Your Thoughts On UAC

Does anyone actually use this because all i've read is that its best just to disable it

 

I use it, and have no problem with it. I've hear a lot of complaints about it, but for me its no big deal. I mean, how hard is it to type in a quick password every once in a while? It hasn't bothered me.

 

Absolute rubbish, waste of time, disabled within minutes.

 

I use it a work and home. It works well, people just like to cry about things too much and rip apart anything that MS does. Clicking through confirmation windows when new things are installed or certain control panel features are accessed should not be ruining everyone's day. This type of thing has been going on for a long time in other OSes as well.

 

Um, isn't that the Linux version? Windows version requires you to click "accept" every 20 seconds.

To be fair, is it MS's fault? Well, the design is a bit pants (can't say "yes, always allow this program or whatever this access") but also because it's never been there before a lot of existing software requires access that maybe it shouldn't need.

So... blame enough for both sides, but I feel since MS KNEW that programs needed root access a lot (more than should but) then they probably should have designed it differently.

 

What are you doing when you are clicking accept every "20 seconds"? Either you are installing something, or using some old software that needs to be updated.

 

If you set up a limited user account you will have to enter the admin password at the UAC prompt.

 

i use it. the only time i need to answer a question for it is when i move something into the windows folder or if i run a program i set to run as administrator i usually only see that message once every day tops

 

No. Software designed to need root access to work properly needs to be fixed. If MS just worked around it, that defeats the entire purpose of security. The apps needs to be fixed for the end user benefit.

And while on the topic, its generally a good idea to setup an Admin account and then run Vista from a User level account. Sure you need to type in a password every so often, however this type of security is simple and has been proven extremely effective by almost all Unix variants. People that run Windows commonly have a "Run everything as root/admin" mentality which is can lead to problems.

 

I agree with Ocellaris. I run XP from a limited account (i.e. without admin privileges). This gets you the security benefit, but it's annoying to have to do the "Switch users" process (i.e. log in as admin) to update software or tweak a control panel setting. I wish I had UAC so I could do an occasional update, install, or tweak without logging in as an admin user.

If MS should be blamed for anything, it's giving users admin privileges by default in prior versions of Windows. That's why some Windows software doesn't handle non-admin users very well.

 

It is best to have it enabled. That might be too annoying though, because of how MS implemented the feature.

Or with a little change in perspective, everyone (including MS) knows that a lot of Windows software currently does need root access.
So Microsoft has two options. Refuse to allow for this, or provide some kind of compromise (let me whitelist specific applications, for example)

If they'd done the latter, then people could actually use UAC some of the time.
Instead, they've gone with an all or nothing solution, which means that if you need to use software that doesn't behave properly, then yuo have to disable UAC for everything.

And apart from this, Microsoft's implementation is just crappy. It doesn't need to prompt the user as often as it does, it doesn't give enough information about what it is you're giving permission to, and asking the user to click OK has absolutely zero effect. Having to type in a password helps a bit, but everyone who's ever designed any kind of user interface knows that if you just ask the user to click ok, he'll do it without even noticing it.

It's effective under Unix, yes.
Microsoft's attempt less so, for the above reasons.

 

If you give people a whitelist, they are just going to stick apps on the whitelist, and software devs will be slower with the solution and just tell people to workaround it with something like "Technote #1: Add this app to the whitelist!" Devs had plenty of time with early builds of Vista to make sure their apps worked with the new system.

If you want to implement new security groundwork like this, the better solution for long term use is all or nothing.

If someone does not care about security, they can just turn off UAC as has been discussed. If they do care about keeping things tight, they should use UAC and user level accounts. Or, they can just run as Admin accounts and leave UAC enable so they only need to click "OK!!!" a bunch of time to do anything. This is the grey area. For the system to be effective, people have to use it, and sticking it right there in front of people gets them to use it, hopefully at least consider their security measures a bit before they disable it.

 

One more thing before I get off the soapbox for a while. If any app is not playing well with UAC, chances are its not playing well with other areas of Vista as well. A lot of software was allowed to operate poorly for a significant length of time. New Vista changes to Registry access and Vista file virtualization can screw up apps too, however people do not notice those since they only take note of the annoying UAC window.

 

I disabled UAC.

However, I do find UAC amusing.

Windows Vista is different from Windows XP in that while you may be the administrator on the box, not all programs nor subprocesses will run with administrator rights as they did in XP. In theory this is a good thing as application programs do not need full access to the operating system functions. Mainframe operating systems have had this facility since the 1960's, and it is about time Microsoft reinvented the wheel and implemented it. Anyway, in this initial incarnation of Windows Vista, a program can be identified as needing full administrative rights by finding the program and telling it to "run as administrator". This only needs to be done one time. You can usually just find the executable program, which is probably under Program Files somewhere and right-click on it and tell it to run as administrator.

 

Yeap, which is where I don't bother using Vista because nothing is ready for it. I'm not saying UAC is a terrible idea or anything, but UAC was implemented badly to help users transition from XP to Vista.

Because of various pieces of software that I have to use I will NOT use Vista because of this (and other reasons) until the makers upgrade the software, and even then it's unlikely they will do it for free, so I'm not sure I should bother.

 

As I said in a different post, it simply doesn't *learn*. For all this talk about a "smart" OS that learns the user's habits and whatnot, UAC doesn't even seem to have a cookie's worth of memory. If you try to open, say, advanced system properties - this isn't a 3rd party program, by the way, this is just system properties, as has existed for decades in Windows - you'll be prompted. Enter your password. Try to access ASP again, and you'll be prompted - whether you try *three seconds* after the last time you accessed it or three days after. When trying to do anything remotely involved, this becomes more than an annoyance, but completely unacceptable.

It's like trying to surf NBR through a browser with no memory, requiring you to sign in with each refresh, with each post, with each click.

Until developers correct some of the most fundamental things wrong with UAC, it won't have a chance of "protecting" the overwhelming majority of computers it's on, because it'll be disabled before people even get to the point where they install *programs*.

 

However, I must say I applaud Microsoft's ability to get people acclimated to (and even defending!) more and more intrusive "features" with each edition. If Windows 7 comes with PAC (a security measure, pirate access control, requiring users to transmit a hash of their computer's serial code and an index of every file on the hard drive to an MS server every hour, on the hour, in order to keep the computer from locking down and requiring phone re-activation), I'm sure there'll be people happy MS is taking steps to secure Win7, and telling everyone they've had no trouble dealing with PAC on an hourly basis.

It's like a constantly-lowering limbo bar, and people are lapping each restriction up as a step forwards. Soon people won't remember the days when you didn't have to type your password into Windows every half hour to be able to do things. And maybe when a harsher version of PAC comes along (it *already* exists in Vista, with the 6-month corporate server-check-in requirement), people will forget the "good old days" of Vista, when you only had to prove you weren't pirating software every 6 months, instead of every 24 hours.

 

You know on my desktop I just configured Vista to work just the same way that I had Vista working (IE my account is an admin account) and I found UAC incredibly annoying because every time I tried to do something it was always asking me for my permission and such. However, on my laptop where I actually created an admin account AND a user account I find UAC to be far less annoying. Of course, I'm not tinkering with my software as much on my notebook since I just had to install a few programs to get the functionality I needed

 

Yep, pretty much that.

 

I deinstalled all the HP boatware and disabled much of the Vista "security", replacing it with "better" software.

 

Maybe it's just me but I find the above post immensely funny. If no one even bothers reading the dialog why should Microsoft put more information into it?

 

I'm new to Vista so take this FWIW...

I just got my laptop so I disabled it while I install my software and spend a couple weeks tweaking the system to my liking. After that, I'll probably reenable it because I don't mind clicking a prompt every once in a while...

However, I don't run any anti-virus or anti-spyware programs in the background. Nor have I for at least the last two years and I've never had a problem. I try to be conscious of what I'm doing online. If I see a suspicious email I google the text... if I see an attachment from someone I don't know its deleted... if its from someone I know then I save it to my desktop and examine it. I don't visit warez or porn sites and I don't click "accept" or "yes" on every dialog I see on the internet.

Obviously these programs are needed because the vast majority (present company excluded of course) of internet users are clueless and need norton to hold their hands...THe AV companies get a huge benefit scaring the bejeezus out of everyone.

 

That sums it up pretty well. If it were like my firewall, which asks stuff rarely and lets my programs start up without a prompt, at least after I whitelist it once, it wouldn't be a problem. But it asks all the time. And it prevents some stuff entirely, such as saving files in certain locations. It's not worth the trouble. Disabled. I had a poll on this a few weeks ago; 60% voted Cancel instead of Allow.

True, I do have a "Run everything as root/admin" mentality. But stuff just works better that way. I find it incredibly frusterating to work on a regular account on network computers and not be able to do stuff such as searching for files. And third-party security software does a good enough job without any degrading user accounts.

 

I have UAC enabled, and I do not think it is that bad.

When I was installing applications after clean Vista installation, I turned UAC off. After I have all my applications installed, I turned it on. I probably have to click on Yes or No a couple of times per day now, but definitely not all the time. It is fine with me.

 

And that's my other issue with it (too) is that it disallows some things without telling you, or without asking.

 

I never encountered a point where UAC silently disallows somethings without prompting, but it certainly was disabled after 10 mins of playing around with my laptop. I can't stand the fact that almost performing any action request me to click ok. I can see where MS is trying to go with this given that there are numerous complaints and commercials showing how insecure windows is, but I think MS has taken a negative approach to this rather than a positive approach.

I'd say a positive approach is to make the platform with less flaws and holes on the first run rather than sending over a million patches after their first release with Service pack 1,2,3... They should've considered that over clicking "ok" to every action cause even if it was a virus or a "bad" software, the user would've just clicked ok and it would execute anyways.

But then again, microsoft can safely get away by saying "you allowed it, not us".

 

"You have come to a sad realization. Cancel or Allow?"
".....allow."

On a serious note, for those who get annoyed with UAC dialogs popping up you might want to check this out: Tweak-UAC. I haven't tried it myself since I don't have Vista (yet), but here is what it does:

Hope this helps!

 

I think most of the users in here are inherently biased, and not because you're necessarily consciously biased. Rather, I'm talking about the fact that most of us here are computer enthusiasts, with above average or significantly above average knowledge and skills. As such, we tend to mess around with our computers a lot more than the normal user. This is why we get "heckled" by UAC. Also, people setting up new systems (as many of us do here, with new laptops) will invariably come across UAC as they change system settings and install new software.

The average user, doing daily tasks, will almost never come across UAC. Hell, even I barely see the notification in normal usage, and I mess around with my computers in my spare time so much it's almost pathological. For the large majority of users in a large majority of usage scenarios, UAC is simply not a problem. Microsoft's recommended setup (one or more standard accounts for normal use, one administrator account for system configuration, and UAC enabled) is by far the most secure way to set up Windows.

Yes I hated (and disabled) UAC at first, but as time goes by and there's less need to diddle around with system settings, it becomes less and less of a factor. I now have UAC re-enabled and run under a standard account. Even those who are still annoyed with UAC have to acknowledge that MS is finally doing something to help make computers more secure...granted things that have been done in Unix and Linux and other OSes for years, but with nowhere near the market penetration of Windows.

 

Exactly, for the average user that aren't constantly loading or tweaking progrmas and settings, UAC isn't that big of a deal.

 

im not an average user i have it enabled true its implementation is to overzealous but i dont mind that i use and admin account and having to press and extra ok or two per thing i do is not that much of a problem. i still play to much games that i can't get to work through wine/cedega to fully migrate over to linux. and if mister paranoid delusions (minimalism) ever where to be right on his point of PAC i will move full time no matter what. but i honestly dont think it will go that far