Do you use Windows UAC?

Status
Not open for further replies.
I can't really reply to the survey except for my own usage. I disable it. I am personally very careful about where I surf, what I click on, etc. and use a good aftermarket virus suite.

With that said, I enable the feature for builds I have done, for family, etc. It isn't that it is protecting you from anything, but it serves as a reminder or wakeup to be watchful what you click on and what you allow access to install to your machine. Typically I will leave it in the hands of the user themselves to learn from and decide if they want to know how or ask about disabling it.
The trap that I see where it comes to it is getting complacent. In many instances people who know little of computers and programs get used to seeing it, don't really know what they are seeing anyway, and click on it even when it's a malware.
 
I personally run with it off and modified some reg keys to allow my network drives to come with me when I have to run as an administrator (otherwise I can only access local disks), alot of software I use needs to run as admin to format and prep local USB drives and the image files are stored on a network repository.
For all of our other users UAC is turned on, even if they are an admin it will bump up the settings automatically on next GPO refresh.
 


I can't quite remember what settings I use on my home computer. I'll have to check when I'm home. I don't think I have it disabled, but I likely have it on the lowest possible settings.
 


Zam, that would have been an awesome 5th question. Too late for me to add though :\
 
Given that a large percentage of people run their Windows PC on a single account, which is by default Admin...turning UAC off leaves malware the same rights as an admin account.

I prefer to have that one little step of verification.
 
I think the myth that UAC was designed as a security boundary needs to be dispelled and hopefully Tom's can do an in depth article on what UAC is and what it isn't. It's more a compatibility feature, than a security feature.

The clearest goal of UAC was to allow Windows users to work using standard user accounts without having to spend large amounts of their day switching to an administrator account to perform tasks. The secondary goal was to get software developers to learn how to accomplish tasks without needing excessive access to the system. Good software should be able to perform most of it's tasks without asking for privilege escalation, and in theory, as time went on and software asked for escalation less and less, it was hoped that users would scrutinize the elevation requests more and more. Of course, since most users don't even understand privilege levels in an operating system, much less why they should question allowing it, UAC seems more of an exercise in dialog dismissal and why Vista was more annoying than XP.

The only real function provided by UAC that immediately addresses security is preventing privilege escalation, but it can only guarantee that on it's Always Notify setting. Because of this behavior, I only consider there to be 2 UAC settings that make actual sense, Never Notify and Always Notify. The rest are just feel good exercises that provide no added guarantees of more security than Never Notify. You either care about privilege escalation all of the time, or you don't. An unfortunate realization your readers seem to be missing is, in Windows 8 and newer, UAC is not actually off when set to Never Notify, it's just not going to inform about the privilege escalations taking place.

I find it very unfortunate that the Editor was lambasted by an angry mob that seems a bit ignorant of the feature they were beating him up verbally over.

Processes don't even need to escalate privilege levels in most cases to compromise user data, so if anyone is looking at UAC for purposes of protecting user data from malicious software, it's pretty useless. Standard users can always access their own data.

As an educational tool I think UAC missed the point. People aren't becoming any more aware of good security practices as a result of nagging, and many are still running default UAC settings on on admin account. Perhaps it's users that have instead missed the point of UAC? Microsoft hasn't even followed the rules for good software policy with their own products, performing the equivalent of white-listing their software rather than rewriting it as 3rd party vendors are required to do.

The virtualization aspect of UAC allows applications developed with the assumption of running with administrative access to function correctly using a limited-privilege account. The reason is not for security, it's for backward compatibility with software written before design rule changes took place. Software written after the introduction of UAC shouldn't be relying on UAC's virtualization to function correctly.

Once users run as non-privileged, the need for UAC pretty much evaporates unless they're running old or poorly written software. Once users run as privileged, if they use any setting other than Always Notify, UAC isn't guaranteed to even do the job it's supposed to do.

This is the reason I run UAC set to Never Notify: being notified of some, but not all privilege escalations doesn't serve a valuable security purpose and I'm not interested in the number of dialogs I would be subject to with UAC set to it's highest level. By the time I run a process, I have already scrutinized it as much as I'm ever going to. An extra prompt isn't likely to ever change my decision, especially if it doesn't give me any new information that was missing from my earlier decision making process. I also don't need UAC for the purposes of making non-compliant software compatible with newer versions of Windows and it's integrity levels don't protect against read access while being exploitable for write access.

Microsoft's own words:
Because of the wide range of application design and implementation, the integrity mechanism cannot provide a complete isolation barrier. The Windows integrity mechanism is not intended as an application sandbox.
Folks so hyper concerned should be running UAC set to Always Notify, or better yet just run as a standard user.
 



Yup, when my kids were young I opted to keep two accounts. One as admin in background and then their log on as a 'standard' user. I also do this with the loaned out remote computer our office uses.

 
I turn it off on all my systems. I have never heard of someone not clicking Yes to the UAC when prompted. If someone knows what they are doing they don't need UAC, if they don't know what they are doing UAC isn't going to stop them installing something they shouldn't. Not making users administrators is much more effective.
 
There is a third way - use UAC Pass.

This is a tiny portable program that lets you create a UAC promptless shortcut for any application you use regularly. That way you avoid the constant annoyance of UAC prompts but still retain it as part of your defence against malaware (or you clicking a bad link without thinking).
 
All 3 options are NO.

While UAC might be first level of defense against a rouge\hacks\virus's attempting to make changes to your system. It is not perfect. It has already been breached and there are simple scripts out there that can bypass UAC.

I leave it on for normal users in a business setup. However, at home I have it off as it is useless for advanced users. If someone really wants to bypass UAC, it wouldn't take them long to do so.

Better option is good firewall protections, lock downs in GPO or local security settings, and AV protections etc...
 
Status
Not open for further replies.