Re: How can I optimise UAC on Vista 64?



"Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m> schreef in bericht news:#OM4F07$IHA.4040@xxxxxxxxxxxxxxxxxxxxxxx
"Mr. Arnold" <MR. Arnold@xxxxxxxxxx> wrote in message news:e0aMye7$IHA.5096@xxxxxxxxxxxxxxxxxxxxxxx

"Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m> wrote in message news:ehx7iJ7$IHA.3936@xxxxxxxxxxxxxxxxxxxxxxx
"Mr. Arnold" <MR. Arnold@xxxxxxxxxx> wrote in message news:%23%23%23y4B7$IHA.1016@xxxxxxxxxxxxxxxxxxxxxxx

<snipped>

Disabling the secure desktop feature of the UAC prompt
doesn't exactly "optimize" UAC - in fact it disables UAC
for any malware program smart enough to take advantage
of that change. Sure, maybe it is unlikely that a malware
program exists that can do this, but if enough Vista users
take this option - I'm sure some will be written.


You need to provide some proof here that disabling that black screen is disabling the security functionality you speak about.



http://technet.microsoft.com/en-us/library/cc709628.aspx


Yeah ok, I see it and see the functionality. However, that little utility program has some other nice features not that disable *Black* on UAC is a bad feature either.



Disabling the secure desktop isn't necessarily a bad thing as long as you understand the implications of doing so. It is automatically disabled when you RDP to a Vista box for instance.

As the secure desktop is enabled by default it's very unlikely malware would be coded to look to see if it was disabled and take advantage of that fact. What percentage of users would be able to figure out that it could be disabled and then figure out how to do it? How many of those would just say "Interesting, but so what" then leave it enabled? Although you would be relying on security by obscurity I think it's very unlikely disabling secure desktop would actually cause you any harm. Security is all about assessing risk and managing a balance between mitigating that risk and performing a task without too many hurdles. For me the increased security of secure desktop more than makes up for the slight inconvenience it causes.

UAC gives us a few more tools to help manage that balance. All of the settings that the UAC tweak tools provide were built into Vista to help people manage UAC. I do agree that some of them give you nice GUI way to do it though.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/




You know, many users would not even think of disabling UAC if it had one extra option: to remember what was accepted. Just like the way good firewalls do. But now, if you have to use an application that has to be checked by the UAC, and you have to use it many times a day, then you have to tell the UAC every time again that it is OK. That's the ONLY reason that users wish to disable the UAC.

You can state that this would be less secure but then I ask: what's worse, using UAC with such a function, of not using UAC at all? Here I see a tendency that I found in other cases too: Microsoft seems to think that all users are stupid idiots. The simplest things are "secured" with questions like: are you sure you want that? I always think then: yeah, I am not an idiot, stupid! Now you get the situation that users click Yes without even reading it, because it is overused. That's why I started to use Buzoff (basta computing) to have it automatically done in cases where this question is simply too stupid to think about.

If Microsoft would start to look at users as normal behaving people, the real security issues would be much more accepted.

.

Relevant Pages

  • Re: How can I optimise UAC on Vista 64?
    ... XdN Tweaker has an option for turning Secure Desktop off (what the ... Disabling the secure desktop feature of the UAC prompt ... for any malware program smart enough to take advantage ...
    (microsoft.public.windows.vista.security)
  • Re: Which XP to use
    ... There wasn't any place to turn that off without disabling the UAC. ... When changes are made with msconfig, the next time the system is started msconfig attempts to alert you that changes were made. ... IE7 can't run in protected mode if UAC is disabled, so IE7 showing protected mode on when UAC is disabled indicates something is seriously wrong with the installation. ...
    (microsoft.public.windowsxp.general)
  • Re: Which XP to use
    ... There wasn't any place to turn that off without disabling the UAC. ... Also, in order for some of my programs to update, the UAC had to be turned off. ... These are perfectly safe programs I have used for years and I checked with the publishers before I installed them to make sure they were compatible with Vista. ... Why is Windows Vista always asking for my permission: An explanation of UAC (User Account Control) ...
    (microsoft.public.windowsxp.general)
  • Re: How can I optimise UAC on Vista 64?
    ... doesn't exactly "optimize" UAC - in fact it disables UAC ... maybe it is unlikely that a malware ... You need to provide some proof here that disabling that black screen is disabling the security functionality you speak about. ... As the secure desktop is enabled by default it's very unlikely malware would be coded to look to see if it was disabled and take advantage of that fact. ...
    (microsoft.public.windows.vista.security)
  • Re: How can I optimise UAC on Vista 64?
    ... XdN Tweaker has an option for turning Secure Desktop off (what the ... Disabling the secure desktop feature of the UAC prompt ... for any malware program smart enough to take advantage ... You need to provide some proof here that disabling that black screen is ...
    (microsoft.public.windows.vista.security)