Aye it's called common sense when using any online service to download and run applications/files hehe!
My Vista is stable and nippy
- Thread starter chesterstu
- Start date
Aye it's called common sense when using any online service to download and run applications/files hehe!
It's exactly the same, it's deliberately not using security features because you think you can better manage them with previous, less effective alternatives.
Running windows in an admin account with UAC disabled can never be as secure as running the same set up with UAC enabled. There is no debate about this. You can mitigate the risks with your own behaviour, but that is not the same thing in the slightest as securing the OS. To use another analogy, it's the equivlent of having a hole in the floor and thinking you don't need a locked trapdoor over it because you can just walk around it. It's not actually addressing the issue, it's ignoring it.
What if this site had an embedded trojan tomorrow when you logged in? How would your approach protect you from that?
Man of Honour
- Joined
- 17 Nov 2003
- Posts
- 36,747
- Location
- Southampton, UK
I completely agree with Dolph here. There are analogies all over the place. Car insurance is another one. You could drive around completely in control of your vehicle, but that one time when you mess up it's nice to have something to protect you.
Lets end the macho "I don't need any protection" mentality, everyone makes a mistake now and then, and it's important that when you do, you can just get on without huge repercussions.
Burnsy
Lets end the macho "I don't need any protection" mentality, everyone makes a mistake now and then, and it's important that when you do, you can just get on without huge repercussions.
Burnsy
Dolph,
I don't disagree with anything you have said (especially the running as Admin part).
However, that still to my mind doesn't explain why as that Admin I cannot write to a directory I have permission on, without the need to run specifically "as admin" in properties and then be prompted via UAC.
If the directory didn't have the correct permissions (or it was some hidden system file / directory or registry entry) then I could understand it.
I don't disagree with anything you have said (especially the running as Admin part).
However, that still to my mind doesn't explain why as that Admin I cannot write to a directory I have permission on, without the need to run specifically "as admin" in properties and then be prompted via UAC.
If the directory didn't have the correct permissions (or it was some hidden system file / directory or registry entry) then I could understand it.
quick question about UAC in silent mode
if you run UAC in silent mode, then protected mode in IE is enabled, meaning that by default programmes dont have admin rights
but wouldnt any nasties then prompt for admin rights and go unnoticed because you'd turned UAC to silent ? then get the admin rights and then run amok on your system.
thus defeating the point of having UAC ?
if you run UAC in silent mode, then protected mode in IE is enabled, meaning that by default programmes dont have admin rights
but wouldnt any nasties then prompt for admin rights and go unnoticed because you'd turned UAC to silent ? then get the admin rights and then run amok on your system.
thus defeating the point of having UAC ?
When running as admin on a UAC enabled PC, you do not actually run programs as admin, but as a standard user (or in the case of IE7, a low user).
To run as admin you have to accept the elevation (the UAC prompt) before that process is granted admin security level.
What you say is how it should be, and indeed how most multi-user systems are set up. Unfortunately, too many people who don't understand user privileges simply use admin level as their standard account, which is where UAC comes in.
Only if you accept unsigned software or activeX controls (which is seperate from UAC), and again require user acceptance unless you've got your security level set to 'Macho power user'
Switching UAC to silent provides more protection than UAC off, but not as much as it being on to active, assuming you actually read the prompt rather than just clicking straight through it.
Sandboxing and virtualisation still work, which is an important thing.
Makes me wonder...
So essentially UAC in quiet mode (although still reporting as off), is effectively making your admin account actually really an admin account.
I can see why microsoft would want to prevent most users from running any and everything as an admin (my mum springs to mind), but surely there should be an option to really be an admin, without having to disable security that is actually useful / needed.
That would explain why I have to run everything "as admin" specifically.
So essentially UAC in quiet mode (although still reporting as off), is effectively making your admin account actually really an admin account.
I can see why microsoft would want to prevent most users from running any and everything as an admin (my mum springs to mind), but surely there should be an option to really be an admin, without having to disable security that is actually useful / needed.
That would explain why I have to run everything "as admin" specifically.
Pretty much. The problems really come when programs need admin rights to function correctly, but don't make an explicit call (such as the utility that was posted earlier) that would cause UAC to elevate the process correctly. Hence the 'run as admin' need.
If programmers followed the expected standards, there are very few situations where 'run as admin' should be necessary, because most day to day functions do not require elevated privileges. Unfortunately, that's going to take some time.
Probably, but to my mind my user account IS an admin account (at least thats what it tells me), and as such I expect it to work in that fashion.
I will admit I am very new to vista, so a lot of this is a revelation to me, but even so I would not have expected an Admin account to behave in anyway other than an Admin account. What's the point of it, if it doesn't?
I will admit I am very new to vista, so a lot of this is a revelation to me, but even so I would not have expected an Admin account to behave in anyway other than an Admin account. What's the point of it, if it doesn't?
It is an admin account, if it wasn't, you wouldn't be able to raise privileges at all (UAC would ask for admin logins).
The point of the account is mainly to deal with the huge number of 'single user account' installations of the OS which were the reason that XP was subject to as many vunerabilties in normal use as it was. I will add that I was as guilty of this as anyone, I had an admin account and a standard user account on XP for a while, and it annoyed me, so I just used the admin account all the time, and that's what UAC is trying to deal with.
UAC is basically there to allow everyone to run as 'admin' without the security risks that involves, by restricting programs to a more conservative set of permissions. It's not doing anything that a good sys admin wouldn't enforce on it's users (no good sys admin would let all users run as admin), but it's providing that feature for those users (including a large number of people on here I would say) who do not understand permissions, what they are for, and what the appropriate levels for every day use are.
UAC is a fix to a user problem, not a windows problem, unfortunately some users still cannot see that they were the problem that created it in the first place.
Quiet UAC can create some odd problems, most (bit not exclusively) because of registry virtualization. It also leaves installer run as elevated system user free hand and if installer gets it wrong it all goes to poopers. I had instances where I, as admin v0n wouldn't have permissions to write to files installed in v0n's own directory under, let's say, roaming profile because with Vista's bizarre implementation of what could have been just a simple "sudo" type elevation, any member of Administrators group can prevent other administrator from access. Effectively, with UAC, you have to remember you are never User elevated to Super User, but instead you are User elevated to Admin User in kingdom where just about everyone is Admin too.
So why is silent UAC so bad? Because it presumes continous elevated access unless it encounters something it cannot read or write to, and that leads to complete corruption of permission in some cases - you get to the point where some part of your install program was run with "Run as Administator", installer switched off virtualization and then user, elevated or not, will not have access to that stuff. Sooner or later this leads to installations where recursive permissions are completely shot, links don't get added to your start menu, games with saves that can't be found from search in explorer, folders which can't be deleted to the end or progs which can't be uninstalled from "Programs and Features" because some important file has gone walkies. Sounds familiar?
The simple fact is - if you are power user, with a lot of apps, you either decide to run UAC with popups on, or go through your life without UAC. There is no viable inbetween.
So why is silent UAC so bad? Because it presumes continous elevated access unless it encounters something it cannot read or write to, and that leads to complete corruption of permission in some cases - you get to the point where some part of your install program was run with "Run as Administator", installer switched off virtualization and then user, elevated or not, will not have access to that stuff. Sooner or later this leads to installations where recursive permissions are completely shot, links don't get added to your start menu, games with saves that can't be found from search in explorer, folders which can't be deleted to the end or progs which can't be uninstalled from "Programs and Features" because some important file has gone walkies. Sounds familiar?
The simple fact is - if you are power user, with a lot of apps, you either decide to run UAC with popups on, or go through your life without UAC. There is no viable inbetween.
Last edited:
To be fair though Microsoft did make a bit of a shambles of XP's security. They were totally focused on backward compat. with all the migrants coming from Windows 9x. And in fact prioritised it over security. That meant punching some rather large holes in the NT security model. Or if not delibrately punching the holes, just ignoring the fact that NT used to be a workstation and server OS and that XP was the first time it was going to the consumer desktop.
Technically speaking, Windows NT has probably the most advanced security model of any mainstream OS out there. It is far superior to any mainstream variant of Unix. The overall problem was getting users to actually use it though. I mean just look at how many people ask how to "password protect a folder" on these very forums. Luckily they have made rather large strides at making the rather complex NT security model more friendly for joe average consumers in Vista. With time it will just get better and better.
Technically speaking, Windows NT has probably the most advanced security model of any mainstream OS out there. It is far superior to any mainstream variant of Unix. The overall problem was getting users to actually use it though. I mean just look at how many people ask how to "password protect a folder" on these very forums. Luckily they have made rather large strides at making the rather complex NT security model more friendly for joe average consumers in Vista. With time it will just get better and better.
I've never encountered those problems and that is the first I've heard of them too.
Let's just be clear here on what silent mode actually does:
It clicks the Continue button for you.
That is it. Nothing more. Nothing less.
It only works on Administrator accounts. If you are a normal User then you will still receive the elevation prompt and will need to enter the username/password of an Administrator account.
There is no doubt that UAC mode in silent mode is less secure. But it is still a darn sight better than not having UAC at all. Faced with the choice between disabling UAC entirely or just using silent mode it really is a no brainer. Why disable it fully if silent mode offers what you want but still retains quite a lot of protection?
Let me show you very simple example. Day two of my Vista adventure, we are talking early last year:
While trying to install IrfanView (whatever was the release version back then) - UAC on, silent - program tries to install itself into Program Files, elevation successful, but hits problems when trying to put installer files in Comon Files folder which is for some reason restricted by admin System. What does it do? Stumbles and falls "I can't proceed" it says.
It wrote app files to Program Files, it wrote registry, it could not write data about installer or uninstaller. The effect?
Can't be uninstalled in clean fashion as some of the uninstall files, outside IrfanView's own folder are now missing.
It's there but it's not there. It's because I was Administrator without rights administrative enough for another admin.
Right click, "Run As Administrator" obviously writes everything properly. But in that case you give up virtualization, so it's just like you were running it without UAC at all.
I've had tons, tons of malarky like this in the last year (mainly because I insisted on running UAC). Especially with games - first game to become invisble to indexed search on my Vista was S.T.A.L.K.E.R. - saves directory just untracable. I'll be installing fresh Vista 32 and 64 for that FatRakoon's x64 vs 32 benchmark thingy so I'm more than happy to retrace all the steps and show you pics.
Last edited:
It doesn't matter what they use, really. If you can reach the stage where program can be partially installed but can't be uninstalled, BECAUSE of UAC, or at least with UAC's involvement, this issue pretty much counts as an exploit waiting to happen, regardless whether it originated out of bad coding or old borland installation templates...
