How do I turn it off? There needs to be a compromise between security and useability but this is just ridiculous, multiple confirmation clicks for a simple file move or installing something while at the same time locking out the entire desktop! Too much security is as bad as too little security, amazing that in years of not having uac I never had any security problems yet microsoft think this is needed, and you don't even get full admin control on an admin account, stuff still requires elevation to do basic tasks.
Turn UAC off?
- Thread starter Energize
- Start date
TweakUAC is the compromise.
The big question is, though, what are you doing that constantly requires UAC prompts? I maybe see one a week, and that's because of third party software that insists on having write access to program files (which is just bad design).
You shouldn't be seeing UAC prompts in normal use.
The big question is, though, what are you doing that constantly requires UAC prompts? I maybe see one a week, and that's because of third party software that insists on having write access to program files (which is just bad design).
You shouldn't be seeing UAC prompts in normal use.
Everytime I move a file, install a program, use a program like diskeeper, use javadoc, run pcsx2, and everything that requires elevation (which is quite a lot of things).
Last edited:
I got it everyday, when running apps like Everest, ccleaner etc. I have now unlocked the "proper" Administrator account and it doesn't bother you at all
You shouldn't really use that account...that runs with virtually no security.
All the cool kids run like that, usually while claiming it's what power or advanced users do... The irony being that anyone with a vague understanding of the operating system, and security models in general would never routinely run a system with all the security turned off...
It's somewhat akin to leaving a big hole in the floor and trying to walk around it because 'you know it's there', instead of fitting a hatch with a catch over the hole.
What added benefit does UAC gives the majority of users on this foru, people who know what they are doing with their systems, the very same people who had zero problems with XP which doesn't have UAC.
I only see the negative side in this regard and that is a popup asking you for permission every time you want to make a change or use a core application that tags with the system.
Like I said in another UAC thread ages ago.
Home user/Family machine = fine with UAC.
Power user = Never needed it before, why need it now...it's an annoyance and will always be turned off.
I still have yet to hear of a single incident of a person's machine being compromised after turning off UAC. That says how useful it is...
I only see the negative side in this regard and that is a popup asking you for permission every time you want to make a change or use a core application that tags with the system.
Like I said in another UAC thread ages ago.
Home user/Family machine = fine with UAC.
Power user = Never needed it before, why need it now...it's an annoyance and will always be turned off.
I still have yet to hear of a single incident of a person's machine being compromised after turning off UAC. That says how useful it is...
Last edited:
And microsoft do? Please hand me some medication before I die of laughter.
UAC was designed in mind of the general public who would open an attachment called virus.exe or download crap from limewire, not someone who runs their browser in a sandbox or with noscript installed, doesn't visit dodgy websites and has managed for 7 years without uac on xp. An admin or pro user doesn't need uac prompts everytime he runs cmd in admin mode to do work like compile java documentation.
Okay so why is it so bad, I run a firewall and antivirus. I also know what I have installed on my pc
Last edited:
I used TweakUAC to silence it, also be sure to silence security center as well because it will warn you about UAC being changed.
I do agree that if you use Vista for certain things such as software development then you will encounter UAC prompts a great deal more. I had to silence it as I am moving files around the system a lot and running a lot of things that require elevated privileges.
I do agree that if you use Vista for certain things such as software development then you will encounter UAC prompts a great deal more. I had to silence it as I am moving files around the system a lot and running a lot of things that require elevated privileges.
Okay so why is it so bad, I run a firewall and antivirus. I also know what I have installed on my pc
Because the windows NT security model was never designed to be run for day to day usage with admin privileges, therefore admin privileges allow all manner of access that can be misused. (just as you wouldn't routinely run Linux from the Root account)
Basically, with the computer running in admin mode, every process and program has access to everything unrestricted and without warning. Think of it like your bank account. Would you give every payee from your bank account the facility to view your balance and do what they like, trusting that they would only take what they should?
With Windows XP, running as Admin rapidly became the norm for a variety of reasons (mainly software migrating from windows 98 that didn't follow the multi-user security programming guidelines correctly), and carried on being the norm because many programmers wrote their programs for XP assuming that they would have administrative access to the PC, in contravention of the developers guidelines for the NT platform.
Running as admin breaks the fundamental design restriction that should be in place around programs that means programs cannot interact with unnecessary parts of the OS. For example, a program should not need to write to Program files in normal running. It should not need to update information within the system registry, and so on. Allowing them to do so causes a variety of potential problems, ranging from providing easy access for malware to get access to high level processes to simple program crashes causing cascading damage to system files.
UAC was designed to counter this problem, in a variety of ways. For a start, it enforces the seperation between user, program and OS, and forces the user to confirm when a program is trying to breach those barriers, via privilege escalation. Secondly, it uses virtualisation to manage programs that request to write to the system registry actually write to the user registry (as they should have been programmed to do in the first place), same with system files where it can. Thirdly, it provides a secure enviroment for programs where you can restrict them even further (eg IE7 Protected mode and Google Chrome both use this). Finally, it alerts you if a program is doing something you might not expect it to. It sounds a small thing, but when you understand why UAC is asking for authorisation, you can consider whether you really want to use that program, especially if you don't know why it's requesting it and there's no good function that would require it.
You can say that you know what's on your PC all you like, but there's a reason why XP was considered a very insecure operating system by many, and it wasn't technical, it was user related, and user usage. I likened it earlier to a hole in the floor. It's fine to walk around it, but one day, you might forget, or something might distract you, and in you fall, and a simple trapdoor over the hole would have prevented it without really inconviencing you. UAC is the same. Sure, it can be annoying at times, and I'm certainly known to use TweakUAC when setting up a fresh install (I don't turn UAC off, as this stops the virtualisation which is more problematic), but generally, it's a good thing.
The bottom line is that user behaviour is no substitute for technically enforced security, because the user can make a mistake. Having UAC turned on doesn't mean you can be careless, but it does mean you have several extra levels of protection for what should be a minimal inconvience.
If you want to read quite an indepth article about the protection it provides, try this one.
http://www.symantec.com/avcenter/reference/Windows_Vista_Security_Model_Analysis.pdf
Man of Honour
- Joined
- 15 Mar 2004
- Posts
- 28,140
- Location
- Liverpool
Great post there Dolph.
It's just a pity that there's only one thing that doesn't seem to like it, and that's SyncBack.
It's just a pity that there's only one thing that doesn't seem to like it, and that's SyncBack.
