Before you all assume I am simply making an unprepared statement, please read this post.
I am suggesting that the third bullet underneath the "Setup DDSOpt" header (found on this Wiki page) be changed to recommend disabling UAC. I shall explain why.
User Account Control (UAC) is a Windows feature built to, in layman's terms, request users to allow a program Administrative access. It was first seen in Windows Vista, in which it was at its most annoying form. Every time a program asked for Admin access, UAC would prompt the user.
This changed when the Windows 7 beta rolled out. Microsoft made UAC a little less annoying, allowing most Microsoft-signed programs to run without asking the user for Admin rights, but still requiring a UAC prompt for anything else. UAC was now less annoying, however this change set the path for the majority of the world's malware to obtain access to every Windows computer's system.
In 2009, a UAC bypass proof-of-concept was announced. This bypass only worked for Windows 7 at the time, but newer UAC bypass concepts have been created for Windows 8 and even Windows 8.1. You can see an example video of this flaw in UAC being used to remotely obtain access to a fully-updated Windows 8.1 system with enabled antivirus, and UAC set to default settings, here.
Microsoft refuses to fix this issue. In fact, they very well shouldn't, because fixing the issue would most likely require a complete rewrite of how programs obtain access from UAC, and thus breaking compatibility with nearly every program available, requiring every developer to change their code to reflect Microsoft's changes.
The only way to prevent the bypass from working is to set UAC to the highest security level (which prompts for every program's initial access to admin rights, meaning every time a new program is called (Even when that program starts another process), it prompts for access. If you have ever tried using Windows with that security setting, you will agree that it gets annoying...fast.
This flaw in UAC is real, and renders UAC pretty much useless. More than that, UAC by itself is quite intensive on resources, especially for low-end systems.
I personally recommend everyone disable UAC. Considering that performance will increase and security will be essentially no different than when UAC is enabled (because every real hacker knows of this flaw), there isn't a reason not to!
In any case, even if UAC prompted a user for giving Admin rights to a piece of malware, most malware are designed to look like real software. They even hide in other legit program's locations to make you think they are not malware! My point is that most end-users won't know the difference between a real process or malware. In fact, I have met many people that just hit "Yes" on any popup without even reading what the popup said. UAC doesn't know the difference between a virus and a legit program. It just asks the user whether to allow it or not, so if the user always clicks "Yes", why are they leaving the UAC feature enabled? It's called User Account Control for a reason.
I can say I'd expect that a lot of people playing around with Skyrim mods don't know when to say yes or no to a UAC prompt. I, personally, prefer to have it turned off because I get better performance and a good Antivirus generally blocks malware anyways, so UAC is pointless... for me at least.
The main reason I initially decided to suggest this is because of the ending phrase on that Wiki page that states you can disable UAC, "but it is also a security risk".
I'll respond, and conclude, with the following statement. Based on the information I've provided above, the statement on the STEP wiki, that states "disabling UAC is a security risk", is quite false, and gives an idea to users to leave UAC enabled (usually at the default, flawed setting), which in turn decreases overall system performance and provides virtually no extra security. I recommend changing the way that bullet is written.
You can find more information regarding the UAC flaws and bypass attacks on an originating page found here; and you can find a more recent article explaining in layman's terms how the attacks work, as well as information regarding Windows 8.1 vulnerability, on the article found here.
Thank you for your time. In any case, I hope I have educated some people.
Question
Drakonas
Before you all assume I am simply making an unprepared statement, please read this post.
I am suggesting that the third bullet underneath the "Setup DDSOpt" header (found on this Wiki page) be changed to recommend disabling UAC. I shall explain why.
User Account Control (UAC) is a Windows feature built to, in layman's terms, request users to allow a program Administrative access. It was first seen in Windows Vista, in which it was at its most annoying form. Every time a program asked for Admin access, UAC would prompt the user.
This changed when the Windows 7 beta rolled out. Microsoft made UAC a little less annoying, allowing most Microsoft-signed programs to run without asking the user for Admin rights, but still requiring a UAC prompt for anything else. UAC was now less annoying, however this change set the path for the majority of the world's malware to obtain access to every Windows computer's system.
In 2009, a UAC bypass proof-of-concept was announced. This bypass only worked for Windows 7 at the time, but newer UAC bypass concepts have been created for Windows 8 and even Windows 8.1. You can see an example video of this flaw in UAC being used to remotely obtain access to a fully-updated Windows 8.1 system with enabled antivirus, and UAC set to default settings, here.
Microsoft refuses to fix this issue. In fact, they very well shouldn't, because fixing the issue would most likely require a complete rewrite of how programs obtain access from UAC, and thus breaking compatibility with nearly every program available, requiring every developer to change their code to reflect Microsoft's changes.
The only way to prevent the bypass from working is to set UAC to the highest security level (which prompts for every program's initial access to admin rights, meaning every time a new program is called (Even when that program starts another process), it prompts for access. If you have ever tried using Windows with that security setting, you will agree that it gets annoying...fast.
This flaw in UAC is real, and renders UAC pretty much useless. More than that, UAC by itself is quite intensive on resources, especially for low-end systems.
I personally recommend everyone disable UAC. Considering that performance will increase and security will be essentially no different than when UAC is enabled (because every real hacker knows of this flaw), there isn't a reason not to!
In any case, even if UAC prompted a user for giving Admin rights to a piece of malware, most malware are designed to look like real software. They even hide in other legit program's locations to make you think they are not malware! My point is that most end-users won't know the difference between a real process or malware. In fact, I have met many people that just hit "Yes" on any popup without even reading what the popup said. UAC doesn't know the difference between a virus and a legit program. It just asks the user whether to allow it or not, so if the user always clicks "Yes", why are they leaving the UAC feature enabled? It's called User Account Control for a reason.
I can say I'd expect that a lot of people playing around with Skyrim mods don't know when to say yes or no to a UAC prompt. I, personally, prefer to have it turned off because I get better performance and a good Antivirus generally blocks malware anyways, so UAC is pointless... for me at least.
The main reason I initially decided to suggest this is because of the ending phrase on that Wiki page that states you can disable UAC, "but it is also a security risk".
I'll respond, and conclude, with the following statement. Based on the information I've provided above, the statement on the STEP wiki, that states "disabling UAC is a security risk", is quite false, and gives an idea to users to leave UAC enabled (usually at the default, flawed setting), which in turn decreases overall system performance and provides virtually no extra security. I recommend changing the way that bullet is written.
You can find more information regarding the UAC flaws and bypass attacks on an originating page found here; and you can find a more recent article explaining in layman's terms how the attacks work, as well as information regarding Windows 8.1 vulnerability, on the article found here.
Thank you for your time. In any case, I hope I have educated some people.
Edited by Drakonas8 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now