Windows 7 and UAC.

[Swifty55]

Any way to disable it like you could on Vista?

So everything runs in administrator mode?

 

[theheyes]

You can set the slider to "never notify", is that what you mean? Bad idea to run as admin all the time though.

 

[Fire Wizard]

You can disable User Account Control by typing "user account control" into the start menu search bar and then set the slider to the bottom option (Never notify) as theheyes has mentioned. However, it's highly recommended to keep UAC enabled and create a standard user account to use for all of your daily activities. Running as an administrator is unnecessary and a high security risk.

 

[deuse]

I disable my UAC as it is no use what so ever, malware can turn it off
Get a good anti malware/and use ccleaner for the win.

 

[toblarone45]

I disable my UAC as it is no use what so ever, malware can turn it off
Get a good anti malware/and use ccleaner for the win.

same here although on the family PC we have it on, so any queries I can check.

But common sense still prevails.

 

[Fire Wizard]

I disable my UAC as it is no use what so ever, malware can turn it off

The issue where malware could actually turn of User Account Control has been addressed which you can read about in this article here.

There is another so called issue where the default UAC setting means that malware can gain administrative privileges regardless on weather the user has elevated or not. Mark Russinovich addresses this in his Inside Windows 7 User Account Control article.

Several people have observed that it's possible for third-party software running in a PA account with standard user rights to take advantage of auto-elevation to gain administrative rights. For example, the software can use the WriteProcessMemory API to inject code into Explorer and the CreateRemoteThread API to execute that code, a technique called DLL injection. Since the code is executing in Explorer, which is a Windows executable, it can leverage the COM objects that auto-elevate, like the Copy/Move/Rename/Delete/Link Object, to modify system registry keys or directories and give the software administrative rights. While true, these steps require deliberate intent, aren't trivial, and therefore are not something we believe legitimate developers would opt for versus fixing their software to run with standard user rights. In fact, we recommend against any application developer taking a dependency on the elevation behavior in the system and that application developers test their software running in standard user mode.

The follow-up observation is that malware could gain administrative rights using the same techniques. Again, this is true, but as I pointed out earlier, malware can compromise the system via prompted elevations as well. From the perspective of malware, Windows 7's default mode is no more or less secure than the Always Notify mode ("Vista mode"), and malware that assumes administrative rights will still break when run in Windows 7's default mode.

Get a good anti malware/and use ccleaner for the win.

Anti-malware tools have their place but they're certainly no substitute for running as a standard user.

But common sense still prevails.

Education isn't going to be a great deal of help in regards to vulnerabilities in software. If a vulnerability in your web browser is discovered and then exploited for malicious purposes which allowed for arbitrary code execution, then that piece of code will be restrained to the privilege level of the process. If you're running as an administrator which means everything on the system also runs with administrative privileges, the amount of damage that code would be able to do would be a lot greater than if you were simply running as a standard user.

 

[deuse]

SNIP

Its not just web browsers now though is it, Adobe reader can have spoofing issues apply eqally to over-the-shoulder elevation.

Firefox\Adobe have not fixed there vulnerabilities which people trust and let it install
There is one script going about that opens up adobe reader(AcroRd32.exe) with out asking because when Acrobat reader was installed it was givem High privileges.
So UAC has failed because it uses vulnerabilities of other trusted programs.

EDIT= Its like the "Peachy" virus it comes in PDF or comes in way of a browser and then starts up acrobat reader
to do the damage. 99.9% of people will just think Acrobat just started and shut it down with
out a second thought.

 

[Fire Wizard]

I'm sorry but I am slightly confused about some of the things you have said.

What do you mean by User Account Control has failed because it uses vulnerabilities of other trusted programs? UAC is about forcing software developers to write their software so they work with standard user rights which is done by shipping the default account as a Protected Administrator. It also enables users to run in a standard user account due to the elevations. When you are running in a standard user account, when you need to do something that needs administrator privileges, you will receive the Over The Shoulder dialogue which will ask you to enter the credentials of the administrator account.

Have a read of this article here about UAC if you would like to have more of an understanding of it.

 

[Nick1881]

I turned UAC off in Vista but it moaned so I ran as admin all the time, I don't see the problem with this, I never had any problems in the 2 years I ran Vista.

In W7 I have made UAC never notify and I'm quite happy.

 

[deuse]

I'm sorry but I am slightly confused about some of the things you have said.

What do you mean by User Account Control has failed because it uses vulnerabilities of other trusted programs? UAC is about forcing software developers to write their software so they work with standard user rights which is done by shipping the default account as a Protected Administrator. It also enables users to run in a standard user account due to the elevations. When you are running in a standard user account, when you need to do something that needs administrator privileges, you will receive the Over The Shoulder dialogue which will ask you to enter the credentials of the administrator account.

Have a read of this article here about UAC if you would like to have more of an understanding of it.

http://www.istartedsomething.com/20...ity-video-demonstration-source-code-released/

http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

This may help.
I have run the scipt on win7 E and I got past UAC.
BUT I put UAC to the top of the slide bar and all was ok, using win7 after was a pain.

 

[Fire Wizard]

I responded to that issue in post 6.

Several people have observed that it's possible for third-party software running in a PA account with standard user rights to take advantage of auto-elevation to gain administrative rights. For example, the software can use the WriteProcessMemory API to inject code into Explorer and the CreateRemoteThread API to execute that code, a technique called DLL injection. Since the code is executing in Explorer, which is a Windows executable, it can leverage the COM objects that auto-elevate, like the Copy/Move/Rename/Delete/Link Object, to modify system registry keys or directories and give the software administrative rights. While true, these steps require deliberate intent, aren't trivial, and therefore are not something we believe legitimate developers would opt for versus fixing their software to run with standard user rights. In fact, we recommend against any application developer taking a dependency on the elevation behavior in the system and that application developers test their software running in standard user mode.

The follow-up observation is that malware could gain administrative rights using the same techniques. Again, this is true, but as I pointed out earlier, malware can compromise the system via prompted elevations as well. From the perspective of malware, Windows 7's default mode is no more or less secure than the Always Notify mode ("Vista mode"), and malware that assumes administrative rights will still break when run in Windows 7's default mode.

Inside Windows 7 User Account Control

 

[theheyes]

Fire Wizard, can I just say I applaud your effort in regards to not running as admin all the time and UAC. The subject comes up all the time and you always give a thorough answer. You're a more patient man than I am.

 

[Sin_Chase]

I do not see a problem running with full Administrative privileges day-to-day as long as you know what you are doing.

Would not recommend it for average Joe but UAC in Vista COULD be a royal pain in the arse even for very simple tasks.

Unfortuneately in the environments I support the legacy/custom coded/funky apps just do not work without local admin rights as a user.

 

[Fire Wizard]

I do not see a problem running with full Administrative privileges day-to-day as long as you know what you are doing

This seems to be a common argument used by so called "experienced" users - because I know what I am doing, running as a standard user isn't beneficial to me - which doesn't hold any merit. No amount of education will be able to mitigate against software vulnerabilities that are then exploited and allow for arbitrary code execution. The amount of damage that piece of code will be able to cause will be a lot less if you're just running as a standard user as opposed to if you were running as a administrator.

This is why Internet Explorer running in Protected Mode, which you can read more about it here, is a very secure browser to use. Since it runs with privileges even lower than that of a standard user, if the browser itself is hijacked, the amount of damage the attacker will be able to cause is severely limited. Running your browser as a low privilege process is a very powerful form of mitigation against attacks.

"Zero-day" attacks and using limited privilege

There have been a couple of credible sounding stories in the press in the past week or two about zero-day attacks - that is, the malicious exploitation of previously unknown vulnerabilities. I think we're going to start seeing more of these, as the bad guys better understand the economic value of finding and exploiting vulnerabilities.

Hackers used to be satisfied just vandalizing web sites. The next cool game was to find a bug and be the first to publicize it - and yourself for finding it. Many of these "analysts" now play the game more responsibly, alerting the vendor first and not publicizing the vulnerability until the vendor releases a patch. And of course there are the malware writers, releasing often poorly-written worms, trojans, etc. such as Sasser into the wild and getting big headlines. The damage many of these have done, though, has often been limited to consumption of network bandwidth and the time of IT administrators. Very few of these have exploited vulns for which there was no fix available.

In the past year or so, we've started seeing the increasing spread of malware with an economic purpose. In particular I'm thinking of the ones that allow users' computers to be controlled by spammers. Many Internet domains and IP address ranges have become known for hosting spammers and end up on spam filter blacklists. By turning your computer into a zombie and having their bulk mail originate from your DSL line, spammers bypass these filters. Why do they go to all this trouble, and even break the law? Because they make a lot of money doing it! Spam still generates big revenue. We've also seen increases in phishing and spyware - ways to get your private information for someone else's illegal gain.

I think we can expect to see more cases where people who find new security vulnerabilities will not alert the vendor or otherwise publicize their findings, but instead use the information for financial gain, by installing spyware and spam engines on victims' computers -- particularly when the "researchers" and/or the people they do business with live in places like Russia where the legal risks are relatively small.

So what does this have to do with running as a Limited User? Will running as a Limited User rather than an Administrator keep you safe against these zero-day attacks? Well, it depends on the attack. If the exploit attacks an operating system service, as Sasser and Blaster do, then it doesn't even matter whether anyone is logged on, let alone whether they are an admin. (Use a firewall.) But if the vulnerability is exploited through your web browser, email, IM, internet-connected game, etc., then the malicious code can do anything you can do. See the "#1 reason" paragraph of Why you shouldn't run as admin for why this matters so much. Running as Limited User might block the attack completely, and in any case it will certainly limit what the attack can accomplish.

Running as Limited User does not by itself make you secure, but it is an important piece of defense in depth. It is vitally important to use a firewall and to keep up-to-date on patches and anti-virus signatures. These will block many of the bad things out there from affecting you. But there are exploits that will bypass all of these. In these cases, running as Limited User may be the only line of defense you'll have left.

"Zero-day" attacks and using limited privilege

Not running as admin...

The security principle of "least privilege" is well understood: Software should run with the smallest set of privileges needed to perform its tasks. Low-privileged processes can do a lot less damage when they are compromised (or just buggy) than processes running at high privilege levels. Windows has made great strides to run services with lower privilege than in the past. However, Windows users who are allowed to administer their own machines (including most Microsoft employees) usually run with Administrator privileges all the time. That is, the account with which they normally log on is a member of the local Administrators group (or worse, Domain Administrators). Everything they do, from reading email, browsing the internet, instant messaging, writing documents, and writing software, is performed with full (and unnecessary) administrative control over the entire computer. Email, web browsing, and instant messaging do not require administrative privileges, and are common avenues for malicious code to attack end users’ systems. To be more secure, users should log on with a Limited (or "Least-privileged") User account (LUA), and use elevated privileges only for specific tasks that require them. Linux/Unix users have understood this for a long time, so this remains an area where Microsoft is perceived to lag in thought leadership. Unfortunately, Windows does not yet make running as non-admin as straightforward as it needs to be. Hopefully Longhorn will address these shortcomings. In the meantime, though, there are some neat workarounds that greatly mitigate the inconveniences.

Not running as admin...

You would have thought that the principle of least privilege is a well understood practice but that doesn't seem to be the case to a a lot of so called "experienced" users. It would seem a lot of people are set in their ways and aren't willing to change for something that is very beneficial to them. It was a mistake in Windows XP but some people are insisting on making it one with Windows Vista and Windows 7 as well.

 

[Happy]

I turned UAC off in Vista but it moaned so I ran as admin all the time, I don't see the problem with this, I never had any problems in the 2 years I ran Vista.

In W7 I have made UAC never notify and I'm quite happy.

Same, I don't see the problem with turning it off, when I'm the only user on my PC. If UAC is left on I get lots of warning each time I start up requesting permission for software to start. I use the software often, and as such UAC gets turned off.

 

[Fire Wizard]

Some applications will always require administrator privileges due to the nature of them which will mean the user will see a User Account Control dialogue. However, there are still a number of applications that just don't need extra privileges to operate correctly and will be able to work absolutely fine under a standard user account. Though, some developers insisted on writing their programs that had to work under a administrator account which leads to more UAC prompts, completely unnecessary.

One of the most misunderstood parts of UAC is the prompts. Since they're the most visual element of UAC, a lot of people think that's all there is to it and the prompts are the security feature. Whilst they may stop users from doing something accidentally on occasions, it's not their main focus.

The prompts are a convenience feature to get people to run as a standard user. It's a lot easier for people to simply accept a prompt to say install software or change the configuration of the system as opposed to fast user switching to a administrator account, entering the password, doing the administrative operation, logging off and then logging back into your standard user account.

It's obviously completely up to the individual weather they run as a administrator or a standard user. However, as long as they understand that running as a administrator is a security risk which some people just don't want to hear. There only excuse is that they're an experience user so it doesn't matter weather they run as a administrator or a standard user, in terms of security, there is no difference which is not the case.

 

[Ev0]

Unfortuneately in the environments I support the legacy/custom coded/funky apps just do not work without local admin rights as a user.

People used to say this where I worked previously, out of 500 apps (mixture of off the shelf, in hosue developed and third party developed, some real shockers there as well) there was only 1 I couldn't get working as a normal user account.

Even then I didn't have to make anyone admin, just had to grant full control to a specific folder rather than my usual permissions.

With the right permissions changes you can get almost any app to work as a normal user in a secure fashion

Unless it's really dumb and specifically checks if the user is a local admin, I've seen that elsewhere before as well

 

[neil_g]

im yet to turn it off in W7 to be honest i find it completely unintrusive.