Tuesday, May 27th 2008

Windows Vista UAC 'Nails' Rootkits

Most would agree that Windows Vista's most obvious security feature, UAC, which asks a user for confirmation every time the computer decides to perform an administrative task, can become quite annoying. However, past whatever annoyance a user might perceive, it does have some very useful features. When a security firm pitted seven anti-virus suites against roughly 30 rootkit infections. Unfortunately, none of the programs found all of the rootkits. However, when tested on a Vista platform, Windows Vista's UAC actually prevented the rootkits from getting terribly mangled into the system, which made removal and detection a little easier. If nothing else, UAC kept the system more stable while the rootkit did its thing, and prevented a lot of damage from happening. In fact, when the security firm pitted the rootkit against Windows Vista UAC by itself, all of the rootkits were stopped right in their tracks.Source: Neowin.net
Add your own comment

40 Comments on Windows Vista UAC 'Nails' Rootkits

#1
PVTCaboose1337
Graphical Hacker
The first thing I did on Vista? Turned off UAC because it does not do crap. (I mean it does, but allows me to do nothing)
Posted on Reply
#2
Triprift
It doesnt stop the fact its as annoying as ya get

Im sure its super great at security but thanks to its mega annoyance ill just use Kaspersky n my router for security.
Posted on Reply
#3
Kreij
Senior Monkey Moderator
I guess I am not sure why people think it is all that annoying.
You only have to perform one extra mouse click to allow a program to run, and then only on programs that could be (potentially) problematic.
Posted on Reply
#4
bowman
It was really annoying to begin with, now I'm used to it.

What's annoying, is when the UAC popup takes AGES to pop up. Some sort of freeze or bottleneck, some times it takes ages compared to what it'd take just starting the app.
Posted on Reply
#5
blobster21
Great ! UAC saved the day...but still...

it's comparable to Ubuntu's way of asking root password whenever you perform administratifs or potentially harmfull actions.

in the end, the regular joe (i'm one of them) ends up desactivating UAC and/or log himself as root and kiss the annoyances goodbye
Posted on Reply
#6
HaZe303
by: PVTCaboose1337
The first thing I did on Vista? Turned off UAC because it does not do crap. (I mean it does, but allows me to do nothing)
Same here, I even use vlite to disable it so I never have to deal with it in the first place? Maybe I shouldnt?:)
Posted on Reply
#7
jammy86
by: Kreij
I guess I am not sure why people think it is all that annoying.
You only have to perform one extra mouse click to allow a program to run, and then only on programs that could be (potentially) problematic.
One extra mouse click, every single time you click the mouse on ANYTHING. If you dont find it gets in the way much, you dont use your computer as intensively as most on here do.

Vista goes like this:

Install
Turn off disney style start menu (same with XP)
Turn off UAC
Turn off the security centre telling me I'm not secure...
finally start to use it.


You know its true.

JAmes.
Posted on Reply
#8
jydie
I don't use Vista yet, but Spybot will pop up a confirmation window when a program tries to update the registry... and ZoneAlarm does the same when a program tries to go out to the internet. I thought they were annoying at first and barely paid attention to what they were telling me. But after having to re-install Windows XP due to a nasty virus, I have grown to like the confirmation windows. I now WANT to know what is going on "behind the scenes".

The internet is not safe, and I prefer to have my main PC as secure as possible.

If Vista is truly safer to use, I might have to consider upgrading my main PC...
Posted on Reply
#9
Kreij
Senior Monkey Moderator
I am not sure what you mean by "click the mouse on ANYTHING".
90% of the applications on my computer do not popup a UAC dialog box for verification.
It is only programs that do something at a lower (or questionable) level such as ATITool, CCleaner, CoreTemp, etc.

Of course, if 90% of what you do involves programs like these, then yes, I can see it getting a bit tedious.
Posted on Reply
#10
Conti027
by: PVTCaboose1337
The first thing I did on Vista? Turned off UAC because it does not do crap. (I mean it does, but allows me to do nothing)
I did the same thing.
Posted on Reply
#11
Kreij
Senior Monkey Moderator
One of the first things I did when I installed Vista was to shut off the UAC and driver signing.
After reading this post, I thought I would try UAC again to see how often it pops up.
Not very often actually.
I think that it would be prudent to leave it on unless you are using programs repeatedly that cause a popup. If I was going to run some benches I would turn it off for the duration of my testing and then turn it back on when just doing regular work.

Just my 2 cents. Whatever works for you is what you should do.
Posted on Reply
#12
Mad-Matt
I found Tweakuac useful for enabling Silent uac mode. the benefits of uac without the annoyance. although security centre still thinks its off so that side is still an annoyance requiring dissabling it ;)
Posted on Reply
#13
Cold Storm
Battosai
I think UAC is good for the every day joe... Ones who don't know that much about computers but just to get online and talk... But, for people like us, I can see it getting annoying. I've installed Vista about 4 times in the past few months because of killing things... and After the first two times, I made sure it was the first thing I shut off! Good tool, but No need for me to use it.
Posted on Reply
#14
Haytch
So what they are trying to say is that Vista being so annoying finally has a single usefullness! Except, its not all that because all it does is make the clean up proceedure a little easier. End result, Vista was still compromised. So to us end users, its back to useless.

I have no doubt that UAC promotes more trouble then it resolves.
Posted on Reply
#15
Exceededgoku
I still have mine activated, and to take it one step further ive made it ask for my password as well... Am I sad lol?
Posted on Reply
#16
Dia01
Well, something that annoying surely has to have a benefit.
Posted on Reply
#17
Laurijan
Spybot´s tea-timer function does the same in XP? or am i mistaken..
Posted on Reply
#18
jydie
by: Laurijan
Spybot´s tea-timer function does the same in XP? or are i mistaken..
Yes, you are correct. :)
Posted on Reply
#19
Rebo&Zooty
uac=microsofts unpolished attempt to copy how linux handles user security........


blah, it drove me crazy when i was using vista.........i dont need asked every 20sec if im sure i want to do something.

http://www.youtube.com/watch?v=uDiaQrZviyc

saddly this mac vs pc video is more true then any of the rest.........
Posted on Reply
#20
imperialreign
hmmm - so Vista blocks rootkits . . .


I wonder if that's because it's an extravagant, over-bloated, selfish rootkit itself, and doesn't play nicely with others :wtf:
Posted on Reply
#21
Rebo&Zooty
by: imperialreign
hmmm - so Vista blocks rootkits . . .


I wonder if that's because it's an extravagant, over-bloated, selfish rootkit itself, and doesn't play nicely with others :wtf:
thank you for that, it made me lulz :D
Posted on Reply
#22
Davidelmo
by: blobster21
Great ! UAC saved the day...but still...

it's comparable to Ubuntu's way of asking root password whenever you perform administratifs or potentially harmfull actions.

in the end, the regular joe (i'm one of them) ends up desactivating UAC and/or log himself as root and kiss the annoyances goodbye
Werd.

I hate UAC, but I recently insalled Ubuntu on my laptop and to be fair, tha is probably even worse from an "annoyance" point of view (i.e. you need to enter a password.. not just click "ok".)

However, I actually have confidence that Ubuntu is secure.. I don't really feel that UAC makes Visa any more secure.... it just annoys me when I'm trying to delete something and I have to click an exra time.
Posted on Reply
#23
Haytch
by: Exceededgoku
I still have mine activated, and to take it one step further ive made it ask for my password as well... Am I sad lol?
Not sad, just extremely patient. Patience is something i lack!
Allow / Deny ? ' You frickn just asked me!
Posted on Reply
Add your own comment