Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: Vista Security Tested

  1. #21
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Quote Originally Posted by Moira
    I try to strike a balance between secure and irritating. I don't need a message box asking me if I want to open control panel when I just double clicked the control panel icon!
    UAC is Microsoft's attempt to implement the Principle of Least Priveledge for the everyday user. It's actually a very good idea and if you're finding it this annoying, it probably means you normally run as Administrator on your Windows machines (and are nor accustomed to running as a User account) and that is a Bad Thing(tm.)

    Plus, by turning off UAC, you're losing out on the benefits of the Protected Mode of Internet Explorer 7. Protected Mode gives IE7 the ability to become a browser more secure than any other current browser that I know of. First bit is a good read: http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx

    Protected Mode in Action: http://www.microsoft.com/technet/sec...ry/935423.mspx
    Customers who are using Internet Explorer 7 on Windows Vista are protected from currently known web based attacks due to Internet Explorer 7.0 protected mode.
    Quote Originally Posted by zencoder
    Clicking that thing 3 or 4 times a day, when I use Vista 8-12 hours a day, is not that big of a deal. Sorry, I don't have a lot of sympathy for people who bitch and moan about a legitimate attempt by M$ to respond to the increasing security threats, but who can't be bothered to learn about the system or use it; the features, and their management options, are well documented in the Help & Support section of Vista.
    Hear hear.

    Quote Originally Posted by RoadClosed
    My account has full access, so this means programs are not granted the same access rights as the person initiating them. Also interesting.
    IRRC, when you log on with an Administrator account, the account is given two tokens: an administrative token and a restricted-access token. Programs are automatically run with the restricted-access token and only use the administrative token when either a) you tell it to (Right-click the file -> Run as Administrator) or b) it needs administrative priveledges (And then you are prompted to give them to it.)

    Quote Originally Posted by RoadClosed
    I had to extract the files to the desktop and them copy them to the destination folder using explorer, which must default to my admin privy since it is the file system interface.
    Explorer.exe also starts with with the restricted-access. (Example: Create a basic text document. Open an explorer window. Edit -> Move to Folder -> C:\Windows\system32. It will prompt you for administrative access in order to complete the move.)

    - Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  2. #22
    Agony Aunty-Online Moira's Avatar
    Join Date
    Jun 2003
    Posts
    1,063
    Quote Originally Posted by zencoder
    Well, do what everyone else does, and has always done in a sense, and turn UAC off.
    Don't know if that was aimed at me, but I did turn UAC off thanks.
    77 111 105 114 97

    My PGP signature

  3. #23
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Moira,

    The two basic issues are:

    1. Do you understand what you are doing?
    2. What environment are you operating in?

    For the average home user with little computer knowledge it is probably important to have it turned on, because it is a significant part of frontline defences.

    In a situation where I am using the PC for development, testing and software evaluation, I would probably turn it off, as it would drive me nuts.

    In a corporate or institutional environment it is not so clear cut. One part of me says that I would turn it off, because you do not provide network security at the desktop level, and if something bad gets that far, your security model is fatally flawed.

    The other side of me says that zencoder's three of four clicks a day are trivial, or should be, in a properly locked down environment, and this would be a final "tripwire"

    At the end of the day I take the view that it is still a question of threat analysis and risk evaluation, and you need to build your security model accordingly. UAC is not a universal panacea, it is just a software tool?

    An obvious situation where I would certainly turn it off is where I have a machine performing "process control" type tasks in an unattended environment.

    Examples would be monitoring laboratory equipment, security cameras, access control systems, fire and burglar alarms, lighting control, and licence control..............to name but a few

  4. #24
    Agony Aunty-Online Moira's Avatar
    Join Date
    Jun 2003
    Posts
    1,063
    I'm sure I'm not the only person to turn UAC OFF. Like you said nihil it drives you NUTS!

    My XP systems never had UAC and somehow we survived, so I don't think the lack of it in Vista is going to be critical. In any case, this is a home computer not something containing military secrets. Let's keep things in proportion.

    I only use IE where I have to anyway - Firefox is my browser by choice, so losing the protected features of IE has little impact. And I still say that with something as irritating as this, the temptation to simply click "yes" to everything will water down any real benefit of UAC.

    You're right xierox, I and all my users have admin privileges, I don't believe in unnecessary restrictions. I want to use my computer and I want my users to be able to learn what the PC is capable of too. I know I can trust the other people who use my system and if they do accidentally break something - well, it's all in the name of progress and I can always fix it anyway.
    77 111 105 114 97

    My PGP signature

  5. #25
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    My XP systems never had UAC and somehow we survived, so I don't think the lack of it in Vista is going to be critical.
    kind of like an outnound firewall.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  6. #26
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Quote Originally Posted by Moira
    You're right xierox, I and all my users have admin privileges, I don't believe in unnecessary restrictions. I want to use my computer and I want my users to be able to learn what the PC is capable of too. I know I can trust the other people who use my system and if they do accidentally break something - well, it's all in the name of progress and I can always fix it anyway.
    Have fun explaining to your boss why the rootkit sniffing CC numbers on a billing machine had access to system files in the first place. ;-)

    - X
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  7. #27
    Agony Aunty-Online Moira's Avatar
    Join Date
    Jun 2003
    Posts
    1,063
    This is a home network !
    77 111 105 114 97

    My PGP signature

  8. #28
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    Quote Originally Posted by Moira
    This is a home network !
    Ah, ok. My mistake.

    - Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

Similar Threads

  1. Windows Pc Data Security
    By nihil in forum The Security Tutorials Forum
    Replies: 6
    Last Post: December 24th, 2003, 03:04 AM
  2. CISSP Notes: Security Models: Access Control Models
    By MrLinus in forum The Security Tutorials Forum
    Replies: 4
    Last Post: October 11th, 2003, 03:22 AM
  3. Internet Security for the "newbies"
    By .:|Mymx|:. in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: May 24th, 2003, 10:37 AM
  4. NEWS: This Week in Security
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: July 18th, 2002, 04:36 AM
  5. Latest SANS Update
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: May 29th, 2002, 09:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •