uac - Gizmodo

posts about #uac more →
Windows 7 Networking and Security: HomeGroup, User Account Controls and More
Microsoft Admits Defeat, Will Patch Windows 7 Security Hole
Microsoft On Windows 7 UAC Security Hole: "This is Not a Vulnerability"
Huge Security Flaw in Windows 7 User Account Control
Win 7 Tip: Registry Tweak Fixes Window Gadgets and UAC Incompatibility
User Account Control Will Be Less Maddening in Windows 7

Your version of Internet Explorer is not supported. Please upgrade to the most recent version in order to view comments.

Dsmvwl Admin Promote to frontpage Approve user Ban user ×

shiftyeyedgoat
02/06/09

In reply to Microsoft Admits Defeat, Will Patch Windows 7 Security Hole
I have the bar one notch above never notify -- after hating UAC in Vista and turning it off completely I decided to give it a try -- and have never seen the damn thing.

And what does "next release" mean? I recall a vague statement at this here Gizmodo that this beta would be the last beta/RC release to the public.
Reply

shiftyeyedgoat was starred shiftyeyedgoat was unstarred

ZLevee
02/06/09

@shiftyeyedgoat: There's a non-public Release Candidate coming out, for developers.
Reply

ZLevee was starred ZLevee was unstarred

smokee
02/04/09

In reply to Microsoft On Windows 7 UAC Security Hole: "This is Not a Vulnerability"
Someday I will meet one of these fabled people that leave UAC on. Then I will show her how to turn it off. =D
Reply

smokee was starred smokee was unstarred

Project_J187
02/04/09

@smokee: I leave it on at my work computer, but that is because we have VPN and you don't have to get the OK to see someone's computer. UAC stops the connection from being made until after I click allow. My home computers have it turned off though.
Reply

Project_J187 was starred Project_J187 was unstarred

frigg
02/04/09

In reply to Microsoft On Windows 7 UAC Security Hole: "This is Not a Vulnerability"
"We like to think of it not so much as a security hole, as much as a guest portal, part of our new security-as-social-networking initiative."
Reply

frigg was starred frigg was unstarred

Kaiser-Machead
02/04/09

In reply to Microsoft On Windows 7 UAC Security Hole: "This is Not a Vulnerability"
I'm going to assume now that the people who turn off UAC altogether know what not to install onto their system, so don't need to be notified. If you're turning off a security prompt entirely and you're fairly careless about the things you install, you basically deserve what you get. Having the ability to turn off a safety feature is not a security hole. The user is the security hole.

But I'd like to see a Vista and 7 system get hacked side by side to see how much faster 7 really is to break into with UAC turned off.
Reply

Kaiser-Machead was starred Kaiser-Machead was unstarred

smartboydan is banned from Deadspin :(
02/04/09

@Kaiser-Machead: I think the vulnerability is that a script could set the UAC to off without ever notifying the user. You could then put that script in front of any viruses and UAC, even at max, would be unable to do anything.
Reply

Kaiser-Machead
02/04/09

@smartboydan should really be studying right now.: Ah, ok. -1 for me for not reading that clearly.
Reply

Kaiser-Machead was starred Kaiser-Machead was unstarred

SJRNWT
02/04/09

In reply to Microsoft On Windows 7 UAC Security Hole: "This is Not a Vulnerability"
People complain about UAC being too naggy.

Then they complain about it not doing it's job.

Come on, you can't have your cake and eat it too lol
Reply

SJRNWT was starred SJRNWT was unstarred

ripfire
02/04/09

@SJRNWT: Microsoft is making decisions for the default based on user feedback. Like I've said before and I'm saying it again: They can listen to feedbacks and advice, but doesn't necessarily mean its a good frackin idea!
Reply

ripfire was starred ripfire was unstarred

Jrsy Devil's Advocate®
01/30/09

In reply to Huge Security Flaw in Windows 7 User Account Control
Flaw?? When will you people learn? It's not a bug, it's a feature!
Reply

OMG! Ponies!
01/30/09

In reply to Huge Security Flaw in Windows 7 User Account Control
So if Windows bugs you and has you run UAC, Microsoft screwed up. If Windows doesn't bug you and lets you run around the internet like a moron, Microsoft screwed up.

Is there any scenario where Microsoft won't get blamed?
Reply

OMG! Ponies! was starred OMG! Ponies! was unstarred

DeannaFlying fox
01/30/09

@OMG! Ponies!: You must be new here...
Reply

DeannaFlying fox was starred DeannaFlying fox was unstarred

QuailRider
01/30/09

@OMG! Ponies!: Yes, by doing things the way Apple does it. OS X manages to remain secure while not pissing me off. The way to fix this is require a prompt before shutting off UAC, which would stop the aforementioned script attack dead in its tracks.
Reply

QuailRider was starred QuailRider was unstarred

OMG! Ponies!
01/30/09

@QuailRider: You just described UAC in Vista.
Reply

OMG! Ponies! was starred OMG! Ponies! was unstarred

Jrsy Devil's Advocate®
01/30/09

@OMG! Ponies!: Probably but since it requires one of those rare total planetary alignments it doesn't occur all that often...
Reply

Jrsy Devil's Advocate®
01/30/09

@DeannaFlying fox: I think you have that backwards...
Reply

kd420
01/30/09

@OMG! Ponies!:

Linux has one of the most secure privilege systems, and only needs to prompt you for installing programs in root directories, or doing system-wide changes (like hardware level changes). The reason is the system is layered in a way that a user can change a lot without affecting others.

MS chooses to make everyone run in an admin-like level and just ask for each step. The more logical and easier way is to separate the things people NEED to change, not bug them when the HAVE to change them.
Reply

kd420 was starred kd420 was unstarred

OMG! Ponies!
01/30/09

@kd420: That was one of the goals of UAC. MS designed it to be annoying in the hope that third-party programmers would make programs that didn't need access to system files.

They didn't count on the programmers to say "how about we be lazy and blame MS for the problem".
Reply

OMG! Ponies! was starred OMG! Ponies! was unstarred

geowrian
01/30/09

@OMG! Ponies!: Umm...MS strongly encourages programmers to use the OS's system files and folders. Even MS's own package installer defaults to installing certain files into the windows root, while the rest usually go somewhere under Program Files. Both of those locations are limited to power users and administrators only for write access. It's not the programmers being lazy when 1) MS changes the game, and 2) still tells them to do it.

The major UAC change that I think will make most people happy is the ability to disable the UAC prompt for certain actions or programs. Windows 7 moved more towards this, but it's not there yet. The user should only have to confirm something once and have the ability to make that the last confirmation. For example, in Vista, a program installed 2 files in the root of the drive. They were simple log files. To erase them, I had to confirm my actions via Windows dialogs and the UAC a total of 8 times. EIGHT confirmations to delete 2 non-MS log files?

UAC is a good idea, but it's not done right. Vista's UAC was a complete disaster. Windows 7's UAC seems to be huge improvement, but it can still do more to create a secure system without annoying the users as much.
Reply

geowrian was starred geowrian was unstarred

Nekrik
01/30/09

@geowrian: "It's not the programmers being lazy when 1) MS changes the game, and 2) still tells them to do it."
MS originally released a 'Best Practices' that, had it been adhered to, would have made the changes you mention not necessary. It was easier to only program assuming everyone had admin rights, thus the concept of the 'lazy' programmers as they choose, for whatever reason, to ignore these best practices. It wasn't the application developers who got slammed as a result of this, it was MS, so now they are enforcing the policy, thus companies like Symantec, who did horrible little kluges with their crappy and invasive code screamed how unfair it was (the sad part here is they basically called out their own dev's as incapable), thus MS was forced to reduce security in the name of shoddy programmers everywhere.
Reply

Nekrik was starred Nekrik was unstarred

Nekrik
01/30/09

@Nekrik: That last line is worded very badly, sorry about that. The jist is that Symantec screamed foul and MS had to loosen up security of the kernel. This was the result of a security company claiming they couldn't secure the computer with the kernel being as secure as it was. Companies like Kaspersky had no problems with the changes so it should make one wonder why Symantec did.
Reply

Nekrik was starred Nekrik was unstarred

OMG! Ponies!
01/30/09

@Nekrik: Yet another reason to avoid Symantec like the Plague. The other reason being that they very happily handed the keys to the backdoor to the Feebs.
Reply

OMG! Ponies! was starred OMG! Ponies! was unstarred

ara
01/30/09

In reply to Huge Security Flaw in Windows 7 User Account Control
Uh, the UAC is already far more annoying with the Windows 7 Beta than it ever was on on Vista. Granted I turned it off immediately with Vista, with Windows 7 I've been doing my best to bear it at second lowest setting. I can't even re-organize my fucking Start menu without running into multiple privilege errors, let alone launch Warhammer Online without every single time accepting the popup pointing out that yes, the updater might actually update the file. I would probably kill myself if I were forced to raise the UAC level.

Don't get me wrong, UAC, along with ACHI disk handling, is pretty much my only complaint about Win7Beta, which is awesome. Just, how the hell it can be so hard to implement as nicely as it's done on OS X?
Reply

ara was starred ara was unstarred

OMG! Ponies!
01/30/09

@ara: Did you install as admin and are you running as admin?
Reply

OMG! Ponies! was starred OMG! Ponies! was unstarred

ara
01/30/09

@OMG! Ponies!: My account is admin account. As for installs, I fall to 'run as admin' only when it doesn't work normally, don't remember if that happened with WAR, most likely not.

It would be nice to be able to flag executables that I deem safe and don't want to be nagged about.

The Start menu issue seems to raise when trying to move links that are available for all users.
Reply

ara was starred ara was unstarred

OMG! Ponies!
01/30/09

@ara: Just because your account is admin does not necessarily mean you installed as admin.

Try the following. Reinstall but when running the installer, right-click and run the installer as admin. After it installs, go to the shortcut, right-click "properties" and under the security tab, check "Run as administrator".

It's a bit of overkill but give it a try.
Reply

OMG! Ponies! was starred OMG! Ponies! was unstarred

ara
01/30/09

@OMG! Ponies!: Thanks for the tip, I'll most likely install everything as administrator from now on. As for WAR I'll think I just bare it rather than re-download the whole 8GB game as I don't have optical media for it. I'll run out of game time in few days anyways.
Reply

ara was starred ara was unstarred

OMG! Ponies!
01/30/09

@ara: Np.

Your first step should usually be to change the properties to "Run As Administrator", which solves a lot of problems. Citrix would bug me until I did that. Seems like an extra step but I can understand why Microsoft doesn't want everyone to always run everything as administrator by default all the time.
Reply

OMG! Ponies! was starred OMG! Ponies! was unstarred

Zomb
01/30/09

@OMG! Ponies!: NO, Installing as admin is what causes the prompt because every time the program launches it is asking for admin privleges. Install as a normal program instead of admin and you will only get the one prompt asking for permission. This is why people have problems with UAC. Your programs shouldn't have admin priveleges only you should. Install your programs as normal programs whenever possible to minimize problems and if you need to update run as admin that one time.

As for the start menu. How often do u reorganize your start menu and what are you doing to run into privelge errors???
Reply

Zomb was starred Zomb was unstarred

OMG! Ponies!
01/30/09

@Zomb: One of the improvements in W7. Along with RocketDock, I don't even bother with the Start menu hierarchy. My main apps are on the Dock and anything else I want to run, I can find in an instant by typing it into the search bar.

Microsoft, like Apple, has learned the value of ripping off Quicksilver.
Reply

OMG! Ponies! was starred OMG! Ponies! was unstarred

enm4r
01/30/09

In reply to Huge Security Flaw in Windows 7 User Account Control
Just make UAC modifications always require a prompt. In the meantime, you might wanna slide your settings up a notch, if you're feeling paranoid.

Unless I'm missing something, the script would change the settings without you knowing. What you personally have it set to wouldn't make the slightest difference. If you were really paranoid you should check your UAC before every time you shut down and immediately after logging in.
Reply

enm4r was starred enm4r was unstarred

matt buchanan
01/30/09

@enm4r: The reason the script works is that you're not prompted when UAC is modified under the default settings. If you turn them up so that it prompts you whenever Windows settings are modified, you could stop it from changing User Account Controll settings by pressing cancel when the prompt shows up.
Reply

matt buchanan was starred matt buchanan was unstarred

Chris Tomalty
01/30/09

@enm4r: If you're really paranoid you're not on Windows at all ;)

You're probably in a cave wearing a tinfoil hat, or at least using Linux with all the redundant firewalls, antiviri, and total disk encryption on.

Sounds like my computer :P
Reply

Chris Tomalty was starred Chris Tomalty was unstarred

DeusExMach wonders what the hell happened to his stapler.
01/30/09

@LegoAddict: Did you just compare Linux to Bronze-age technology...?
Reply

BeautifulAgony
01/30/09

@DeusExMach: I think he did! GET HIM!!!

sudo -u DeusExMach userdel LegoAddict

woot
Reply

BeautifulAgony was starred BeautifulAgony was unstarred

Earlier discussions Other discussions Show all discussions Show featured discussions only Start a new discussion

Gizmodo Team

SUBSCRIBE TO Gizmodo

Login

Reset Password

Register

Submit Your Comment