Does anyone use UAC?

I leave it on in Windows 7, but I had to turn it off back when I was running Vista. It was very annoying when it popped up numerous times back then. "Are you definately definately sure you want to run this program" YES!!! :mad:

Now however I rarely get any promps, except when I am expecting one, like trying to run Red Alert 1 or other old programs.
 
I turned it off recently since it stopped some older games from running properly even if I altered the compatibility or folder permissions.
 
SiriusB said:
NathanE doesn't have resident AV. He has never said he doesn't run virus or malware scans.
Click to expand...

I run a resident AV in my head actually. Sometimes aided by tools such as Autoruns, Process Explorer, Rootkit Revealer, GMER and Virtual PC. This combination is far more powerful, precise and comprehensive than any anti-virus software available on the market today. It also doesn't slow my PC down, as a bonus.
 
The real threats these days come from social engineering toolkit (SET) and the like. Multi attack vectors and reverse tcp and code injection. I could take a normal .exe or pdf or word document and inject some code in to it that will connect back to my pc, bypassing firewalls and anti virus software. Which will give me full shell access to your pc. As it is individually created no anti-virus based on definitions or heuristics can or will detect it.
 
"Reverse TCP" is a new name for an old concept. I remember age old backdoor trojans from the 1990s like Sub7 and BO2K used to support that.

Also "packing" of malware code has been going on for decades. It is a cheap and easy way to bypass anti-virus. A lot of the packers are nothing more than just Deflate (aka. ZIP compression) but because Deflate itself contains no headers or identifying symbols it is impossible for an anti-virus engine to realise that it is a Deflate stream of bytes. Therefore, anything compressed within that stream will go undetected.

The CreateRemoteThread() Win32 API is also popular (which is a form of code injection really). Consider that Explorer.exe tends to be granted full rights by personal firewall software AND coincidentally it has the same Integrity Level as all other desktop processes on the current session. This means any process that wants to elevate its rights can just inject a thread into Explorer. Anything it wants to do is then effectively being executed by the Explorer process. So it's a good way to impersonate Explorer as well.
 
uac is ok for IT people however its pointless for users as they will always click on OK to what ever warning popsup and so still get infected
 
edscdk said:
uac is ok for IT people however its pointless for users as they will always click on OK to what ever warning popsup and so still get infected
Click to expand...

I don't think that's quite right. I'm not an IT person, I have UAC on, and I check what's trying to run when it pops up. If I don't know what it is I have a quick google. Surely that's just common sense?
 
LinktoInsanity said:
Now however I rarely get any promps, except when I am expecting one, like trying to run Red Alert 1 or other old programs.
Click to expand...

Why would RA1 ask for, or need, admin permissions?

I ask because needing write access to Program Files shouldn't be the reason, since the virtual store or whatever it's called seemlessly redirects those write somewhere else...

I've observed some games successfully writing data to the virtual PF directory before, and therefore not needing real PF access. So what is the reason?
 
FoxEye said:
Why would RA1 ask for, or need, admin permissions?

I ask because needing write access to Program Files shouldn't be the reason, since the virtual store or whatever it's called seemlessly redirects those write somewhere else...

I've observed some games successfully writing data to the virtual PF directory before, and therefore not needing real PF access. So what is the reason?
Click to expand...

If the process isn't UAC virtualised it will still try to access the real locations. That, or there might be something about the executable that is triggering the prompt.
 
LOL at whoever said pro UACers don't hide behind the protection bull. It always amuses me to see what illogical opinions some people come up with.

edscdk said:
uac is ok for IT people however its pointless for users as they will always click on OK to what ever warning popsup and so still get infected
Click to expand...

The same can be said for AV, firewall controls, etc because the type of user who blindly clicks yes to everything will do it on every platform for every counter measure.

The only real protection is education and diligence but that's not going to happen anytime soon.
 
As I've already posted, I have it switched off due to multiple prompts on booting and on every launch of several bits of software.

By chance I was looking in one of the suite's manual today and this jumped out at me:

If you are using Microsoft Windows Vista (all versions) or Windows 7 (all versions), it is strongly recommend that you disable User Account Control. User Account Control can cause conflicts with the licence server management and licence client management software.
Click to expand...

I don't know how easy MS are making it for devs to code to work with UAC, but its further evidence for need of a white list facility.
 
Last edited:
vertica said:
As I've already posted, I have it switched off due to multiple prompts on booting and on every launch of several bits of software.

By chance I was looking in one of the suite's manual today and this jumped out at me:



I don't know how easy MS are making it for devs to code to work with UAC, but its further evidence for need of a white list facility.
Click to expand...

They make it easy, there is a clear list of dos and don'ts. It sounds like whatever these apps are, they are badly written and parts should be a service.
 
theheyes said:
If the process isn't UAC virtualised it will still try to access the real locations. That, or there might be something about the executable that is triggering the prompt.
Click to expand...

What do you mean if the process isn't UAC virtualised? Wouldn't all processes not running with elavated privs be using that virtualisation? Ie, it's not something you have to turn on, it works like that by default?

[edit: answer here:
http://social.msdn.microsoft.com/Forums/en-CA/vcgeneral/thread/9bb7a71c-d284-4c18-ac7b-a40eb21ea671]

Any app which isn't UAC aware (doesn't have a manifest), uses the virtualstore by default.

Thus attempts to write to Program Files directory can't be why RA:1 is triggering a UAC prompt. Possible reason: could the link which is used to run RA:1 be set to "run as administrator"?]
 
Last edited:
HumbleCoder said:
They make it easy, there is a clear list of dos and don'ts. It sounds like whatever these apps are, they are badly written and parts should be a service.
Click to expand...

This. Any programmer that struggles to design a UAC compatible program isn't a programmer. He's a code monkey. And should be fired really. It's similar to how some plumbers or other trade workers turn out to be "cowboys".
 
FoxEye said:
What do you mean if the process isn't UAC virtualised? Wouldn't all processes not running with elavated privs be using that virtualisation? Ie, it's not something you have to turn on, it works like that by default?

[edit: answer here:
http://social.msdn.microsoft.com/Forums/en-CA/vcgeneral/thread/9bb7a71c-d284-4c18-ac7b-a40eb21ea671]

Any app which isn't UAC aware (doesn't have a manifest), uses the virtualstore by default.

Thus attempts to write to Program Files directory can't be why RA:1 is triggering a UAC prompt. Possible reason: could the link which is used to run RA:1 be set to "run as administrator"?]
Click to expand...

Correct, but we don't know a lot about how RA1 is getting started. You'd want to use something like Process Monitor to get a straight answer.
 
theheyes said:
Correct, but we don't know a lot about how RA1 is getting started. You'd want to use something like Process Monitor to get a straight answer.
Click to expand...

Can PE tell you how or why a process has requested elevated privs?

I have a similar situation to the RA:1 example; an MMO I play requests admin privs and I'd really like to know why/ what is causing the prompt. It's not even installed to Program Files, so there must be some other reason.
 
You must log in or register to reply here.
Back
Top Bottom