Linked by Thom Holwerda on Tue 18th Sep 2007 19:58 UTC, submitted by Adam S
Windows "Before I launch into my tirade, I need to make a confession. I like Vista. I use it daily, but I also use it with the full knowledge that it's a pre-service pack 1 OS from the boys in Redmond. That necessarily means it will have glitches, bugs, and annoyances. That's a given. I'm willing to put up with all those headaches. But there were several things I was really looking forward to in Vista that are simply missing in action or broken. These are features I'd really hope would improve my productivity and make life a little easier."
Permalink for comment 272599
To read all comments associated with this story, please click here.
RE: Vista isn't bad, just boring...
by makfu on Wed 19th Sep 2007 16:35 UTC in reply to "Vista isn't bad, just boring..."
Member since:

"UAC is another thing that I quickly turned off, it's easily one of the most worthless and irritating 'features' I've ever encountered in an OS. Of course protecting users is important, but constantly nagging them with virtually meaningless messages is an utterly stupid was of doing it. After a while I think most people are just going to stop reading them and click OK no matter what. Still, it's not really a big deal as it's easy enough to get rid of this nonsense. "

UAC is NOT just about the prompting. In fact, the requests to elevate are of only minor benefit. HOWEVER, that applications that do not require elevation are running with least user privileges and lower integrity (in the MIC model) IS THE BIG WIN!!! Let me repeat that: Running IE, FireFox, Word, mIRC, MSN messenger, AIM, GAIM, Outlook, Eudora, Adobe Reader, etc, etc, etc, as a standard user BY DEFAULT is the BIG WIN with UAC.

If you disable UAC, and you keep your account in the local admins group, the security token generated for each of those processes you launch is now running with God privleges and high integrity. This is bad. Period.

Example scenario on XP or Vista with UAC disabled: I run “superduper IRC client”, which it turns out has a buffer overflow problem when parsing certain IRC output and as a result is a target for an automagic remote code exploit (yes, this has happened). Since I, the script kidiot on the other end of the exploit now has control of that process (via the injected payload), and that process is running with NT Administrator (God/root/etc.) privileges, I can embed all kinds of terrible things in the payload code, such as cross-process code injection (via debug facilities), loading a kernel mode driver, disabling malware protection, and patching the kernel (and don’t believe for one second your anti-malware software will mitigate because it most certainly is the first thing to get nuked). With UAC enabled these automatic silent attacks ALL WOULD FAIL and your machine would stand about 99% better chance of not getting owned.

Also, when disabling UAC, you also disable IE protected mode which runs IE with low Integrity, which prevents iexplore.exe from writing to files/registry entries belonging to your profile which even prevents profile hijacking when running with least privilege. A good example of this is how IE 7 with PM and UAC enabled protects against attacks leveraging flaws such as the animated cursor exploit. While the vulnerability existed in Vista, it was mitigated by IE7 Protected Mode because the MIC model wherein IE7 runs with low integrity, and communicates with higher integrity components via a broker process, protected the profile and shell components from this attack preventing profile based malware infection.

Understand that you can do EVERYTHING RIGHT from a user standpoint (e.g. not downloading suspicious apps, running AV, etc.) but you can STILL get owned through no fault of your own. Running your processes with super-user privs is equally dangerous on EVERY platform. So, for your own sake and others, leave UAC on and just live with the freakin prompts.

Reply Parent Score: 3