Vista's Uac, Annoying For Many Vista User

[Guest Reimar]

Microsoft: All operating systems should use Vista's UAC

In Builder AU:

Microsoft Australia has defended the company's User Account Control (UAC) system as being "misunderstood" and said it should be the type of technology that all operating systems aspire towards.

"There has been a lot of misunderstanding in the market around User Account Control (UAC). If you look at it from an architectural direction User Account Control is a great idea and strategically a direction that all operating systems and all technologies should be heading down," Peter Watson, Microsoft Australia's chief security advisor said.

UAC is a security feature introduced with Microsoft's Windows Vista operating system. The aim is to provide increased security when using Windows as a standard user by informing them when possible security breaches could be undertaken. The technology has been a source of irritation for Vista users, with Apple going as far as to make fun of UAC in a recent commercial.

As Vista and the latest edition of Office were developed with Microsoft's Secure Development Lifecycle (SDL), "the number of exploits has been extremely low", he added.

The complete articel can be read here: http://www.builderau.com.au/news/soa/Micro...39275111,00.htm

*********************************************************

For me the UAC is annoying and I disabled it already. But how is it for the "normal" user? It's really "boostup" the security?

Your comments please.

[naka]

If this is the pop up window that asks if you want to continue or not, then

it seems like a waste of time to me.

Why do they ask me ? Geeze ... They should know better than me.

Naka.

[Phil Conners]

Why dont they just start with the simple stuff, you know, getting rid of that autorun crap, that's half the problems solved right there

[cdnvic]

Get rid of that bloody ActiveX while they're at it too.

[eek]

i found vistas pop up windows frustrating...but im sure there is a way to override that somewhere? After trying out vista I gave up and went back to xp because of how ram heavy it is.

The skins etc were v sxy but i personally I find that the usiblity is too unfriendly to make vista a viable option yet.

Maybe in a year....

[nikster]

A scheme like UAC can work if

- The popups are very infrequent and easily understood - e.g. you are installing some software vs. the Vista reality where they pop out of the blue for no apparent reason at all.

- The popup asks for a user password so that malicious sofware cannot just simulate a click on OK.

Just like in that other operating system which has been around for over 6 years now...

The main reason the scheme is useless in Vista is the signal / noise ratio. If you get 1 actual virus for 10,000 alarms, chances are you will click OK automatically. If you have not gone crazy first or disabled UAC. IMHO UAC is a "blame the user" feature with no actual security value.

Other security features in Vista, on the other hand, like sandboxing IE are the way to go and should be taken up by other OSs. But UAC - unbelievable someone would do this to the users. Monopoly power at work.

[wpcoe]

- The popup asks for a user password so that malicious sofware cannot just simulate a click on OK.

My understanding is that the UAC does ask for a password, but only if the user does not have administrator rights.

By default, Vista grants the account created during installation administrator rights, so my guess is >90% of the Vista users out there now are operating with administrator rights.

With administrator rights, yes, rogue software can simply simulate a click on OK and do its dastardly deeds.

BUT... if the user is a "regular" (what's the Vista term for non-administrator?) user, then not only is there the annoying pop-op, but a prompt for admin password as well.

With all the security emphasis that Microsoft espouses about Vista, they should have made creation of two user accounts mandatory: one with admin rights, and one without. They could make signing on to the admin account with a nag screen advising not to use it for day to day use to discourage people from doing so. They could even make the admin screen "hidden" from the log-on screen. But no.... they let the users create, by default, admin accounts that can have rogue malware easily bypass all the effectiveness of UAC, leaving the user with only the annoyance factor. <sigh>

While I'm on a rant here, I'd like to profusely thank the geniuses who designed Vista for removing the very useful IEEE1394 networking capability. Apparently there is even a Microsoft document explaining that they specifically removed it because there was no demand for it. I use FireWire for synching my desktop and notebook, and like it for its speed (file transfers are faster than even on my gigabit Ethernet network) and the fact that it is the only network option where I have Microsoft networks or File Sharing enabled. I leave my Etherenet cable attached to my ADSL router with Microsoft Networks and File Sharing turned off, as extra security. Ditto for my notebook where I have the additional WiFi networking with Microsoft Networks and File Sharing turned off.

I have Vista installed as a dual-boot on my desktop computer, but currently use mainly WinXP because I like to use my 20" wide-screen LCD in portrait mode, and the Samsung pivot software is not compatible with Vista and my ATI X1300 video card.

Edited May 2, 2007 by wpcoe

[sjaak327]

UAC indeed does ask for admin credentials if the user is logged on as normal user, you can change the behaviour of UAC to even prompt for credentials when an administrator is logged on. It is an added layer of security and during normal usage of Vista I hardly ever see it.

I would recommend anyone NOT to disable it. Seriously.

[wpcoe]

UAC indeed does ask for admin credentials if the user is logged on as normal user, you can change the behaviour of UAC to even prompt for credentials when an administrator is logged on. It is an added layer of security and during normal usage of Vista I hardly ever see it.

How does one add the prompt for administrator password when logged on as administrator?

[sjaak327]

run gpedit.msc. go to computer configuration, windows settings, security settings, local policies, security options. there are several subkeys for User account control, the one to change is User account control: behaviour of the elevation prompt for administrators, change it to prompt for credentials instead of the default value to prompt for consent. The change will be immediate, no need for a reboot.

[wpcoe]

run gpedit.msc. go to computer configuration, windows settings, security settings, local policies, security options. there are several subkeys for User account control, the one to change is User account control: behaviour of the elevation prompt for administrators, change it to prompt for credentials instead of the default value to prompt for consent. The change will be immediate, no need for a reboot.

Thanks!

I have now reverted to doing most of my work in WinXP (Pro), because something with Vista (Business) is really slowing down. It takes several minutes to boot up to a useable state, and takes about a minute to shut down, and I keep getting the "busy" cursor in different apps preventing me to do anything until it stops, sometimes minutes at a time. When I have more time, I'll troubleshoot and experiment, but right now I have too much stuff to do that I need a stable platform, which means WinXP for the time being.

When I go back to Vista, I'm going to do the gpedit change you explained for the extra security. Now that I've loaded most of my apps on Vista, I don't get all that many UAC prompts so it won't be too much of a hindrance to enter a password.