The great UAC debate continues ... in Windows 7.

HappyAndyK · **The great UAC debate continues ... in Windows 7. -** 02-02-2009, 04:17 PM

Microsoft is destined to be ... damned if they do something ... damned if they dont!

Smarting from supposed security concerns in Windows XP, Microsoft came up with idea of the UAC. The UAC was meant to protect the user, using an enhanced form of a sandboxing technique; in User Account Control and Protected Mode Internet Explorer. But too many prompts turned off the user, making him simply turn it off ! A case of the protector asking too many questions ... should I ... shoud I not ! As a result, the UAC prompts become one of the biggest annoyances that people mentioned about Vista.

Buckling under intense criticism of the UAC's behaviour in Windows Vista, Microsoft decided to temper its behaviour in Windows 7.

The UAC in Windows 7 now asks the user for permission less frequently. It even hides UAC prompts when the user changes any Windows settings. Customizing the UAC system settings, to 4 levels, has also been made a lot easier. The casualty has been that the default security has been reduced.

It was now shown that a simple script developed by Rafael Rivera, uses a vulnerability in the current Windows 7 beta to disable UAC. In short, turning off UAC does not cause prompt to appear. This means that malware will be able to programmatically disable UAC without the user even coming to know about it.

However Microsoft has said that this UAC behaviour in Windows 7 is not a vulnerability but is there by design and that the only way this could be changed without the user’s knowledge is by malicious code already running on the box.

So whats your take on the UAC behaviour in Vista and in Windows 7 ? Do you like the UAC or hate it? Do you think you need it ? Are you happy with the change in Win7? Any observations, comments, suggestions ?

roraniel · 02-02-2009, 04:32 PM

I turned it off in Vista. In W7 I set it to the lowest setting before OFF. It is less obtrusive but still causes a small annoyance for me.

I love to play around with the icons for my dock program and they are stored in the C:/Program Files directory. When I save new icons or modify and save existing icons I have to jump through a couple hoops.

I feel safe without it because I use Kaspersky Internet Security. With KIS I pass the firewall leak test and my IP is invisible on the net according to several test found here: https://www.grc.com/x/ne.dll?bh0bkyd2

To be honest I would just turn it off again but when it is off it appears to cause W7 to not remember my network credentials when I reboot and W7 does not reconnect to my network drives. I have reported this as a bug.

nirmaltv · 02-02-2009, 04:34 PM

Well, I never hated the UAC in Vista also, infact I had never turned it off in Vista also.
The UAC in Windows 7 which can be tweaked instead of turning it off is a good feature especially after so much complaints on it.

I'm not sure whether this is going to be a vulnerability. But at the same time I do feel we need the UAC to make Windows more secure.

seti · 02-02-2009, 05:26 PM

Quote:

Originally Posted by roraniel

I turned it off in Vista. In W7 I set it to the lowest setting before OFF. It is less obtrusive but still causes a small annoyance for me.

I love to play around with the icons for my dock program and they are stored in the C:/Program Files directory. When I save new icons or modify and save existing icons I have to jump through a couple hoops.

I feel safe without it because I use Kaspersky Internet Security. With KIS I pass the firewall leak test and my IP is invisible on the net according to several test found here: https://www.grc.com/x/ne.dll?bh0bkyd2

To be honest I would just turn it off again but when it is off it appears to cause W7 to not remember my network credentials when I reboot and W7 does not reconnect to my network drives. I have reported this as a bug.

Once again Andy you've taught me things I didn't know so thank you for that. I found UAC annoying in Vista and like roraniel I have used Steve Gibsons excellent Shields Up and leak test, which I was going to mention, but got beaten to it. While I do not think it is a bad thing UAC I am glad of the improvements in 7 and the fact that you can set it now. For a mulit used pc I and for someone not that experienced or knowledgeable on security, I'd say leave it alone, but for others make your choice and live with the results.

Ciprian · 02-02-2009, 05:52 PM

I use Norton UAC and I'm very happy with it.
So are my sister and friends who started using it.

roraniel · 02-02-2009, 06:11 PM

Which version of Vista are you using Norton UAC on? I installed it on Vista Ultimate SP1 and it caused BSOD but I suspect there was conflict with Windows Live Onecare which I used at the time.

Quote:

Originally Posted by vista4beginners

I use Norton UAC and I'm very happy with it.
So are my sister and friends who started using it.

iMav · 02-02-2009, 06:17 PM

The whole point is that, if UAC can be controlled by external programs it is redundant. Period.

Corrine · 02-02-2009, 11:05 PM

@roraniel, why not put those images you're playing around with in your user's folder?

@iMav, there is more to UAC than providing Administrator-level permissions. See TechNet articles "The Long-Term Impact of User Account Control" by MVP Jesper M. Johansson's and "Inside Windows Vista User Account Control" by Mark Russinovich.

I am "old school" and want to know who and what changes are made on my computer even when I am intentionally installing a new software program. This includes when an ActiveX is added, when a program is added to start up, etc. I also want to know if something has changed my Windows Update or UAC settings.

Solution: See "Bits from Bill", WinPatrol v16 Monitors Changes to UAC Settings

skidmark · 02-02-2009, 11:19 PM

I tolerate the persistent appearance of the UAC because, as Corrine notes, I too am "old school". I understand the pluses and appreciate them no matter how many more clicks it takes to accomplish a task.

VikramPendse · 02-03-2009, 05:35 AM

I don't hate UAC, its ok as long as is treated as one of the measure to make user secure,but is it 100% protection?, I dont have gr8 knowledge about Windows like you guys here,but going bit off the topic, I feel the "Green Progress Bar" in each window [Might be doing some file indexing] is more annoying than UAC, UAC atleast we can tweak and turn it off..but its really painful when I plug my USB loaded with images and wait and wait, just to see the thumbnail preview and all images getting load..pain

..wish to see more improvement in such small small things in Win7

Vikram
Microsoft MVP - ASP.NET