"CarolinaFaithful" <guest@unknown-email.com> wrote in message
news:bc73a37caca3f803112a974a913348a6@nntp-gateway.com...<span style="color:blue">
>
> Thank you Wil and Gerald309, for correcting me. The Techworld.com
> article finally convinced me to re-enable my UAC. What I thought was
> "an annoyance" before, could really help prevent a catastrophe later on.
>
>
> --
> CarolinaFaithful
>
> Your knowledge is appreciated. One can never learn too much.</span>
Glad to see you re-enabled it and you won't be sorry.
Read over this write-up by MS-MVP Ronnie Vernon. The only fault I see in it
is I didn't write it :>
QUOTE:
"Bob" <bob@nowhere.net> wrote in message
news:8MOdnY5hI8aWaHvanZ2dnUVZ_gKdnZ2d@comcast.com...<span style="color:blue">
> Ronnie
> Even with the prompt enabled it still requires the user to be
> knowledgeable of the application UAC is prompting about. Once elevation is
> allowed UAC does not protect the user. Clicking allow becomes nothing more
> than an annoying additional click which in many cases becomes automatic.</span>
It it only annoying until you run into something unexpected. Right after
Vista was first released, we went through all of the debates about users
getting to the point where clicking on the prompt became an 'automatic'
response.
One user told us about a utility that he downloaded and installed and he got
the expected 'security warning' about the file not having a digital
signature. He clicked to run the file anyway and the utility installed. He
then got a message to 'click here' to configure your personal settings. He
then received this prompt.
http://i196.photobucket.com/albums/aa86/rvmv/UACPrompt2.jpg
Without UAC, he never would have been aware of the second file being
installed, since he had already permitted the program to run. Needless to
say, he decided that he would leave UAC on.
<span style="color:blue">
> Additionally, the most common way a PC becomes infected is by downloading
> something from the net and even with the UAC prompts disabled you still
> receive a security warning when you attempt a download.</span>
Only in specific instances, such as an installation file that does not have
a digital signature attached. The security warning does nothing to protect
against 'drive-by' downloads that run automatically. Most of the smaller
software developers will not bother with a digital signature, simply because
it is time consuming and expensive for them.
<span style="color:blue">
>
> Personally, when I decide to run something I don't have a need to be asked
> to confirm it. If I didn't want to run it I would not have clicked on it
> in the first place.</span>
It's not about you deciding to run a program, it's about 'isolation', it's
about 'integrity levels', it's about what background actions the program
will take when you do run it. Have you ever wondered why an application,
that does nothing more than make images look better, needs full and
unrestricted access to every part of your computer?
<span style="color:blue">
>
> The bottom line is UAC does no more than protect the user from himself,
> and even that still requires the user to be knowledgeable.</span>
This is the whole point of UAC. The only way that a malicious program can be
installed is if the user gets complacent and stops paying attention to what
they are doing.
When Vista is first installed, a user will typically see a ton of UAC
prompts as they install all of their software programs and utilities, but
these will gradually become more rare. Windows has to overcome almost twenty
years of being a 'push button' operating system before it will attain any
semblance of a 'secure' operating system. The education of users as well as
developers will take some time. UAC and other security 'hardening'
procedures are not going to 'go away'.
When the majority of developers see the benefits, and start following the
Microsoft developer guidelines for coding their programs and applications to
run in a 'least user privilege' environment, UAC will become a prompt that
is rarely seen. The vast majority of windows software should not even need
to initiate a UAC prompt.
Take a few minutes to read the following article. It will give you a better
understanding, and show you the underlying reasons and goals of UAC.
The Long-Term Impact of User Account Control:
http://technet.microsoft.com/en-us/magazine/cc137811.aspx
--
Ronnie Vernon
Microsoft MVP
Windows Desktop Experience
<span style="color:blue">
>
> "Ronnie Vernon MVP" <rv@invalid.org> wrote in
> messagenews:3F04A9A8-EC21-412D-9ED2-3386B2E653BB@microsoft.com...<span style="color:green">
>> "Bob" <bob@nowhere.net> wrote in message
>> news:VISdnaGl9rkOUnjanZ2dnUVZ_g-dnZ2d@comcast.com...<span style="color:darkred">
>>>
>>> All of that nonsense can be eliminated by running UAC in "quiet" mode.</span>
>>
>> This is a fallacy! If UAC cannot notify the user that a program is trying
>> to gain global access to the system, then it is effectively 'disabled'.
>> This so called 'quite mode' setting just changes a UAC registry setting
>> to 'automatically elevate everything without prompting'. This means that
>> when you click to open a file, it is 'assumed' that you already know that
>> the file will have unrestricted access to your computer.
>>
>> The main thing that UAC does is to detect when a program or application
>> tries to access restricted parts of the system or registry that requires
>> administrator privileges. When a program does this, UAC will prompt the
>> user for administrative elevation. Without this prompt, UAC cannot warn
>> the user, which means that it is effectively disabled.
>>
>> Some people will tell you that using "quiet mode" will still let IE run
>> in protected mode, but this just isn't true. Without the UAC prompt, a
>> malicious file that runs from a website can run, without restrictions,
>> and silently.
>>
>> Another issue is that with UAC prompt disabled, some legitimate
>> procedures will just silently fail to work properly, with no
>> notification, if you are logged on with a Standard User account, since
>> the application cannot notify you that administrative privileges are
>> required.
>>
>> Even the developer of the TweakUAC utility includes this statement about
>> his product.
>> "if you are an experienced user and have some understanding of how to
>> manage your Windows settings properly, you can safely use the quiet mode
>> of UAC." In my opinion, if you are an experienced user, the last thing
>> you would want to do is turn off the UAC notification.
>>
>> If you 'are' an experienced user, then you would already know how to
>> temporarily bypass the UAC prompt to perform just about any procedure in
>> Vista, such as running programs from an elevated command prompt, or using
>> an elevated instance of windows explorer.
>>
>> The last problem I have with this so-called 'quiet mode' is that it
>> dissuades developers from programming their applications to run in a
>> least user privilege environment.
>> --
>>
>> Ronnie Vernon
>> Microsoft MVP
>> Windows Desktop Experience</span></span>
END QUOTE:
--
All the best,
SG
Is your computer system ready for Vista?
https://winqual.microsoft.com/hcl/
Want to keep up with the latest news from MS?
http://news.google.com/nwshp?tab=wn&ned=us&topic=t
Just type in Microsoft