PaulDotCom mailing list archives
Re: UAC in Windows 7 more trouble then its worth?
From: "J. McCluggage" <j2mccluggage () adelphia net>
Date: Mon, 16 May 2011 22:04:47 -0400
By Microsoft's own admission, UAC was not meant to be a security feature but to help prevent users from doing stupid things and to make it easier to run a user as standard user (which is the real security benefit). If a user is running as a true standard user (and without ability to elevate themselves to an administrator), that makes UAC more difficult to bypass. Most UAC bypass exploits I have seen rely on the user running with dual tokens (full access and a filtered standard). The user is actually an administrator and will be granted administrator rights once they, or some process, elevates the rights. Unfortunately some mistook UAC to be the best of both worlds, and thought they could run as a local administrator with the protection of running as a standard user. That is not the case. Jody From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Michael Lubinski Sent: Monday, May 16, 2011 2:41 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] UAC in Windows 7 more trouble then its worth? +1 for the easier on support. I see alot of DEP + UAC bypass vulnerabilities so I'm not fully convinced on the overall increased security. On Mon, May 16, 2011 at 1:12 PM, Ty Purcell <TPurcell () ffin com> wrote: I see it as making things easier for support (if you are running your users as users only, not local admins.) I experimented with no UAC and no admin rights, it was a big pain to support. With UAC on, it was easy. We had a vendor that had a couple of products that did not work with UAC on. We told them to fix it, they cried about it, took 3+ months, but finally fixed it. I agree that it will be more secure, but what do others think?? Ty ----- Original Message ----- From: pauldotcom-bounces () mail pauldotcom com <pauldotcom-bounces () mail pauldotcom com> To: pauldotcom () mail pauldotcom com <pauldotcom () mail pauldotcom com> Sent: Mon May 16 12:22:12 2011 Subject: [Pauldotcom] UAC in Windows 7 more trouble then its worth? Hi everyone, We are upgrading from xp to 7 in the next few months. At the minute there is a few areas that concern me but I only want to voice my opinions at the right time and only for the fights worth fighting. In my personal opinion UAC will help make our systems more secure and is worth having even if it makes our jobs that bit harder. At the minute most stuff seems to work fine but there are a few pieces of legacy software that are causing minor issues. The guy that does our third line says it will create us a massive head and should be turned off. Can I ask do you have it turned on? is it worth having?? any other advise? Many Thanks _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- UAC in Windows 7 more trouble then its worth? Bah Jon (May 16)
- <Possible follow-ups>
- Re: UAC in Windows 7 more trouble then its worth? Ty Purcell (May 16)
- Re: UAC in Windows 7 more trouble then its worth? Michael Lubinski (May 16)
- Re: UAC in Windows 7 more trouble then its worth? Josh More (May 16)
- Re: UAC in Windows 7 more trouble then its worth? J. McCluggage (May 16)
- Re: UAC in Windows 7 more trouble then its worth? Michael Lubinski (May 16)