Windows 8 and 8.1 Forums


Another question about UAC...

  1. #11


    Quote Originally Posted by jtmzac View Post
    This is what I was referring to as a bad thing. For the informed it's just a pain to have to install then upgrade but the average consumer might lose or throw out their copy of the old os which would obviously cause problems if something happened.
    This isn't any different than in the past, if you are upgrading an OS, you need a a previous OS. People have to be smart enough to not throw away their old OS if they purchase an upgrade. Else, they should buy a retail copy that is a full install.

    Quote Originally Posted by jtmzac View Post
    Windows doesn't quite treat people like they're intelligent. If it did it would respect that there's people like me who want to run the os without confirmations everywhere and there would be more options to make it power user friendly.

    You do however make some good points but your examples get a bit out there and really depend on your point of view. How someone uses their computer will vary a lot person to person. I'm very aware of what I do on my pc and I'm the only one who uses it.

    If the programs and files you use/download are trustworthy there's no need to restrict them and make the user confirm their security and what they can do.

    If you are careful and watch what you use and download you are preventing nearly all possible threats. The user is the main preventer of viruses/malware ect. not security software or uac.
    I have to agree that you are missing the point. The point is not to "prevent" or "warn" you that an administrative task requires elevated priviledges. The point is that if you are running something like Firefox, or IE, and you stumble upon a maliciously crafted website that takes advantage of an exploit and wants to elevate to admin privs, you would get a pop-up warning which you would hopefully stop you in your tracks and make you question why your web browser needs to elevate to an admin. When you turn off UAC, you simply allow that malicious thing to execute and you put yourself at right.

    You can fool yourself into believing that everything is safe, and common sense and being computer savvy will prevent you from ever experiencing a problem...but experience tells me otherwise.

    Out of curiosity, how often in a day are you forced to deal with a UAC prompt? I rarely ever see them.

      My System SpecsSystem Spec

  2. #12


    Posts : 15
    Windows 7 Ultimate 64bit & Windows 8 RP 8400 64bit


    Quote Originally Posted by pparks1 View Post
    This isn't any different than in the past, if you are upgrading an OS, you need a a previous OS. People have to be smart enough to not throw away their old OS if they purchase an upgrade. Else, they should buy a retail copy that is a full install.
    I know it's the same I was simply saying that the more enticing pricing would cause more people to buy upgrades and more instances of the problem I mentioned will occur.

    Quote Originally Posted by pparks1 View Post
    I have to agree that you are missing the point. The point is not to "prevent" or "warn" you that an administrative task requires elevated priviledges. The point is that if you are running something like Firefox, or IE, and you stumble upon a maliciously crafted website that takes advantage of an exploit and wants to elevate to admin privs, you would get a pop-up warning which you would hopefully stop you in your tracks and make you question why your web browser needs to elevate to an admin. When you turn off UAC, you simply allow that malicious thing to execute and you put yourself at right.

    You can fool yourself into believing that everything is safe, and common sense and being computer savvy will prevent you from ever experiencing a problem...but experience tells me otherwise.

    Out of curiosity, how often in a day are you forced to deal with a UAC prompt? I rarely ever see them.
    I disagree. I very well understand the point. But I've been running windows 7 for 5 years on minimum UAC with ownership of ALL files including all the system files and never had an issue.

    I've never had a virus or malware on any of my computers and I'm very confident in my ability to navigate the net and watch my downloads carefully enough to prevent problems.

    As for how often I see UAC prompts, I have no idea. It's been a very long time since I turned it off in windows 7 and I turned it off in windows 8 as soon as I saw it. How intrusive it is really doesn't matter anyway. No matter what others think to me it's just pointless having my computer asking for confirmation for no reason.
      My System SpecsSystem Spec

  3. #13


    Quote Originally Posted by jtmzac View Post
    I disagree. I very well understand the point. But I've been running windows 7 for 5 years on minimum UAC with ownership of ALL files including all the system files and never had an issue.

    I've never had a virus or malware on any of my computers and I'm very confident in my ability to navigate the net and watch my downloads carefully enough to prevent problems.
    About a year ago, a coworker of mine, a solid IT guy, was searching Google for Exchange Server issues. He hit a link, and wham...a porn pic popped up, windows started opening and closing and then the computer just shut off. It was heavily infected with malware, and after about 2 hours of us working together to rid the problem, we finally through in the towel, formatted and reinstalled. Now, UAC wouldn't have stopped this either, but my point is that no matter how confident you are in your abilities and how safely you navigate the web, all it takes is 1 infected web site and down you go.

    Just today at work, the girl sitting next to me called me over as a "rogue AV" scanner popped up and started scanning her box claiming she had all kinds of infections. She knew better than to continue, and immediately called me over. She managed to stumble upon a drive-by download site while using IE and picked up "System Progressive Scanner". More information on this malware can be found here: Remove System Progressive Protection (TUTORIAL). Fortunately, it was a piece of cake for me to remove, just boot up in safe mode, remove some run entries from the registry editor and her machine was back to normal. This got past our corporate firewall, got around IE9 security measures, bypassed our Trend Micro AV application. My point, she didn't get this because she was doing something idiotic on her machine, it just happened.

    Quote Originally Posted by jtmzac View Post
    As for how often I see UAC prompts, I have no idea. It's been a very long time since I turned it off in windows 7 and I turned it off in windows 8 as soon as I saw it. How intrusive it is really doesn't matter anyway. No matter what others think to me it's just pointless having my computer asking for confirmation for no reason.
    It's your choice. I find value in the system and leave it enabled. I probably see it once or twice a week. I feel it's a very small price to pay for the potential of saving me from a problem. I also generally use standard user accounts on a linux box and run sudo when I have to elevate. It's just something that I am used to doing and it doesn't bother me. Obviously others may feel different.
      My System SpecsSystem Spec

  4. #14


    Posts : 15
    Windows 7 Ultimate 64bit & Windows 8 RP 8400 64bit


    Quote Originally Posted by pparks1 View Post
    About a year ago, a coworker of mine, a solid IT guy, was searching Google for Exchange Server issues. He hit a link, and wham...a porn pic popped up, windows started opening and closing and then the computer just shut off. It was heavily infected with malware, and after about 2 hours of us working together to rid the problem, we finally through in the towel, formatted and reinstalled. Now, UAC wouldn't have stopped this either, but my point is that no matter how confident you are in your abilities and how safely you navigate the web, all it takes is 1 infected web site and down you go.
    Something like this is certainly a possibility but I'm willing to take the risk.

    Quote Originally Posted by pparks1 View Post
    Just today at work, the girl sitting next to me called me over as a "rogue AV" scanner popped up and started scanning her box claiming she had all kinds of infections. She knew better than to continue, and immediately called me over. She managed to stumble upon a drive-by download site while using IE and picked up "System Progressive Scanner". More information on this malware can be found here: Remove System Progressive Protection (TUTORIAL). Fortunately, it was a piece of cake for me to remove, just boot up in safe mode, remove some run entries from the registry editor and her machine was back to normal. This got past our corporate firewall, got around IE9 security measures, bypassed our Trend Micro AV application. My point, she didn't get this because she was doing something idiotic on her machine, it just happened.
    This falls into what I was saying before, sort of. Isn't it more likely that the user somehow triggered the event rather than a random piece of software just went through your firewall and the virus software? Either way like I said before its an acceptable risk to me. I must also point out that what I use the net for is downloading drivers, WoW, Skype and reading the occasional forums. I generally don't do any casual browsing and I stay miles away from social media. What I do is hardly high risk. I haven't seen one of those bad fake virus scans in years.

    Quote Originally Posted by pparks1 View Post
    It's your choice. I find value in the system and leave it enabled. I probably see it once or twice a week. I feel it's a very small price to pay for the potential of saving me from a problem. I also generally use standard user accounts on a linux box and run sudo when I have to elevate. It's just something that I am used to doing and it doesn't bother me. Obviously others may feel different.
    I would see it considerably more than once or twice a week if I had it on. I'm not sure how much though as my hard drives are messed up at the moment and I had the bad idea of using my windows live account with windows 8 which has caused other problems.

    I've grown up on windows and despise Linux after trying it a few times. I want quick and efficient. Using command lines all the time especially since I type quite slow isn't the way to go for me. If I feel like using a command line I'll just use cmd to shutdown my computer instead of using the batch file.

    It seems we simply have very contrasting opinions because you have experience in business IT where as I'm simply a personal user.
      My System SpecsSystem Spec

  5. #15


    Posts : 1,925
    Windows 8.1 Pro


    Quote Originally Posted by jtmzac View Post
    Windows doesn't quite treat people like they're intelligent. If it did it would respect that there's people like me who want to run the os without confirmations everywhere and there would be more options to make it power user friendly.
    The OS has to prove the most benefit for the most people. Microsoft DOES give you the ability to turn it off, but doing so carries some consequences. Much like if you decide to take out the airbags on your car.

    Quote Originally Posted by jtmzac View Post
    I'm very aware of what I do on my pc and I'm the only one who uses it.

    If the programs and files you use/download are trustworthy there's no need to restrict them and make the user confirm their security and what they can do.

    If you are careful and watch what you use and download you are preventing nearly all possible threats. The user is the main preventer of viruses/malware ect. not security software or uac.
    This is really my point. I don't mean to be insulting, but the fact of the matter is that you don't really understand the risks you're taking. The fact that you believe that because you're the only one using your computer means you're safe is illustrative of that.

    Have you ever heard of "drive-by" malware? This is where an attacker has compromised a server, and not just sketchy servers, but all kinds of servers from legitimate sites... and they trick the server to attack your web browser and install malware. Once installed, if there is no UAC or Browser sandboxing, then that code can run as the administrator and do things like install secret email servers, or turn your computer into a Tor node.

    What's so big about that? It means your computer could send gigabytes of spam messages, and could potentially get your computer blocked by your ISP, or rack up overage charges, or worse... have the FBI show up at your door and accuse you of distributing child pornography, or question you in regards to communications with Terrorists.

    That's not scare mongering. It happens. If you're LUCKY, they might just install a keylogger and get all your usernames and passwords and then drain your bank account.

    The thing is, if you understood how software works, you would understand that any software that communicates over the internet has the potential to be used for this sort of attack. Browsers, email clients, Media Players, Network based games... Anything that reads data from a server has the potential, if the programmer is not careful (and many times even if they are) to allow what's called "arbitrary code execution vulnerabilities". This means they send data in a format that is unexpected, which causes the parsing software to "crash" in a way that allows software written by the attacker to be executed by your computer.

    This code can then download other code and install it, typically stealthfully, using techniques called a "rootkit" that installs special software that hides itself from you (you can't see it in Explorer, or Task Manager, or whatever).

    UAC, and particularly the low-rights techniques are designed so that if and when a flaw in software is discovered, and used to attack you, it's mitigated because the software only runs as a locked down users and cannot install its own software or drivers to take control of your system.

    I will repeat this. It doesn't matter if you are "careful" and only go to places you trust. Those places can be compromised (and they have. Major sites have been found to be spewing malware). It doesn't matter if you're the only one using your computer. It doesn't matter if you think you know everything your computer is doing.

    If you take these risks, it's very likely that you will eventually be compromised. You may not even know it. Lots of people have malware on their systems for years. The well-designed malware can lay hidden, and doesn't expose itself by making your computer run slowly or causing strange behavior.

    I'm not saying UAC is perfect, and that it will prevent every possible situation like this, but not using it greatly increases your risks. It's basically as bad as using XP (and that's pretty damn bad).

    But i'm not going to argue. If you don't want to use UAC, that's perfectly fine. I just want you to know the risks... you say you know them, but from what you've said, it appears you have some misconceptions about what is and isn't safe. I also want to make sure you understand that when you disable UAC, it's not just UAC, it's lots of other things as well.

    Some people have to experience the consequences before they will take them seriously. I hope that's not you, because the possible consequences can be pretty nasty.
      My System SpecsSystem Spec

  6. #16


    Posts : 1,925
    Windows 8.1 Pro


    Quote Originally Posted by jtmzac View Post
    But I've been running windows 7 for 5 years on minimum UAC with ownership of ALL files including all the system files and never had an issue.
    How have you been running a 3 year old OS for 5 years? Even if you ran the betas, they were only really available about 6 months before the release (7 had a very short beta cycle).

    Minimum UAC? You mean you turned the slider down? That did not turn off UAC, that just turned off the warnings.
    Last edited by Brink; 17 Oct 2012 at 23:10. Reason: fixed quote
      My System SpecsSystem Spec

  7. #17


    Quote Originally Posted by jtmzac View Post
    This falls into what I was saying before, sort of. Isn't it more likely that the user somehow triggered the event rather than a random piece of software just went through your firewall and the virus software?
    Yes, she did trigger the event by using her computer. She was also using IE at the time and I think was researching shipping charges for overnight shipping something to a customer when it popped up.

    But this is my point, I'm also searching on Google for things that I need more information about. I click on the links which are returned to my searches. I visit forum boards such as this very board. I click on links that people post here to stories which seem interesting. I have no way at all to know what the end result will be clicking on these very links. Just because it's a site that I trust and recognize does not guarantee it will be safe 100% of the time

    Quote Originally Posted by jtmzac View Post
    Either way like I said before its an acceptable risk to me. I must also point out that what I use the net for is downloading drivers, WoW, Skype and reading the occasional forums. I generally don't do any casual browsing and I stay miles away from social media. What I do is hardly high risk. I haven't seen one of those bad fake virus scans in years.
    Well, you are aware of the risk and that is all that matters. You make it sound like you believe you are immune to the issue based upon your surfing habits, but you never know when that occasional forum will get hijacked and then hijack you. I see those random rogue AV drive by things about every 3-6 months either with friends or coworkers who get a popup.

    Quote Originally Posted by jtmzac View Post
    I would see it considerably more than once or twice a week if I had it on. I'm not sure how much though as my hard drives are messed up at the moment and I had the bad idea of using my windows live account with windows 8 which has caused other problems.
    It really comes down to the types of apps that you run. I have Windows 7 set at the default which does NOT prompt for UAC when I launch something that typically requires UAC. For example, right click on My Computer and choose Manage. That has the UAC shield, but since I choose that option, it didn't prompt me at all.

    The apps that I notice prompting for UAC for me include

    • Malwarebytes: I launch this probably once per month to scan..so no biggie
    • Acronis True Image Home: I launch this every 2 months or so to take an image...so no biggie.
    • Ccleaner prompts, but I don't use this with any regularity...only if I have a probem.


    The overwhelming majority of apps that I run everyday, do not prompt at all
    • Word, Excel, Outlook
    • Chrome
    • Microsoft Lync
    • VMWare Worsktation
    • Dropbox
    • Media Monkey
    • RDP client
    • Putty
    • Filezilla client
    • Windows PowerShell ICE
    • VMWare vShere client
    • Cisco anyconnect VPN Client
    • TrueCrypt
    • VisionApp RDP client
    • Sandboxie
    • Notepad++
    • IMGburn
    • BoxCryptor


    Quote Originally Posted by jtmzac View Post
    I've grown up on windows and despise Linux after trying it a few times. I want quick and efficient. Using command lines all the time especially since I type quite slow isn't the way to go for me. If I feel like using a command line I'll just use cmd to shutdown my computer instead of using the batch file.
    I grew up first with DOS and then moved into Windows. The overwhelming majority of my time up until around 1999-2000 was spent on Microsoft systems. I started learning and using Linux back then and use it a ton today.

    I'm very comfortable on a command line, and for many things, much prefer it. So much easier to write setup guides and documentation when you can provide a set of commands that people can simply cut and paste into an ssh windows...since they never have to type anything there are no typos.

    At my shop, we run a ton of web servers. It simply doesn't make sense to pay Microsoft licensing to run an MS server to run apache web servers. Instead, we can use Linux servers, running Apache and pay nothing. Same thing for our public FTP server, no reason to pay MS a server CAL and get the Internet Connector license which costs thousands, when I can quickly set up a CentOS box, running whichever FTP app I choose in a matter of about 5 minutes at no cost. My entire FTP configuration is 13 lines in a single file. I install the ftp server, copy in the 13 lines, restart the service and we are back in business. For me, that's super fast and efficient.

    For lots of other things, like domain controllers, and file servers, and Microsoft SQL Servers, and SharePoint servers, and Microsoft Dynamics and Microsoft Exchange...these are the best tools for accomplishing our needs and we utilize Windows here as well as on the desktop as it's the best tool for the job.

    Quote Originally Posted by jtmzac View Post
    IIt seems we simply have very contrasting opinions because you have experience in business IT where as I'm simply a personal user.
    Very true, and not trying to prove you right or wrong....just giving you the other side of the story in case you are interested.
      My System SpecsSystem Spec

  8. #18


    Posts : 15
    Windows 7 Ultimate 64bit & Windows 8 RP 8400 64bit


    Quote Originally Posted by Mystere View Post
    How have you been running a 3 year old OS for 5 years? Even if you ran the betas, they were only really available about 6 months before the release (7 had a very short beta cycle).

    Minimum UAC? You mean you turned the slider down? That did not turn off UAC, that just turned off the warnings.
    That was a mistake. I just got the year mixed up. I did have access to the 7 beta before the public release thanks to a friend anyway.

    I realise it's different. If the minimum UAC setting on windows 8 was the same as window 7 there wouldn't even be a problem. I have nothing against UAC, I just want to turn all the warnings/confirmations off.

    In regard to your longer post I understand it may seem like I am completely ignoring serious security risks and I am somewhat but not to the degree that you outline. You've provided me with information which I've taken under consideration but my opinion remains the same. I can see how much data goes in and out of my computer thanks to a gadget I use. As for my computer becoming a slave or the AFP (Australian federal police. It's our FBI) showing up at my door it's a risk that doesn't bother me. I should also point out I don't access bank accounts or anything that sensitive on this computer anyway.

    The main point is we have very different definitions of acceptable risk. Let's just leave it at that.

    Quote Originally Posted by pparks1 View Post
    Well, you are aware of the risk and that is all that matters. You make it sound like you believe you are immune to the issue based upon your surfing habits, but you never know when that occasional forum will get hijacked and then hijack you. I see those random rogue AV drive by things about every 3-6 months either with friends or coworkers who get a popup.
    I apologise if that's what you read from my comments because that's not what I meant. I understand the risks and wasn't trying to say that I was immune. I was simply saying that I have reduced risk because of my experience and browsing habits.

    Quote Originally Posted by pparks1 View Post
    Very true, and not trying to prove you right or wrong....just giving you the other side of the story in case you are interested.
    And I appreciate the effort. I'm all for the sharing of knowledge and experience in a discussion.
      My System SpecsSystem Spec

  9. #19


    Quote Originally Posted by jtmzac View Post
    I understand the risks and wasn't trying to say that I was immune. I was simply saying that I have reduced risk because of my experience and browsing habits.
    But what I am trying to say, is that the internet is a dangerous place and stuff happens to good sites all of the time. You certainly can reduce your risks by not visiting certain sites, but it's not possible to eliminate that risk entirely regardless of how careful you are. Unless you run Sandboxie or completely isolated within a virtual machine.

    It's a philosophical debate for me really. I hear people say that know exactly what they are doing and use common sense and that's all it takes. I personally have no ability to believe or trust in that. If I wanted to crack this website, and infect it with some or drive-by malware that would infect your machine just by visiting...how would you know that it would be unsafe to visit this particular site on the particular date that I made the change? Sure, for the previous year it was safe....but what about tomorrow.

    Thanks for taking the time to respond and keep the conversation alive.

    Quote Originally Posted by pparks1 View Post
    Very true, and not trying to prove you right or wrong....just giving you the other side of the story in case you are interested.
    And I appreciate the effort. I'm all for the sharing of knowledge and experience in a discussion.[/QUOTE]
      My System SpecsSystem Spec

  10. #20


    Posts : 15
    Windows 7 Ultimate 64bit & Windows 8 RP 8400 64bit


    Quote Originally Posted by pparks1 View Post
    But what I am trying to say, is that the internet is a dangerous place and stuff happens to good sites all of the time. You certainly can reduce your risks by not visiting certain sites, but it's not possible to eliminate that risk entirely regardless of how careful you are. Unless you run Sandboxie or completely isolated within a virtual machine.

    It's a philosophical debate for me really. I hear people say that know exactly what they are doing and use common sense and that's all it takes. I personally have no ability to believe or trust in that. If I wanted to crack this website, and infect it with some or drive-by malware that would infect your machine just by visiting...how would you know that it would be unsafe to visit this particular site on the particular date that I made the change? Sure, for the previous year it was safe....but what about tomorrow.

    Thanks for taking the time to respond and keep the conversation alive.
    I would have responded sooner but I was asleep.

    To continue the discussion, of course you can't eliminate all risk. It becomes a debate of what's an acceptable risk. The problem is that evaluating that isn't exactly simple as there is many different factors to account for. You have to take into account user's computer habits, where they're located and of course the chance that they might just be the person to get that 1 in a million virus.

    The problem is these many different factors would make it a lot harder to give statistical chances of problems being caused. At least something like vehicle crashes over a year in a country is pretty easy to measure. This leaves the definition of safe very varied depending on peoples opinions and personal experiences. This is very obvious when looking at the average home user where businesses and corporations usually employ and much stricter security regiment and follow a much stricter version of "better safe than sorry".

    Despite this being a digital issue it can still be compared somewhat to real life risk assessment for various non-digital issues. The problem is comparing the risk of something with statistics against something like the chance of a pc infection like I outlined before. I would like to think I have more chance having a motorbike accident than my pc being infected.

    All said though even with factors taken into account chance is chance and people's opinions of what's acceptable risk regarding chance is really the deciding factor in the matter.
      My System SpecsSystem Spec

Page 2 of 3 FirstFirst 123 LastLast
Another question about UAC...
Related Threads
Solved Question in Windows Updates & Activation
http://i57.tinypic.com/moraq.png Hey guys, recently, I've been getting this message, and I really need to know something before I take the step which is upgrading to Windows 8.1 Is it downloaded and ready for installation? Or would it just download the entire operating system as soon as I...
Hello all, I am trying to find a definitive answer to the question of mapping external hard drives. :confused: I have 4 external hard drives and would like to know if there is benefit in mapping them or not. Is there benefit in speed/response etc.... I do a lot of video streaming through media...
Another SD Question in Drivers & Hardware
When I put my SD Card in my Dell Inspiron desktop card reader slot it shows up as a laptop computer. Can I change the icon? The same card in my laptop first showed as a card drive with the card in or out and the SD legend above but that has gone now and shows an icon like a computer tower. ...
Hi, My question is, I just got windows 8 and installed it from a fresh installation, and I want to install visual basic 6.0, a messages comes up that says (do I wont to enable 16-bit applications, and the other says or disable 16-bit applications, What do I need to do to install this should I...
Solved OEM Question in Installation & Setup
If this is reposted, I'm sorry. Ok, so I own a Samsung laptop with Windows 8 (Not pro) and I have a Pro DVD. I want to upgrade to Pro, but what if I want to downgrade to OEM (Regular version)? I don't have a Samsung DVD for OEM, and I know that there's a feature to upgrade without DVD. So, how...
One question.. in General Support
One question.. Is is possible to get more Login options in Windows 8 Versions? The current ones are Picture Password, Code and a usual Password.. Is is possible to get more? Thank you Shon John Xander
Question about sig in Chillout Room
Hi pals ! just joined eight forum. Feeling nice . But I can't understand hou to put my sig :( Anyone please help me ?:)
Eight Forums Android App Eight Forums IOS App Follow us on Facebook