PC World Forums: Vista's Despised UAC Nails Rootkits, Tests Find - PC World Forums

Post your comments for Vista's Despised UAC Nails Rootkits, Tests Find here

uh huh huh huh. cool. at least vista does, uh, something useful. uh huh huh huh.

From Day One, I've had a number of problems with Vista -- mostly with having to reinstall it, and with occasional hangs and blue screens... BUT I've never ONCE minded having to click through the UACs... I've NEVER really understood all the FUSS about it... It's for OUR protection, and it's usually not all that much of a hassle -- just an extra click or two... Discovering NOW that it's actually the VERY BEST defense against rootkits is FINALLY something rewarding to the "Vista Experience," as up until now I really didn't know if there truly WAS a surefire defense against Rootkits.

I feel fairly well defended against Viruses, worms, Trojan horses and so forth with my virust and firewall software, and now that I know Vista's UAC is actually REALLY DOING SOMETHING other than being annoying to keep rootkits at bay, I feel even better... Not smugly so, but better.

I have always considered UAC as 2nd best feature in vista butthe bad thing is that it is often disabled by most people. I always keep it ON.

Does this study mean they ran both machines at admin level?
If they ran both in user level, would the rootkits install?
Glad to see a positive report on Vista, unfortunately UAC is the first thing people want turned off.

UAC protects you from unknown threats. It's the best defense out there. I do not recommend to turn it off.
But if you want to Customize it's settings and maybe turn it off.
Use WinBubble.

I just received this article and it makes me feel good about my decision to always have UAC turned to ON!

A lot of people complain about having to deal with all the prompts... but it never bothered me one bit.

"Glad to see a positive report on Vista, unfortunately UAC is the first thing people want turned off."

YEP, and therein lies the problem, RNR19952. People are care so much more about a little inconvenience than they do about their system security... SOME OF US gave Vista the benefit of the doubt on that little issue and it turns out we were right to do so... I just CAN'T understand the unreasonable level of impatience and abject STUPIDITY demonstrated by so many people going out of their way to disable UAC (or find someone else to do it for them) just because it requires an extra click here and there, when it was just a matter of time and waiting and seeing to determine whether or not it was worth the bother. I just DON'T SEE IT. Those few extra clicks have never been anything more than an extra second or two here and there... Those must be the same folks who think it's too much trouble to use a TURN SIGNAL before they suddenly slow down to make a lane change or turn in front of you!

If they get infected, they asked for it.

Jeff

The problem with "UAC" isnt the basic concept of user-level, verses Admin-level, system-rights ("Unix" has used it, very successfully, for literally decades)... The problem is Microsofts implementation, and the underlying framework, within "MS-Windows". Because of the slap-dash, fragmented, way that "Windows" is structured, and works (along with the bolted-on after-thought of "UAC") a single administrative-operation can call numerous processes that all have to, individually, be given admin-permission to run. Thats where "UAC" falls down, both in the "user experience", and in the basic design department. And, Microsoft is either unwilling, or incapable, of effectively resolving this issue.

raife1 said:

I agree with you but the number of UAC prompts for a particular task needing admin consent has been reduced very much since SP1 came out and msft have succussfully corrected UAC annoyance in SP1. A particular task which could take upto 4 uac prompts before Sp1 now takes only one.

PLEASE... I would like to hear from people in the business that think UAC is "security" It's about a mind numbing as those stupid prompts that ask " are you sure you want to exit" This is the first report on UAC that actually states it does something, besides annoy someone with an IQ over 80. I would think it is about as useful as my TV asking me "are you sure you want to change the channel". If your running in user mode how is anything getting installed? That's what I want to know? And obviously our antivirus, antispyware products are seriously lacking protection, if your protected by an "are you sure you really want to do that" prompt.

piyushsingh is correct. The problem is UAC (like most Firewall software) depends on the user to know whether to give a UAC permission to continue. The rootkit test in this article succeeded because it is computer professionals testing a known issue. The average user would very likely allow these rootkits right on through, even with UAC. I have found even with firewall request it can take quite a bit of time to research a request for a process wanting Internet access or system permissions. Most users will not take this time. Most users do not even know how to do this. I feel the industry needs to find ways to dev software that depends less on the user to make that decision.

I don't know what's the big deal about UAC one extra click never bothered me i actually read the UAC prompts too, unlike most people.but alas, people seen to be more in a hurry these days...

woah did i just read that right? "Only three of the 17 AV tools for Vista managed to both detect and successfully remove them, F-Secure Anti-Virus 2008, Panda Security Antivirus 2008, and Norton Antivirus 2008" Norton? Yea, I'm not regretting my purchase of symatec software anymore

I very MUCH agree with you, stbpw, that Microsoft needs to develop something that requires MUCH LESS user knowledge than a simple "click-through," yet UAC is still better than nothing at all.

As for RNR saying most users will just click through EVERYTHING, so UAC is essentially useless, I disagree, although I DO find it somewhat bothersome in some areas. For instance, I have a system monitoring utility installed through Iolo System Mechanic that automatically loads at system startup. Vista doesn't want to recognize this as a legitmate startup program, so it blocks it EVERY TIME I restart... If I choose to leave it blocked, Vista ANNOYINGLY reminds me with popups every few minutes, like, FOREVER until I finally click to allow it to run, which THEN requires TWO CLICKS to get through UAC... I haven't yet been able to figure out how to either get Vista to validate it so it'll quit blocking it, OR how to uninstall it from my startup list, so I just put up with it.

But here's the rub... WHEN I'm doing things INTERNALLY, ON the computer, and I click something and Vista throws up a UAC, well maybe it gives me a bit of pause to think or maybe it's just a bit of annoyance... BUT, sometimes I'm at a website and I go to download a video or something I want to watch, and if UAC pops up and I haven't even CLICKED anything, then THAT gives me GOOSEBUMPS, and I stop and take a VERY LONG LOOK and think about it, and I've been known to cancel some of those... It's cases like THAT where UAC can come in VERY handy, and I think even the AVERAGE IDIOT could figure out that even though UAC might be a nuisance most of the time, when it pops up while they're in the middle of viewing something on a website, it MIGHT BE TIME TO STOP AND TAKE NOTICE.

Of course it tries to block EVERY Active-X, but then XP did, too, without you doing a validation... Sometimes those Active-Xs are VALID, like when you're doing an online virus scan direct from the Symantec website, or something, but in THOSE CASES the website usually TELLS YOU you'll get an Active-X warning... Then again, if it's something like a "free-porn" site and they warn you you MIGHT get an "Active-X" warning and "not to worry about it," I'D BE WORRIED.

Jeff

If you understand why UAC does what it does you would actually appreciate it. I would be concerned if I make a change to my system that requires administrative access and it doesn't prompt me. The reason people hate UAC is either they don't understand it or they are really, really lazy. Of course they are the same people who never knew there 98, 2000 or XP machines were bots for some hacker anyway.

If you use Linux or Mac and set it up properly you get similar prompts. I am the Information Systems Security Officer for a bank so I am responsible for making sure systems are configured correctly.

I have to agree with others about the usefulness of UAC, especially in stopping web installation of unwanted junk. I have had that sense of relief at least a few times when something unexpected has tried to install itself and the UAC warning pops up. I can handle the increased number of "annoyances"/clicks if it means being safer in the long run. Who knows how many of those too "lazy" to deal with UAC prompts are now in somebody's bot net? Increased security always means some loss of freedom be that in the virtual world or real world.
The question anyone must ask themselves about security is: How much freedom are you willing to give up and are the risks worth it??

OUCH! Ben Franklin just rolled over in his grave....

The question anyone must ask themselves about security is: How much freedom are you willing to give up and are the risks worth it??

>> I have to agree with others about the usefulness of UAC, especially in stopping web installation of unwanted junk. I have had that sense of relief at least a few times when something unexpected has tried to install itself and the UAC warning pops up...



Uhm... you do know that Web-sites should simply not be able to install "unwanted junk", within an OS, at all..? These are called "drive-by downloads", and are primarily due to Microsofts long-standing design-priorities, marketing, bundling, and coding, practices (which, in truth, still havent really changed). These are one of the most serious security problems within all Internet-aware (I.E. integrated Microsoft middleware-applications) versions of MS-Windows (clearly, this also includes Vista). So, it does not, actually, validate VISTA "UAC" as an appropriate security-methodology. Put bluntly, the security-holes (that Microsoft created) are still there, and "UAC" is simply a band-aid on top of the real, deeply-inherent, problems. And frankly, Microsoft still seems to be producing the least secure OSes (both statistically, and practically). In fact, a far superior way to avoid such system-compromises, while surfing (according to numerous government, and private, security agencies and institutions), is actually to use any of the popular, non-Microsoft, browsers (this actually tends to eliminate about 99-percent of such security-threats... before, a user even has to worry about unauthorized access to their system).

I didn't see ESET Nod32 mentioned, and I would venture to guess they would score very high on a test like this. I am just not sure why this product keeps getting overlooked, even after the highest marks on independent testing entities. shrug oh well. keep using bloatware, cough norton cough

z0iid said:

hello [~155128]

If you browse through a few discussions in the privacy & security section , you will quickly notice that most of the regular pcw forum members dont recommend norton. Here also , among the premium AV services nod32 is considered the best. So its not that its being overlooked.