Windows User Account Control - NOT FIT FOR PURPOSE?

[Deleted member 68110]

Am I alone in thinking that User Account Control in Windows 10 is just not fit for purpose?

I have a number of programs that constantly appear to trigger the 'Do you want to allow the following program from an unknown publisher to make changes to this computer?" pop-up.

It seems fair to call these "false positives".

Looking into it a bit, it seems the only solution Microsoft suggest is to disable UAC but they say, "CAUTION: Turning off UAC is NOT recommended"

As it stands, and has been for years now, UAC seems completely unfit for purpose.

 

[moogle]

They are only triggered when an application requires administrator access. It's quite similiar to how other secure OS'es have it set up (as in requiring credentials for performing elevated actions).

 

[stoofa]

UAC is fine. It is certainly not Microsoft's fault that software producers don't know how to code their applications correctly.
This reminds me of the Windows NT code-line and why Windows 2000 was never aimed at the home market - because games producers didn't know how to code around a HAL.

The majority of applications don't have an issue with UAC - so it kind of points at something "outside" that is the problem.

 

[pastymuncher]

Just disable it. I have disabled it in Windows 7 and now Windows 10 as I got fed up with it nagging everytime I tried to install something.

 

[foster grant]

I have not used UAC for yonks

 

[LizardKing]

Disabling UAC is dumb, the software that triggers it is the problem not UAC itself.

Its triggered when something is trying to change machine settings or access restricted parts of the filesystem, other than installing a piece of software you shouldn't see it and if you are seeing it you should be asking why that software is asking for admin rights all the time.

 

[Participant]

Disabling UAC is dumb, the software that triggers it is the problem not UAC itself.

Its triggered when something is trying to change machine settings or access restricted parts of the filesystem, other than installing a piece of software you shouldn't see it and if you are seeing it you should be asking why that software is asking for admin rights all the time.

So it's easier to re-code the software that's triggering it or find something else that does the same job?

No. Just disable UAC.

 

[james.miller]

So it's easier to re-code the software that's triggering it or find something else that does the same job?

No. Just disable UAC.

it's akin to giving everything root access in linux. or on your phone. its just not a good idea period.


I rarely have to use UAC these days, thankfully

 

[Stoner81]

UAC causes more problems than it solves, I had it disabled while using Windows 7 and have it disabled in Windows 10 since since day 1 and never once had an issue.

IMHO UAC is designed for people who don't know what they are doing and even then all they will do is just click yes/accept/OK to everything because they have no idea about it at all!

Stoner81.

 

[AHarvey]

You forget that they systems are designed for the stupidest element of the population.

If you know what you're doing, turn it off

 

[LizardKing]

UAC causes more problems than it solves,
Stoner81.

UAC is not there to solve anything, its to prevent or at least warn you of potentially unwanted activity.

Switching it off and you have zero idea what your computer is doing or what some compromised website has managed to get on your machine.

Its somewhat ironic when so called power users switch it off because they know better when in reality all your doing is allowing malicious content better unnoticed freedom.

 

[Rroff]

UAC can be useful but almost ironically programs not working properly with the way Windows works trigger it while quite a bit of malware has managed to work around it untroubled

The implementation of UAC in Windows certainly leaves a lot to be desired though.

 

[Feek]

If you have an application which always triggers it, even though you think it shouldn't, you can add it to the UAC whitelist.

 

[KIA]

Complain to the developers of the applications.

Disabling UAC is dumb, the software that triggers it is the problem not UAC itself.

Indeed. Disabling UAC drastically weakens the security of Windows. Why would anyone want a potentially malicious file to gain admin rights with no questions asked?

Reducing privileges has been shown to mitigate many vulnerabilities.

 

[snowdog]

Complain to the developers of the applications.



Indeed. Disabling UAC drastically weakens the security of Windows. Why would anyone want a potentially malicious file to gain admin rights with no questions asked?

Reducing privileges has been shown to mitigate many vulnerabilities.

Like in the other topic, because dealing with potential fallout from malicious software, even ransomware or crypto based viri, is far less hassle, than dealing with UAC on a daily basis. Especially for a hardware enthousiast or software dev.

I've used Windows 7 for years and years with no antivirus, running everything Elevated (using the ''administrator'' account). I've managed to get malware on once, accidentally from running a dodgy executable from a dodgy site, and I cleaned the crap up manually with no problem (saw a process I didn't recognise).

Upgraded to win 10, and the Metro apps I need to use (don't work without UAC) and the hassle it is to kill all antivirus crap on Win 10 is the only reason I use it (Antivirus and UAC that is).
Another example: It's such a pain, I was using snort for go through some pcap files to look for exploits, and windows defender kicks in and freezes the process because it has detected the exploits too.

The only things the AV found on my pc after years of no A/V, were hacktools (It bloody removed Cain&abel from my pc ), cracks, keygens, etc... Stuff I WANT on my pc. I don't like Unix (their file structure, the commands, pretty much everything I hate tbh about most Unix based systems, I want the OS to do things for me, not the other way around) based systems but am seriously tempted to use Kali in a VM instead of crappy Windows for many things.

 

[stoofa]

For the majority of users, running Windows in an elevated, no questions asked mode is insane.
UAC does exactly what it should do.
Microsoft were constantly attacked for lack of security, adding UAC and effectively getting users to run in a "user mode" and then "administer approve" anything else was such a sensible idea.

Sure, switch it all off. You're all far too clever to be caught out by something nasty on your machine. Just don't come a crying when a crypto takes all your data away.

 

[KIA]

Like in the other topic, because dealing with potential fallout from malicious software, even ransomware or crypto based viri, is far less hassle, than dealing with UAC on a daily basis. Especially for a hardware enthousiast or software dev.

I'd rather mitigate than deal with the fallout from a malware infection. You've got to consider things like DDoS, theft of financial information, rootkits, etc.

Upgraded to win 10, and the Metro apps I need to use (don't work without UAC) and the hassle it is to kill all antivirus crap on Win 10 is the only reason I use it (Antivirus and UAC that is).
Another example: It's such a pain, I was using snort for go through some pcap files to look for exploits, and windows defender kicks in and freezes the process because it has detected the exploits too.

The only things the AV found on my pc after years of no A/V, were hacktools (It bloody removed Cain&abel from my pc ), cracks, keygens, etc... Stuff I WANT on my pc. I don't like Unix (their file structure, the commands, pretty much everything I hate tbh about most Unix based systems, I want the OS to do things for me, not the other way around) based systems but am seriously tempted to use Kali in a VM instead of crappy Windows for many things.

In many ways, the AV was doing its job. I recommend Windows 10 Enterprise LTSB N running in a virtual machine, and take advantage of snapshots. You can disable Defender using gpedit.

 

[Rroff]

In 25+ years where my main safeguard has been my right index finger (I don't disable UAC mind) the only time I've been infected was a 0day exploit of one of the ad providers which pushed infected ads onto legit sites and went through every known browser, AV and firewall, etc. at the time for the first 4-5 days before AV definitions caught up - UAC was no protection as it exploited a process that had already been allowed.

Fortunately realised when the HDD started going nuts moment after opening the website and pulled the power stopping it mid infection (still had to clean wipe the system).

(I do run a couple of different system scans from time to time, manually scan downloads, etc. but have no active AV).

 

[Phil2008]

I just started using it yesterday, as I think my pc maybe safer with it turned on. I have used this on a few applications that pops up the UAC warning/messege
https://www.sevenforums.com/tutorials/11949-elevated-program-shortcut-without-uac-prompt-create.html

 

[KIA]

I just started using it yesterday, as I think my pc maybe safer with it turned on. I have used this on a few applications that pops up the UAC warning/messege
https://www.sevenforums.com/tutorials/11949-elevated-program-shortcut-without-uac-prompt-create.html

This is the smart approach. You can DIY as per your link or use one of several apps.

https://www.raymond.cc/blog/task-scheduler-bypass-uac-prompt/