Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
User Acount Control
Open Security Center, and change the way it alerts you. You can now get rid
of the shield in the sytem tray -- Jane, not plain 64 bit enabled Batteries not included. Braincell on vacation :-) "SteveC" wrote in message ... I don't understand getting a UAC prompt just to change the hotkey on an application shortcut, and I don't understand having to say ok twice to do it. How does one turn this off? I turned it off and then the stupid annoying Red X came up to tell me I need to turn it back on. So now how do I get rid of that? Thanks. "Jeff" wrote in message ... Hilmar, Hi, a little comment. This is part of what you say about uac. " It sure is annoying, but it is extremely annoying to get rid of 25 ad/spy ware programs that unintentionally installed onto your PC in the background." Last time I ran Adaware; it found adware;with UAC on; BTW So what does UAC have to do with stopping adware? Jeff " "Hilmar" wrote in message ... now, you could take this a step further. why are you using a firewall? and why an antivirus program? isn't it annoying to have to install these to be safer? you may be safe for a while without them. But can you be sure it will stay this way? so why not have another layer of security on top of this which will prevent programs from installing without permission? I personally like the idea that anything that tries to install something is asked for permission. It sure is annoying, but it is extremely annoying to get rid of 25 ad/spy ware programs that unintentionally installed onto your PC in the background. It's annoying to lock my bike when I leave it somewhere. some people get even used to taking their tires off to prevent stealing. It's up to you. but you cannot blame anybody for a not secure enough OS if you turn it off. and yes, there are programs who can turn off this feature, but only with your permission. another layer of security will certainly be better for most of users. If you feel comfortable enough that you can do without it, you may turn it off. Nothing may happen to you. "Matthileo" wrote in message ... I have had about enough of this stupid feature. It keeps my antivirus stuff from running at startup, and it annoys me to no end. I tried to turn it off, but it gave me a scary warning that bad things would happen if I did. Now, my question... What are the real harms to disableing that stupid feature, and if they realy are that bad, how can I configure it not to be so dumb? -- God''''''''s in his Heaven. All''''''''s right with the world. ~Nerv |
|
|||
User Acount Control
Thanks for the heads-up, but I would like Security Center to alert me if the
Virus protection or Firewall go down. I don't quite understand the reason for an alert when you purposefully turn off or change UAC. "Jane C" wrote in message ... Open Security Center, and change the way it alerts you. You can now get rid of the shield in the sytem tray -- Jane, not plain 64 bit enabled Batteries not included. Braincell on vacation :-) "SteveC" wrote in message ... I don't understand getting a UAC prompt just to change the hotkey on an application shortcut, and I don't understand having to say ok twice to do it. How does one turn this off? I turned it off and then the stupid annoying Red X came up to tell me I need to turn it back on. So now how do I get rid of that? Thanks. "Jeff" wrote in message ... Hilmar, Hi, a little comment. This is part of what you say about uac. " It sure is annoying, but it is extremely annoying to get rid of 25 ad/spy ware programs that unintentionally installed onto your PC in the background." Last time I ran Adaware; it found adware;with UAC on; BTW So what does UAC have to do with stopping adware? Jeff " "Hilmar" wrote in message ... now, you could take this a step further. why are you using a firewall? and why an antivirus program? isn't it annoying to have to install these to be safer? you may be safe for a while without them. But can you be sure it will stay this way? so why not have another layer of security on top of this which will prevent programs from installing without permission? I personally like the idea that anything that tries to install something is asked for permission. It sure is annoying, but it is extremely annoying to get rid of 25 ad/spy ware programs that unintentionally installed onto your PC in the background. It's annoying to lock my bike when I leave it somewhere. some people get even used to taking their tires off to prevent stealing. It's up to you. but you cannot blame anybody for a not secure enough OS if you turn it off. and yes, there are programs who can turn off this feature, but only with your permission. another layer of security will certainly be better for most of users. If you feel comfortable enough that you can do without it, you may turn it off. Nothing may happen to you. "Matthileo" wrote in message ... I have had about enough of this stupid feature. It keeps my antivirus stuff from running at startup, and it annoys me to no end. I tried to turn it off, but it gave me a scary warning that bad things would happen if I did. Now, my question... What are the real harms to disableing that stupid feature, and if they realy are that bad, how can I configure it not to be so dumb? -- God''''''''s in his Heaven. All''''''''s right with the world. ~Nerv |
|
|||
User Acount Control
By disabling UAC, you implicitly authorize every program that is run,
regardless of how it started, to have complete control over your computer. That is so patently untrue as to be dangerous. We could have bolted UAC on to XP at XP SP2 release if UAC were some solution to some problem. There are quite a few things you still cannot do in Vista when only UAC is disabled. Unobtrusively running a service as Local System that interacts with the desktop comes to mind. This is why Windows complains so loudly when you turn it off - Windows wants you to choose which programs have this power. But let's get back to basics here. Neither UAC nor Vista can inviolate immutable rule of security number one: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore. Period. Vista does not change that. UAC doesn't change that. I'm concerned that so many posts here are advising that UAC either solves all malware problems or causes all end negative user experiences. In practice, UAC provides about as much protection as the IE dialog box, "Scripts are usually safe. DO you want to allow scripts to run." It's the guts of Vista that are massively improved. Concentrate on that, not UAC. |
|
|||
User Acount Control
By disabling UAC, you implicitly authorize every program that is run,
regardless of how it started, to have complete control over your computer. That is so patently untrue as to be dangerous. I would same the same thing about your statement here. My statement describes the implications of disabling UAC truely and accurately, at both a conceptual and technical level. We could have bolted UAC on to XP at XP SP2 release if UAC were some solution to some problem. How soon a feature gets added to Windows does not define how well it solves a problem. I fail to see what you are getting at here. UAC *does*, in fact, solve a problem. PROBLEM: All programs run at the highest privilege level available to the user, even if they do not need such privileges to perform their duties. SOLUTION: Let applications define what privilege level they need, and let the user control how these different privilege levels are assigned (UAC) Hopefully in the future Windows will be able to automagically determine what privileges a program needs based on mathmatically proven analysis; however, the user will still need to determine how much control to give to which programs. UAC is the technical means by which this is accomplished, and the user interaction is an ESSENTIAL part of it - you cannot take the user interaction out of the equation. There are quite a few things you still cannot do in Vista when only UAC is disabled. Unobtrusively running a service as Local System that interacts with the desktop comes to mind. I never intimated that Windows Vista's ONLY security improvement was UAC. To say UAC is not important because there are other security features of Windows Vista is a silly argument. This is why Windows complains so loudly when you turn it off - Windows wants you to choose which programs have this power. But let's get back to basics here. Neither UAC nor Vista can inviolate immutable rule of security number one: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore. Period. Vista does not change that. UAC doesn't change that. Back to basics. Sounds good. You seem to be arguing here that a magical, pretty much unbreakable door lock is not a good security feature because the door lock cannot stop the owner of the door from getting tricked into unlocking it. Rediculous! The point of the door lock is that it allows the owner of the door to decide who comes through it! In fact, no operating system will ever be able to stop malware 100%. Vista won't stop this - Linux won't stop this - This will never be stopped. It is the nature of the operating system to run programs indescriminately - it relies on metadata or user assistance (or both) to guide it when it needs to discriminate. What can be done, however, is to put Windows in a better position to control what actions a program can take based on how much permission the user wants the program to have. Windows cannot determine whether a program is good or bad, and thus cannot determine this for the user. UAC is designed to make sure that users KNOW ABOUT and EXPLICITLY AUTHORIZE a program to run when it requires elevated privileges. It is a security feature because it puts the reins of control into the user's hands, instead of just having all programs run with full privileges without the user having any control over the situation whatsoever. I'm concerned that so many posts here are advising that UAC either solves all malware problems or causes all end negative user experiences. Me too. That's why I spend so much time on here explaining UAC to those who do not understand it. In practice, UAC provides about as much protection as the IE dialog box, "Scripts are usually safe. DO you want to allow scripts to run." Technically correct. However, there is a big non-technical difference between having control over the execution of a script and having control over what privileges processes have. It's the guts of Vista that are massively improved. Concentrate on that, not UAC. UAC is part of the guts of Vista. -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/ |