Does enabling UAC control really make a difference in security?

[Modelworks]

Depends on the user.
Some people are not going to be safe unless you stand over their shoulder and monitor everything they do. Others can run a pc for years and never get a virus or have a problem.

 

[Arkitech]

Is there a way to configure UAC to ignore certain functions? I play Crossfire (an online fps) and UAC prompts me every time I start the game (due to Crossfire's autoupdate). It would be cool if I could configure UAC to ignore it and simply load the game.

 

[XZeroII]

UAC is not about security at all. Microsoft has said this many times. It's about enforcing proper coding standards. They wanted to migrate away from requiring users to have local administrator rights on their machines but too many applications would have broken. So they came up with UAC which would inform the user that an application was going to access parts of the OS that are "protected". Developers would then see that their applications are not doing things correctly and fix it.

So technically, if the application was written correctly, you should not get a UAC prompt.

 

[pcslookout]

Originally posted by: XZeroII
UAC is not about security at all. Microsoft has said this many times. It's about enforcing proper coding standards. They wanted to migrate away from requiring users to have local administrator rights on their machines but too many applications would have broken. So they came up with UAC which would inform the user that an application was going to access parts of the OS that are "protected". Developers would then see that their applications are not doing things correctly and fix it.

So technically, if the application was written correctly, you should not get a UAC prompt.

That was a smart move on their part because I noticed almost all programs I install pop up with a UAC prompt. Wow do we have a long way to go.

 

[mechBgon]

Originally posted by: XZeroII
UAC is not about security at all. Microsoft has said this many times. It's about enforcing proper coding standards. They wanted to migrate away from requiring users to have local administrator rights on their machines but too many applications would have broken. So they came up with UAC which would inform the user that an application was going to access parts of the OS that are "protected". Developers would then see that their applications are not doing things correctly and fix it.

So technically, if the application was written correctly, you should not get a UAC prompt.

Being a non-Admin is a security enhancement in its own right, and UAC does make that pretty easy to handle. However, the rest of the story is that leaving UAC enabled does have security benefits of its own, beyond simply being a non-Admin. Protected Mode is the main high-profile perk coming to mind. No UAC, no Protected Mode.

 

[rockyct]

Originally posted by: MrChad
It depends.

The intent is good. It makes you, the end user, aware when a program is trying to access system resources, as blackangst1 mentioned. This means that malicious programs cannot access these resources without you explicitly giving them permission to do so.

The problem, of course, is that too many UAC prompts leads to users clicking "Yes" automatically without actually reading the prompt or understanding what it's trying to say. This is a problem that Windows 7 tries to address, as Vista (at least earlier versions) overwhelmed users with way too many prompts.

Yeah, it was annoying in Vista that it would pop up a couple times when installing a program and even when you changed something in the control panel. It became automatic when I was doing that kind of stuff. However, if the UAC panel were to pop up when I'm on the internet, it would be a red flag to me as I'm not in auto click mode. However, I can see with many people that they would click the box automatically all of the time.

Anyway, I think it's a good thing to keep enabled and Win7 has made it nicer with multiple UAC levels.

 

[soonerproud]

Originally posted by: Tom

Why did Microsoft make Windows so obscure and complex in the first place ?

example-Why is the registry necessary?

The registry is a central place where all configuration settings for the os and your programs are located. In Unix type oses like OSX or Ubuntu these types of configurations are located all over the drive in configuration files. There are benefits and problems with both approaches in handling configuration settings but the registry makes it easier to find and change these settings when needed.

Without the registry Microsoft would have to use configuration files all over the OS like Linux does.

 

[Nothinman]

In Unix type oses like OSX or Ubuntu these types of configurations are located all over the drive in configuration files.

If by "all over the drive" you mean "in the /etc directory" then, sure.

There are benefits and problems with both approaches in handling configuration settings but the registry makes it easier to find and change these settings when needed.

The only real benefit I really see is that the format is enforced in the registry but with txt files you can do whatever you want, i.e. Samba's smb.conf doesn't look like Apache's apache.conf. But that falls apart when you see how many Windows developers just create a binary key value and drop random blobs of data in it. Searching text files is something people can do easily, reading hex isn't.