Quick Vista "User Account Control" Question

[Smoolean]

So two days into using Vista, the new paranoid "User Account Control" feature hasn't annoyed me enough to turn it off. However, is there a way to tell it that certain programs are safe? My RSS Feed Reader, RSSOwl, makes the UAC notice come up EVERY time I launch it. I've looked around for an option to make it play nice with RSSOwl but didn't find anything.

Does anyone know how/where to achieve this?

 

[GregGreen]

Bump for a solution. It keeps asking me if opening CPU-Z is allowed. At least I don't use that every day.

 

[hardcandy2]

As far as I know, UAC is either on or off, there does not seem to be a middle ground or a list of allowed programs. There may be registry key that can be edited, but I just turn it off. And when you install Nero and some other programs even as administrator, it will not allow them to access the registry and you get a registry error message.

If you want to turn it off, Control Panel>>Classic View>>Users>>turn User Account Control On or Off. Reboot. And then you have to turn off the notices from the security center.
I think Microsoft went a little bit overboard on this UAC, there should be some way of adding programs to a Trusted Program List. There may be, but I have not found it.

 

[43st]

I'm pretty sure Microsoft maintains the UAC list... I was doing ok with it until it denied the Logitech mouse drivers, I ended up turning it off due to that. Oddly enough Logitech Setpoint 3.3 is approved, the UAC thought otherwise. I don't think having something so powerful in control of your system is a good thing if it has errors or doesn't work correctly. And, just like all Microsoft goodies, one can't uninstall and reinstall the offending application.

 

[Bluestealth]

Its much better and safer IMHO to disable UAC and revoke your admin rights then it is to live with UAC. That way you must enter your administrator password in order to completely trash your machine. Don't get me started on the new "permissions" pop ups GRRR *grinds teeth.
Anyways I uninstalled Vista and went back to XP.... if I didn't have to play with it at work well... I'd be a much happier person.

 

[Smilin]

If UAC hasn't bugged you yet it probably won't. It's bad in the first few days while you are loading apps and drivers. Once things are built you won't see it that often.

If you have something in particular that you want to always run elevated you can set it to do so via compatibility tab in properties on the executable.



Bluestealth:
Disabling UAC and revoking your admin rights would grant you nothing more than worse inconvenience. You would then be prompted for creds everytime you wanted to do something that required an admin token. Leave UAC on and it will run like a non-admin all the time. Only hits on the admin half of your token will UAC prompt.

 

[mzkhadir]

Remember that cute "Administrator" account you see when you login to safe mode? That's the built-in administrator account that's installed by default, and disabled by default too, after a little digging-in I made this tutorial that'll let you enable and use this account in normal mode, and with a little other tweak, enjoying an XP-like administrator experience, while UAC is left ON (or off, it doesn't matter), but with no prompts or right clicks.

1- Click Start, and type "secpol.msc" in the search area and click Enter.
2- You may receive a prompt from UAC, approve/login and proceed.
3- In the left list, choose "Local Policies", then "Security Options"
4- Set "Accounts: Administrator account status" to Enabled.
5- Set "User Account Control: Admin Approval Mode for the Built-in Administrator account" to Disabled.
6- Now log-off, and you'll see a new account named "Administrator" will be available, click on it to login.

Now you are the master of your domain! I recommend if you're going to use this method is to apply it as soon as you do a fresh install of Windows, so you can simply delete whatever administrator you created in the setup process, and make this one the "real" administrator for your PC, also you can rename this new admin account or change its password like any other account from "User Accounts" in the Control Panel.

A last note: Please apply this procedures only if you know what you're doing. Disabling security features in the operating system is not something recommended to the average Joe, and for sure I won't be held accountable for any damaging happens to your system or files resulting from running a full administrator account all the time.

http://www.neowin.net/forum/index.php?showtopic=537806&st=0

 

[Bluestealth]

Originally posted by: Smilin
If UAC hasn't bugged you yet it probably won't. It's bad in the first few days while you are loading apps and drivers. Once things are built you won't see it that often.

If you have something in particular that you want to always run elevated you can set it to do so via compatibility tab in properties on the executable.



Bluestealth:
Disabling UAC and revoking your admin rights would grant you nothing more than worse inconvenience. You would then be prompted for creds everytime you wanted to do something that required an admin token. Leave UAC on and it will run like a non-admin all the time. Only hits on the admin half of your token will UAC prompt.

Actually it isn't more inconvenient because I can open up a command window running as administrator and launch anything I need to. I also don't have to worry about any flaws in UAC either... which makes me rest easier

 

[Smilin]

Which flaws? You can launch a command prompt with elevated privledges with UAC enabled too.

 

[zig3695]

if you could change the blacklist in UAC then it would be easy for a virus to just change it first before it launched its trojan

 

[Bluestealth]

Originally posted by: Smilin
Which flaws? You can launch a command prompt with elevated privledges with UAC enabled too.

I simply don't trust a thin line of Microsoft code until it has been tested. No amount of song and dance from Microsoft will change my mind until it has been deployed for a while. I truthfully do not think they have a pro-security philosophy still, but one of allowing security to be second to application compatibility and user ease of use. Maybe I will change my mind in about 1-2 years, but not likely. I still feel completely naked when it comes to Windows Security when running as Admin even with UAC.

I would have more faith if it made installers only receive privileges they need and require them to escalate step by step in legacy mode.

As such a new installer would ask... I need access to Global Program Files, Global Registry, and All Users Profile is this ok?.... you would probably say yes...

Imagine if a game asked... I need access to System Directory, Load Kernel Driver, Global Program Folders, Global Registry, and All Users Profile... would you say yes?.... probably not. Or at least not without at least checking what Anti-Copy protection it was trying to load

A legacy installer could ask you each time it wanted to obtain a higher level of access, while annoying, it would be far more secure imho.

Plus why the hell are we still installing everything globally? It boggles the mind. It seems they are trying to copy Unix home folders in Vista... so maybe there is hope in the future?

 

[stash]

I still feel completely naked when it comes to Windows Security when running as Admin even with UAC.

Er, why?

Unless you willfully allow something malicious to run on your machine, what do you see happening? A user in the admins group on Vista, with UAC on has the exact same privileges as a user that is not in the admins group. Only when you click OK on a UAC dialog does your token get elevated.

With things like integrity levels, service hardening, etc, I don't see how you can seriously say that Microsoft doesn't have a pro-security stance. This OS by far has sacrificed the most in the name of security over appcompat, compared to any other Windows release. The fact that there is appcompat at all in Vista is testament to the hard work that was done to get things to work AND stay secure.

I'm curious what sort of testing you do before you trust code from Microsoft.

 

[Tegeril]

Originally posted by: hardcandy2
As far as I know, UAC is either on or off, there does not seem to be a middle ground or a list of allowed programs. There may be registry key that can be edited, but I just turn it off. And when you install Nero and some other programs even as administrator, it will not allow them to access the registry and you get a registry error message.

If you want to turn it off, Control Panel>>Classic View>>Users>>turn User Account Control On or Off. Reboot. And then you have to turn off the notices from the security center.
I think Microsoft went a little bit overboard on this UAC, there should be some way of adding programs to a Trusted Program List. There may be, but I have not found it.

There's no reason to use classic view. Control Panel>>Type UAC>>Click Turn UAC On or Off

 

[stash]

I think Microsoft went a little bit overboard on this UAC, there should be some way of adding programs to a Trusted Program List. There may be, but I have not found it.

There is not, because that would be a gigantic hole that malware would start using as a vector in very short order.

 

[Matthias99]

Originally posted by: stash

I think Microsoft went a little bit overboard on this UAC, there should be some way of adding programs to a Trusted Program List. There may be, but I have not found it.

There is not, because that would be a gigantic hole that malware would start using as a vector in very short order.

Since presumably you would need admin/UAC rights yourself to change the whitelist, why exactly would this be a security hole? Couldn't your virus/malware just disable UAC entirely right now if it is somehow running with admin priveleges?

 

[stash]

Since presumably you would need admin/UAC rights yourself to change the whitelist, why exactly would this be a security hole?

If you add foo.exe to the whitelist, all the malware needs to do is rename itself to foo.exe

You might be able to work something where the system compares a hash of the file, but it would probably not be a pleasant UX.

Couldn't your virus/malware just disable UAC entirely right now if it is somehow running with admin priveleges?

Maybe, but the point is, you need to click allow (or type in a password) for the malware to run elevated in the first place. If you leave UAC and the secure desktop switch on, the malware won't get elevated unless you explicitly tell it to elevate. Even if the malware spoofs the secure desktop switch, it cannot run elevated. Even if the malware somehow gets you to fork over your admin password, it still will not get elevated permissions.

 

[Matthias99]

Originally posted by: stash

Since presumably you would need admin/UAC rights yourself to change the whitelist, why exactly would this be a security hole?

If you add foo.exe to the whitelist, all the malware needs to do is rename itself to foo.exe

You might be able to work something where the system compares a hash of the file, but it would probably not be a pleasant UX.

Fair enough. It's definitely more secure as-is. Just a PITA if you frequently need to run something that has to have admin rights for some reason (although I hear Vista is a lot better in that regard.)

Couldn't your virus/malware just disable UAC entirely right now if it is somehow running with admin priveleges?

Maybe, but the point is, you need to click allow (or type in a password) for the malware to run elevated in the first place. If you leave UAC and the secure desktop switch on, the malware won't get elevated unless you explicitly tell it to elevate. Even if the malware spoofs the secure desktop switch, it cannot run elevated. Even if the malware somehow gets you to fork over your admin password, it still will not get elevated permissions.

What I meant is that if you're fooled into giving it elevated permissions, it can just trample all over your system already. Being tricked into adding it onto a whitelist isn't any worse.

 

[Bluestealth]

Originally posted by: stash
I'm curious what sort of testing you do before you trust code from Microsoft.

I wait since that is all I am allowed to do really. I guess I could hammer away at it and see if I could break UAC myself but I haven't done anything like that since high school.

 

[Doom Machine]

ms has programmers like any other software company...they hire some of the best in the world, they have them from all over the world, theres huge resources they can pull

there is no perfect code, ms has to attempt to satisify everyone, so defaults and certain things are made for the mass.

you also have every single dumb@55 in the world tinkering not knowing what their doing and next thing you know their calling up support staff somewhere for help...the fewer people that use windows, the fewer problems there would be known

 

[stash]

What I meant is that if you're fooled into giving it elevated permissions, it can just trample all over your system already. Being tricked into adding it onto a whitelist isn't any worse.

Actually it is, because the system is designed so that it is extremely difficult for you to be fooled into giving a malicious process elevated rights. The secure desktop is spoofable, and there are ways for a process to get you to hand over your password, but the ONLY way that process can be elevated is if you click allow (or type a valid password) on a real UAC prompt.

Now you could make an argument that with the allow/deny UAC prompt for users in the admin group, a user might just blindly click allow. And you might be right. Which is why the overarching recommendation is STILL to run as a standard user for your everyday tasks. That's the goal with v1 of UAC, not to make a new security boundary (which as Mark Russinovich pointed out, it isn't), but to start to move the Windows world to where everyone runs as a regular user always.

 

[stash]

Just a PITA if you frequently need to run something that has to have admin rights for some reason (although I hear Vista is a lot better in that regard.)

Yes it can be a PITA with these types of apps, and Vista contains shims and registry/file virtualization to make this less common than it would be otherwise. But again, the goal of UAC is to get people to run as a standard user all the time. And part of that will require application devs to stop living in the past and learn how to write a good app. Vista has made it just about as easy and non-intrusive as possible, but the rest is up to the third-parties.

 

[Skeeedunt]

Originally posted by: stash

Since presumably you would need admin/UAC rights yourself to change the whitelist, why exactly would this be a security hole?

If you add foo.exe to the whitelist, all the malware needs to do is rename itself to foo.exe

You might be able to work something where the system compares a hash of the file, but it would probably not be a pleasant UX.

That (appears) to be how software firewalls like zone alarm and the like do it. Whenever a program gets updated, you get re-prompted to allow it access to the internet. (I assume it's a hash and not just a timestamp or something )

You could also only whitelist the full path, like C:\Program Files\alksjfa\foo.exe. As long as C:\Program Files was admin-only, it should be safe.

Of course, if MS just wants to discourage it's necessity in the first place... well, then, there ya go. Not that I'm against it or anything, just saying I'm not sure if there are really any barriers to implementing a whitelist-style setup like that.

 

[stash]

That (appears) to be how software firewalls like zone alarm and the like do it. Whenever a program gets updated, you get re-prompted to allow it access to the internet. (I assume it's a hash and not just a timestamp or something )

Don't get me started on how much worthless security theater that is. In that case, the malware's job is even easier. Even if ZA is using a hash (I have no idea), it's useless, since the malware can bet the farm that a browser of some kind will be whitelisted.

Now I think in Vista, if a malicious process piggybacked on iexplore to get through the Sooper Sekure outbound filtering firewall, it wouldn't be able to do much to the machine, because that process is still running at the lowest integrity level. But it should still be able to send whatever it wants out through your firewall.

 

[CaptainGoodnight]

Originally posted by: stash

Just a PITA if you frequently need to run something that has to have admin rights for some reason (although I hear Vista is a lot better in that regard.)

Yes it can be a PITA with these types of apps, and Vista contains shims and registry/file virtualization to make this less common than it would be otherwise. But again, the goal of UAC is to get people to run as a standard user all the time. And part of that will require application devs to stop living in the past and learn how to write a good app. Vista has made it just about as easy and non-intrusive as possible, but the rest is up to the third-parties.

I for one am glad that MS added UAC to Vista. Every current major OS does not give the default user admin rights. If your program does not work in Vista, it's the program vendor's fault, not Vista's.

I have been running as a LUA on Windows XP for the past 3 years and I am happy these changes are being made in Vista.

 

[stash]

Every current major OS does not give the default user admin rights

OS X does.