Bink.nu Services

Subscribe to our feed 
Alerts 
 


Order Now!

Windows 7 for XP Professionals
Updating Support Skills from XP to Windows 7
by Bink.nu's Raymond Comvalius

Who is online

There are 79 guest(s) online.

There are 0 member(s) online.

Sponsors



Popular Tags

Why you shouldn’t turn off UAP in Windows Vista 5270
Posted by Steven Bink December 27, 2005 11:24 AM with 8 comment(s)
Filed under:

Lately in the newsgroups for the Windows Vista beta and a number of different online forums people are disabling one of the key pillars of Windows Vista’s increased security, UAC (User Account Control) formerly UAP (User Account Protection). 

This is really rubbing me the wrong way as it is ultimately going to hurt this technology succeed. Plus, it will undermine the effectiveness of much of the testing these individuals are doing on Windows Vista.  Not only is how to do this making its way around the beta audience, but now even the main stream tech sites like bink.nu are advertising how to do this. (Ryan you bad boy![:O])

Without this technology you are losing a large part of the security value adds for Windows Vista.  You instantly lose the ability to do Protected Mode Internet Explorer which one could argue is the major attack vector for today’s malware.  You lose Protected Admin which, it seems many admin’s are not too fond of but it helps protect us from ourselves.  You can say you don’t need this, you’re too good to make a mistake like some common user, but you are fooling yourself. 

The sad truth is that Malware is getting far more sophisticated and soon even the well intentioned and educated admin will end up with malware on his system and probably from an unlikely place.  Take Mark Russinovich’s recent experience with a rootkit on a Sony CD, I can’t think of anyone I know, that knows more about Windows and he still got a rootkit on his machine, that just scares me.

[Counter-Argument]: Alternatively, Microsoft should see this as feedback to the effect that they need to make UAC less obtrusive. If people are looking for a way to turn it off, you've got to ask the question 'why?', and try and rectify the source of the problem, not just moan at the resultant. - Andrew.

Continue At Source

Read also his update
Send via e-mail | Submit to Digg | Add to Live Favorites
4397 Views
Source: windowsconnected.com

Comments

 

ericd said:

Why nag about this feature in the forums, You do not have to test this beta. we are all people who know how to use computers (i assume) we are also testing for the people who do NOT know this.... ( adn still have an admin account because they do not know how to be NOT an admin....

December 27, 2005 1:28 PM
 

bear_luke said:

Yes, UAP is a very cool feature and I think only stupid people disable it.
December 27, 2005 2:25 PM
 

xMorpheousx416 said:

[quote]Yes, UAP is a very cool feature and I think only stupid people disable it.[/quote]

Your opinion is as valued as the next when it comes to seeing how people feel about technology, but I'd appreciate you keeping the name calling back in the 2nd grade.

[quote]You instantly lose the ability to do Protected Mode Internet Explorer which one could argue is the major attack vector for today’s malware.[/quote]

Seems that comment justifies that even he doesn't know...completely.

[quote]Take Mark Russinovich’s recent experience with a rootkit on a Sony CD, I can’t think of anyone I know, that knows more about Windows and he still got a rootkit on his machine, that just scares me.[/quote]

Mark may know Windows, as I am sure many out there do...but that is an attack from Sony, using different technology, using a strategy they (Sony) knew would get right into the machine using the front door because many were not expecting that well respected company to take advantage of it's customers like that.  Don't compare apples to oranges.  Malware is easy to keep off your machine once you've experienced enough of it to get a firm grip on how you use your machine.

[quote]Without this technology you are losing a large part of the security value adds for Windows Vista.[/quote]

Each and every time, Microsoft comes out with a new technology to help protect it's users, it's been only one way: 

Use it, or else.

No choice, no options...and the technology itself is so hyped to be regarded as "platinum" code, worshipped beyond all....when it turns out to be more of a hassle having the software running in the background, as well as becoming the first in the wave of attacks from malware writers. 

Bottom line:  I use Windows...but I have, and never will...trust Microsoft to protect me from the internet...or from myself.
December 27, 2005 5:31 PM
 

hiwaystar said:

well said xmorpheousx416 I'v not trusted microshaft in years to do anything on the internet I just boot into linux and go. No malware No virus I do run a antivirus for linux but its never found anything. Its sure is nice to know there is some good OS's out there.
The only thing i use XP or as we call it at my shop , Xceptionally Pathetic is to play games its great for that. Hosta la Vista will be the last of there junk[:#][:#][:#][Y]


December 28, 2005 1:59 AM
 

xpclient said:

Security is inversly proportional to functionality unless implemented properly.
December 28, 2005 5:51 AM
 

michielonline said:

It's a BETA for crying out loud!

This is the first build in which UAC was over the top, this is what beta's are for: to learn from users what they do and don't like and how it behaves in real life. Let's wait until the january CTP/final product before we start selling our stock, OK?
Or the "I've never had a virus on my *nix box" crap for that matter.
December 28, 2005 8:10 AM
 

DavidRa said:

From the followup comes the news that "some Control Panel items cannot be run elevated using the Control Panel window". So the current supported way of running these control panel applets is ... figure out the .CPL filename and run it from an elevated command prompt.

If you're on the beta, bug this. Also bug any other internal application that requires elevated privileges but does not either display the ConsentUI (when logged on as an Administrator) or the RunAs UI (when logged on as a non admin).

Also check the Windows Group Model (it's broken at the moment). User > Domain Admins > Administrators had no admin rights in the last build i tried - where is the group model?

December 28, 2005 8:11 AM
 

swen said:

DOWNLOAD Windows Vista build 5270: http://windows.czweb.org/491_HTTP_DOWNLOAD_of_Windows_Vista_build_5270
December 28, 2005 8:08 PM

About Steven Bink

Founder of Bink.nu
Powered By IIS 7 Powered by ASP.NET
Bink.nu 3.0. Copyright © 1999-2010 Steven Bink. All Rights Reserved.
Microsoft and Microsoft logo's are trademarks of Microsoft Corporation.