but probably not).
Anyway this can be easily remedied by changing one setting. Open up the GUI and go into the Auto Sandbox listing in Advanced Settings. Here you will see this:
What has to be done is to Edit the (Blue Icon) Run Virtually All Applications Unrecognized line- to do this check the box, choose edit, and from the Manage Sandboxed Program screen that pops up, choose Options.
Then change the Set Restriction Level from the default (Partially Limited) to Restricted (Please note- Leave the setting that appears at the top under "Action" at the default "Run Virtually". OK through everything and I suggest a reboot.
Now run the file again. It should be prevented from screwing with the API.
Note also that Sandboxie also fails this thingy, but can't to my knowledge be configured to prevent it. But again I don't like SB so haven't torn the time apart looking.
And sorry for the delayed response. I had to do a Show and Tell for the Geeks under my care.
Anyway this can be easily remedied by changing one setting. Open up the GUI and go into the Auto Sandbox listing in Advanced Settings. Here you will see this:
What has to be done is to Edit the (Blue Icon) Run Virtually All Applications Unrecognized line- to do this check the box, choose edit, and from the Manage Sandboxed Program screen that pops up, choose Options.
Then change the Set Restriction Level from the default (Partially Limited) to Restricted (Please note- Leave the setting that appears at the top under "Action" at the default "Run Virtually". OK through everything and I suggest a reboot.
Now run the file again. It should be prevented from screwing with the API.
Note also that Sandboxie also fails this thingy, but can't to my knowledge be configured to prevent it. But again I don't like SB so haven't torn the time apart looking.
And sorry for the delayed response. I had to do a Show and Tell for the Geeks under my care.
Last edited:
- Apr 13, 2013
- 3,225
And I guess to need to expand on my views on Windows built-in security-
For those that are aren't aware that other protection methods exist, they should absolutely keep MSE updated and UAC active. The issue I have is that the actual protection afforded by either isn't enough to keep one protected. MSE is a poor performer and UAC ignores malware that does not need Privilege Elevation (which is the majority of all malware extent.
Do either of you guys dispute this?
Instead people (especially here at MT) should be prodded into using protection methods that both duplicate and far surpass the Windows default protection.
So,
I rather look at it as persuading the average/novice user to switch to something better (insert your favorite product here).
For those that are aren't aware that other protection methods exist, they should absolutely keep MSE updated and UAC active. The issue I have is that the actual protection afforded by either isn't enough to keep one protected. MSE is a poor performer and UAC ignores malware that does not need Privilege Elevation (which is the majority of all malware extent.
Do either of you guys dispute this?
Instead people (especially here at MT) should be prodded into using protection methods that both duplicate and far surpass the Windows default protection.
So,
I rather look at it as persuading the average/novice user to switch to something better (insert your favorite product here).
I do not dispute that there may be malware that does not require Privilege Elevation in the wild. I will how ever dispute the chances of finding this. I have been working on systems in my area for several years, and i can honestly say in the last year or so, i have not seen but one "bad" infection "rootkit".. For the most part, i see adware and PUPS with an occasional Trojan. Most of the users i do this work for are novice, and a lot of them use default security, some of them do so without infections, but generally come to me when they have done something else wrong to the system, silly stuff like accidently unlocking the task bar and having it flip to the side.. Yes, that is novice, and yet still, they manage to use the inbuilt security and stay clean.
I personally view, running so much security that it is a nuisance, and time consuming, to be over rated, and not needed. I do not say this to be a hypocrite, as i once used to run so much security on my machine that i spent more time tweaking it then i actually did online actually using it.
Unless one is in a corporate environment, there is no need to lock a system down like that. As stated before, all one needs is a good AV, a good on demand, and a couple forms of back up "for personal and system" and they are good to go. If the AV and UAC do not catch what they "may" wonder upon, the on demand should, and if all else fails, those back ups will be the fail safe. Anything beyond that seems over kill to me.
The whole "it could happen" generally does not apply to everyone that is not playing with advanced malware on their systems.
I respect your opinion on this subject, but at the same time, mine differs from yours. I personally enjoy using just basic security and enjoying my system, spending much less time on maintenance and more playing..
Similar threads
