How useful is User Account Control

Hello:  I'm looking for some informed opinions, (more informed than mine, to be sure,) on the usefulness and even the necessity of User Account Control in Windows 7 Ultimate.  1: has it really be shown to stop malware attacks, or maybe by its presence make them more difficult to create and spread?  2: Couldn't some malware program disguise itself somehow with a counterfeit identity, so that the program name that appears at the UAC prompt is falsely displayed as some other well-known program that is considered safe, leading the user to click "allow"?  And finally, 3: in the very least, it slows the boot time of my machine and requires that I sit there waiting to acknowledge the prompts one by one for some of my startup programs- (a minor inconvenience if UAC actually DOES something, a waste of time if it doesn't.)  At worst, some users report huge problems with it- something I've never experienced.  It always seems to work OK, other than being a little tedious.  I do remember once having to fix some permissions in the registry that had become screwed up, and that were making it impossible to apply an update to QuickBooks 2009.  In Googling for the solution, I noticed that the issue not only affected QuickBooks, but other apps as well.  The solution that worked for me said to disable UAC to make the registry changes.  I didn't try the fix without disabling UAC, so I don't know if that was really necessary, or  a "just-in-case" kind of suggestion.  Bottom line: I'd disable the damn thing and do without it, if it really didn't do much, and gladly keep it on if it did.  Thanks for your help.
ChristopherNlsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rindiCommented:
UAC alone doesn't help much. You need to combine it with user education, common sense, and for example never work within an account that has administrative rights. Normal users shouldn't even know the administrator's accounts passwords. If that is ensured it will  certainly help.

Also, if an UAC message shows up that usually happens because you are installing something, or starting a tool that needs to run at a higher level. If a message shows up without the user having invoked anything knowingly, you shouldn't approve the message.
0
JohnBusiness Consultant (Owner)Commented:
UAC does not stop malware and that is not its intent.

What it does is prevent a loose nut behind the keyboard from installing software. It does that quite well. Users in a business or like organization should not be allowed to install software because they can easily wreck a machine.

It was improved in Windows 7 from its first appearance in Vista and works well in Windows 7 and 8.

You should leave it enabled on all machines including those machines where the user is a standard user. It should not be disabled (no need to) and in Windows 8, disabling UAC prevents Windows Store from working.

... Thinkpads_User
0
JohnBusiness Consultant (Owner)Commented:
Re: QuickBooks. You need to be admin to update QuickBooks and UAC facilitates this by requesting permission and then asking for the admin userid and passwords. I do not let clients update their own QuickBooks for this reason. They hold off until the support person can authorize the updates. It goes quickly.

... Thinkpads_User
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

ChristopherNlsAuthor Commented:
ThinkPads_User:  I am the only user of my machine, with the very occasional exception of my wife borrowing it for a very short time if her machine is unavailable at that particular moment.  I, being the machine owner, am also the sole administrator.  My account is naturally therefor set up as such.  The only loose nut behind the keyboard theoretically would be me!  :-}  I'm not likely to do any serious damage, because I've had computers since late 1997, am knowledgeable for a home user, and cautious.  

BTW: I am also the sole user and admin for QuickBooks, but I was getting the following error when trying to accept an update:

Error 1402. Could not open key: "UNKNOWN\Components\6F949E36CB3004C50AF18C3B9B1A1EE8\0180F2A9F96368E4092779F3EB61975C".

In Googling for this error msg, I saw many other similar ones for QB, as well as for other applications unrelated to QB.  The data in the keys cited in those other error messages wasn't identical to mine, but the error #1402 and "UNKNOWN\Components" part was.  The solution was related to permissions for a large number of registry entries- I don't recall the precise details.

Expert rindi mentions not approving a UAC prompt if the user didn't specifically invoke anything, I guess at that particular moment.  To me that sounds like what might happen if malware was attempting to install, run or otherwise make some undesirable change to your computer.  I've never seen this myself, or heard about it elsewhere- but I don't see it as impossible.  What are your thoughts on that?
0
rindiCommented:
Even if you are the only regular user and the admin and owner of the PC, never, ever, do your day to day work in an account with administrator's rights. Only use that account for purely administrator purposes. For normal day-to-day work ONLY use standard accounts. The admin accounts are dedicated o admin tasks only!

It's one of the worst mistakes one can make, and it is mainly caused by the very insecure previous m$ OS's. People got used to be allowed everything and now don't want to learn or use the more secure new features. You have admitted yourself that you have used PC's since 1997, so that makes you a candidate of using those old bad habits.
0
JohnBusiness Consultant (Owner)Commented:
I am also the sole user of my machine, and because I help other clients with IT (less so these days) and because I know what I am doing, my user name is a member of the admin group. I exercise a great deal of caution and common sense.

However, I still leave UAC enabled. If you happen to click on a link and something wants to install, UAC will stop it.

I have been using UAC for many years now and it does not get into my way.

... Thinkpads_User
0
McKnifeCommented:
Hi.

> 1: has it really be shown to stop malware attacks, or maybe by its presence make them more difficult to create and spread?
You would need statistical data to prove that assumption. I think only Microsoft will have such data, look out for their yearly security intelligence report ("SIR"), it might be mentioned.
My opinion is a clear "yes", although I would not be able to predict how much. There are defined scenarios (will mention those later) where you are definitely more secure with UAC on.
>  2: Couldn't some malware program disguise itself somehow with a counterfeit identity, so that the program name that appears at the UAC prompt is falsely displayed as some other well-known program that is considered safe, leading the user to click "allow"?
You need to read the Wikipedia article on UAC (and continue with wiki links) to get an understanding of how the OS judges who/what triggers UAC. Only this much: if the attacker were able to steal a trusted companies security certificate, yes, then this would be possible. Stealing however would be everything but easy.
>  3: in the very least, it slows the boot time of my machine and requires that I sit there waiting to acknowledge the prompts one by one for some of my startup programs- (a minor inconvenience if UAC actually DOES something, a waste of time if it doesn't.)
That's not UAC's fault but badly implemented software. There are several ways to solve that: if those softwares that need UAC approval are useful and you would like to keep them, contact their manufacturers (hotline/forum/FAQ/...) and ask for a solution. If none, setup a scheduled task as shown here: http://www.howtogeek.com/howto/windows-vista/create-administrator-mode-shortcuts-without-uac-prompts-in-windows-vista/ and trigger it to run on startup. Afterwards, you can delete the startup entry that causes you grief.
--
Now for the "what does it do?"...
Reading the wiki article and wiki-linked pages, you will see that UAC
-prevents software from making changes without your knowledge
-makes it easier for non-admins to start processes/setups/configurations as a different user
-is needed for a (rather little known) OS-protection layer called MIC (mandatory integrity controls) which are a rather interesting topic. You can use MICs to treat processes that you yourself start as untrusted - let's digest that thought for a while and then see what it means for overall security: I could use an untrusted program and keep that programs process from accessing private data.
-enables weak users to use software incompatible with weak accounts by using folder virtualization.

Those 4 pillars are mainly it in my opinion.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
it slows the boot time of my machine and requires that I sit there waiting to acknowledge the prompts one by one for some of my startup programs-

None of my startup programs do this (I have well over 100 processes running on my laptop when fully started), so you might consider isolating these processes requiring UAC and only start them if needed.

.... Thinkpads_User
0
ChristopherNlsAuthor Commented:
Rindi: So I am going to hazard a guess and say that, even though I use a good and reputable anti-malware/firewall program, (Norton Internet Security 2013,) and even though I am well-informed, knowledgeable and cautious, ( at least for a home user,) then working primarily through a standard account adds yet another layer of safety- more always being better.  I am assuming that by "standard account" you mean the common "user" account that works without elevated admin privileges in Windows 7.  If I do this, is there a way to do something requiring elevated privileges using the "run as" function, like there was in XP ?  In other words, "run as" me in my administrator account for that one thing at that particular time, as needed.  That wouldn't be very much trouble at all in return for additional security.

McKnife and thinkpads_user: I only have three startup programs that require UAC permission- so I'm really only waiting on three prompts for each time I start the computer.  They are all well-known and have been around for years, and were written by reputable software publishers- aren't just silly widgets- but serve useful purposes.  So McKnife, I will take your advice regarding setting them up as scheduled tasks.  

Thanks all for your very informed comments.  Let me know about the "run as" idea.
0
rindiCommented:
Actually Norton stuff isn't what i'd call reputable at all. I regard those products as some of the most bloated and crappy software available, and they are the first things I remove from a new PC (for me it is "malware"). Actually their only good utility is the one that completely removes their software!

Yes, you should only use the common user account to work with. Whenever something needs higher credentials, UAC comes into the picture and you get a menu of the accounts that are setup, where you can then select the admin account and his password to run the program under.
0
ChristopherNlsAuthor Commented:
I've seen people disparage Norton and other anti-virus/anti-malware apps before, and I've never understood why.  I know none of  them are 100% effective- not possible, I suppose.  But  in allegedly independent tests Norton consistently ranks at or near the top for effectiveness.  I doubt the testing firms are lying.  I've also seen Norton on my own machine announce a couple of times, (it is big on announcing things,) how it caught and halted "such-and-such attack" before it could harm my machine.  Why wouldn't I want something working in the background intercepting bad stuff on the way in?  If not Norton, them what else?  I certainly wouldn't run naked on the Internet.  I once had Zone Alarm, but the GD thing wouldn't leave me alone. All it ever wanted were decisions on allowing or disallowing things described in nearly incomprehensible gobbledegook language that only someone with a Masters in Computer Science would have any hope of understanding quickly enough to continue what they were doing  So, what to do?
0
JohnBusiness Consultant (Owner)Commented:
I use Symantec Endpoint Protection and so long as I allow it to start hidden, it does not set off UAC.
.... Thinkpads_User
0
McKnifeCommented:
> If I do this, is there a way to do something requiring elevated privileges using the "run as" function, like there was in XP ?
Yes, sure: UAC does that automatically. It detects the need for higher permissions, fires the process "consent.exe" that shows you a credential dialogue and there you have your runas.
0
JohnBusiness Consultant (Owner)Commented:
Let us know (if you can) what the 3 programs are. None of what I start needs UAC permission. Either they just done need it, or start via the Task Scheduler.

.... Thinkpads_User
0
ChristopherNlsAuthor Commented:
Thank you everyone for your useful and informative insights into UAC..  I've increased the points for this question, in order to adequately reward more than one Expert, as several have been very helpful.  McKnife: thank you for your detailed, insightful and referenced explanation of that UAC is, (besides being  just the thing that I have to click allow for a few times when I boot up, or occasionally run some programs,) -plus, what it does and its usefulness.  Rindi and Thinkpads_User: you both provided some additional detail, and a view from the perspective of the admin/ and/or consultant.  Good job.
0
ChristopherNlsAuthor Commented:
Just a follow up:  I will be changing my account to that of a standard user.  I wonder if I should make the built-in Administrator account in Windows 7 visible, just in case something happens to my user profile.  I wouldn't want to be locked out of my own computer.  Thanks.
0
JohnBusiness Consultant (Owner)Commented:
I will be changing my account to that of a standard user.  I wonder if I should make the built-in Administrator account in Windows 7 visible

Yes, by all means make an account (not administrator which is hidden) that is a member of the admin group. That is, have Chris_admin as an account that you can log into. But do not unhide the administrator account. I do this and the special admin account can do all you need.

Cheers, .... Thinkpads_User
0
rindiCommented:
Just add another admin account, don't enable the built-in administrator's account.
0
ChristopherNlsAuthor Commented:
Thanks, guys.  I've heard elsewhere that it is more secure not to make the built-in administrator account visible.  This confirms what I've read.  Thanks again for your help.
0
McKnifeCommented:
About the built-in admin and why it is better/not better to keep it disabled:
Any windows system has this account, so attackers will try to use it in scripts in order to elevate their privileges. That special account is not even governed by UAC! What does that mean?
That means, that if you have the account enabled, and set the password "admin", a script like this:
psexec -u administrator -p admin meanexecutable.exe
guessing the correct password would ruin your computer in seconds. No UAC prompt to stop that script!
BUT: what if you set a complex password like HGiuez93zrexx##sw3! ? Yes, this would be save against scripts that simply guess passwords or use other dictionary attacks. But would you like to type (and remember) "HGiuez93zrexx##sw3!"? Not really.
So let's have a look at the option of setting a blank password.
By default, blank passwords can not be used in any kind of scripts! They cannot be used with psexec/ runas, neither can they be used for rogue network connections in (for example) your not-so-trusted WLAN: net use x: \\yourpc\c$ will ask for a password and won't accept a blank although the pw IS blank!
Blank passwords are indeed not so bad as many people think. Problem with those are the local logons. If you fear that someone could login to your computer, then a blank admin pw is of course an invitation.

I hope you now will understand why using an extra admin is different but not necessarily safer than the built-in admin with blank password.
0
ChristopherNlsAuthor Commented:
McKnife:  Then is it safe to say that the built-in admin account with a blank password is no more vulnerable than any other accounts that use passwords from a remote attack?  I have  two different boot passwords on both my machines.  Granted, they aren't difficult-to-remember complicated gobbledygook, rather they are a couple of  words from a language that relatively few people speak - especially on this side of the Atlantic -  not English.  So they might as well be random letters, from the perspective of an English-speaker.  Now if I go out and leave the machines on without locking the screens, then someone could theoretically logon while ransacking my house looking for valuables. --- An amusing example of this happening and back-firing on the dumb crook who accessed his own Face Book page, and then left it open when he split the premises is here: http://huff.to/15GHMUL.  Instant Karma, or room-temperature IQ? - you decide! :-} ---  Is there any other reason that having the built-in admin account visible on the welcome screen is unsafe?  When I hear it referred to as not-enabled, I take that to mean just not visible, as I am guessing that this is the same admin account that is available through safe-mode.  I could use some clarifications on this- not that you are unclear-  I just get the feeling that my own understanding of the subject is incomplete.  Once again, thanks for your help.  

ChristopherNls
0
McKnifeCommented:
I see no way to remotely exploit a blank-pw-account at all. All possible attacks need interaction. There is no reason to hide it apart from local logins.
About visibility: you only need to remember that disabled accounts cannot be used in any mode, so if you want a fallback admin account, no matter if builtin or self-made, don't disable it. [Given the fact that it is very easy to use boot media to enable and pw-reset that account, this won't really matter, anyway, unless you encrypt the computer, but that's a whole new story]

Having it visible does not introduce security concerns.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.