We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Vista question
Comments
-
If you weren't prepared for a rebuttal, you shouldn't have instigated a response.
I'm sure I don't need to tell you about how a forum works, either.0 -
I was not comparing the function of UAC to Anti Virus, because they address different security concerns. I never claimed that UAC would prevent any software from entering your PC, UAC does prevent remote code exploits in programs that on previous versions of Windows would go undetected.
As I say, virii are not the only avenue of attack in a system..0 -
Ovcourse, though UAC has been proven to not stop those exploits from occuring either.
The Webkit Carpet Bombing vulnerability that was previously present in Google Chrome is a fine example.
It appears to be protecting your computer, when it really isn't.. There are a ton of web pages within a Google search that elaborate on this.0 -
Can you link a few?0
-
Here's a link.
http://blogs.zdnet.com/security/?p=1843
Find the older version of Google Chrome, install it and don't change any settings within that program (on a Vista machine, ovcourse).
Now run the demo on that site, with UAC installed.
Tell me if visiting that web page demo puts a file on your desktop, without ever asking you.
'then' argue that UAC works.0 -
Also:
http://cybernetnews.com/2006/09/09/vistas-uac-not-as-secure-as-we-thought/
And more links:
http://www.google.com/search?num=100&hl=en&newwindow=1&safe=off&q=vista+uac+not+secure&btnG=Search
Note the one that says "21 Jan 2007 ... UAC does not make Vista more secure"0 -
Salamancer wrote: »Here's a link.
http://blogs.zdnet.com/security/?p=1843
Find the older version of Google Chrome, install it and don't change any settings within that program (on a Vista machine, ovcourse).
Now run the demo on that site, with UAC installed.
Tell me if visiting that web page demo puts a file on your desktop, without ever asking you.
'then' argue that UAC works.
Ok, so this exploit allows Chome to download a file to the desktop of the user without opening a dialogue box to Open/Save? To interact with any system files or files outside of the logged in User, it would require elevation.
I don't really understand the point this article is making. You give a program elevation in which it can make system wide changes to the operating system files and settings, which is what Higher IL is for. The user is therefore responsible for knowing what the program intends to do and whether they are to permit this or not.
The link you mention is opinion, not fact. There is no factual evidence to indicate UAC is ineffective at the task it is designed to do.0 -
No, it is fact.
The point I made was clear, UAC doesn't make your Windows experience more secure.
All it does is give you several more dialogue boxes when you want to do simple things.
The UAC asks you when you're installing something on your computer, 'not' when something is trying to break its way onto your computer without permission.
The point that article made was that the UAC is thought of making your computer more secure, which it just doesn't do.
All those links prove this, also. Vista UAC is a hassle more than anything.
In regards to the Chrome exploit, the point stands clearly.
When someone installs that web browser and simply visits a web page, that web page was able to place any file it wanted onto your desktop without you knowing at all. In a more complex coded page, with appropriate Javascript module, it can execute that file also.
All that without a single dialogue box past the installation.
Unless you're just installing every single thing you see, you don't-need-UAC.
All it does it restrain 'you', not the program.
People are more than capable of knowing what they click on, they don't need 3+ dialogue boxes every single time. That's just pathetic.0 -
Salamancer wrote: »No, it is fact.
No, it's not.The point I made was clear, UAC doesn't make your Windows experience more secure.
If you understand what you're doing, then it does.All it does is give you several more dialogue boxes when you want to do simple things.
Simple things that could be maliciousThe UAC asks you when you're installing something on your computer, 'not' when something is trying to break its way onto your computer without permission.
Installation is one small part of the role of UAC. Any application that would run in Medium IL that triggers a request for elevation really should set alarm bells ringing.The point that article made was that the UAC is thought of making your computer more secure, which it just doesn't do.
See point 2.
[/quote]
All those links prove this, also. Vista UAC is a hassle more than anything.
[/quote]
XP was hassle free and the level of security it provided was almost non existent.In regards to the Chrome exploit, the point stands clearly.
When someone installs that web browser and simply visits a web page, that web page was able to place any file it wanted onto your desktop without you knowing at all. In a more complex coded page, with appropriate Javascript module, it can execute that file also.
Evidence of this execution requested.Unless you're just installing every single thing you see, you don't-need-UAC.
All it does it restrain 'you', not the program.
Once again, this is a small, but highly visible part of what UAC overall offers.People are more than capable of knowing what they click on, they don't need 3+ dialogue boxes every single time. That's just pathetic.
Ask an experienced Linux user whether they would run their account as root, I think you'll be hard pushed to find anyone that would. Why should this translate differently to Windows users? It was an extremely poor decision for the overall architecture of Windows XP to make the primary account an Administrator. Users, "power" included, do not need to run day in day out as Administrators on machines.0 -
God bless Windows Defender.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards