https://blogs.msdn.microsoft.com/oldnew ... 0/?p=94105
I'll try to set mine to maximum level and see how it feels to be back to Vista days
but this is no joke, if you don't have a super duper AV installed, and even if you do, you were duly warned!
important security readme
Moderators: fgagnon, nikos, Site Mods
-
nikos
- Site Admin
- Posts: 16402
- Joined: 2002 Feb 07, 15:57
- Location: UK
important security readme
MS came out and officially admitted that UAC unless set at the maximum level is basically useless
https://blogs.msdn.microsoft.com/oldnew ... 0/?p=94105
I'll try to set mine to maximum level and see how it feels to be back to Vista days
but this is no joke, if you don't have a super duper AV installed, and even if you do, you were duly warned!
https://blogs.msdn.microsoft.com/oldnew ... 0/?p=94105
I'll try to set mine to maximum level and see how it feels to be back to Vista days
but this is no joke, if you don't have a super duper AV installed, and even if you do, you were duly warned!
-
Kilmatead
- Platinum Member
- Posts: 4879
- Joined: 2008 Sep 30, 06:52
- Location: Baile Átha Cliath
Re: important security readme
Ordinarily, I'm firmly in the "Meh" camp about this, as even in the Vista days I always had UAC disabled since it's nothing more than an uninformative busybody. If it doesn't tell you exactly what something is trying to access (unlike decent firewalls, etc which will reference down to an HKEY itself), then it's pointless as not only is the user left completely uninformed, but neutered by abstract (and mostly irrational) fear.
Thus, UAC is laughable.
That said, after my recent exploration of writing to x2 process memory space (especially with regard to utilising cross-account SeDebugPrivilege), I must admit that I was somewhat surprised at just how easy this is to do, once you're wearing the right size ballet-shoes.
I haven't bothered to formulate any real thoughts about its potential, but (unlike most things) it has sat in the back of my head for the last few weeks tickling my more perverse inclinations of civil disobedience.
(I wasn't just a little surprised, I was very surprised at the sheer simplicity of it.)
Like most things from MS, UAC really wasn't very well thought-out.
Thus, UAC is laughable.
That said, after my recent exploration of writing to x2 process memory space (especially with regard to utilising cross-account SeDebugPrivilege), I must admit that I was somewhat surprised at just how easy this is to do, once you're wearing the right size ballet-shoes.
I haven't bothered to formulate any real thoughts about its potential, but (unlike most things) it has sat in the back of my head for the last few weeks tickling my more perverse inclinations of civil disobedience.
(I wasn't just a little surprised, I was very surprised at the sheer simplicity of it.)Like most things from MS, UAC really wasn't very well thought-out.
-
dunno
- Gold Member
- Posts: 541
- Joined: 2007 Nov 18, 03:00
- Location: Tropical Hammock
Re: important security readme
My knowledge of what happens beyond the GUI is Zero, but... I have chatted with a few very knowledgeable O_1's, Conclusion, have separate pc's for, banking, Surfing, and p0rn/darknet.
I don't have UAC enabled on any of them, and no AV software either, to many false positives, Instead I sandbox all net activity.
Does this work, seems to as there's no weirdness evident, If a pc goes weird on me I do a clean install, or copy a clean install image, easy as pie.
*crawls back into hammock*
I don't have UAC enabled on any of them, and no AV software either, to many false positives, Instead I sandbox all net activity.
Does this work, seems to as there's no weirdness evident, If a pc goes weird on me I do a clean install, or copy a clean install image, easy as pie.
*crawls back into hammock*
-
namsupo
- Member
- Posts: 49
- Joined: 2007 Aug 29, 02:02
Re: important security readme
UAC as it was originally designed was a sensible security measure, its just that it required developers to do a bit of work to support it properly.
Unfortunately Microsoft weren't interested in doing that. They cocked up Explorer so badly and it got so much bad publicity that they got scared, and weakened UAC in Windows 7 so much that it became useless.
It was then retconned to "not a security feature after all".
Unfortunately Microsoft weren't interested in doing that. They cocked up Explorer so badly and it got so much bad publicity that they got scared, and weakened UAC in Windows 7 so much that it became useless.
It was then retconned to "not a security feature after all".