Proof that UAC is useless.....

So just to feel 100% secure, I had UAC enabled for the last 2 weeks....

Yesterday, I got a file, I ran it, nothing happened......

UAC was enabled.....

UAC didn't notify me of anything.....

later on......I discover I have a virus upon scanning with PREVX...

it appears that file I ran had automatically copied a file named "winuac.exe" to the Windows\System32 folder.......

so tell me really.......other than the useless annoying alerts that I get for even renaming a folder.....where did UAC come into play here?

my advice to anyone frmo now on.....turn UAC OFF, in the real world.....it can't stop anything serious....it will only make your life much more difficult but fail to stop REAL threats.

 

first asnwer: can't be.

second answer: interesting if true.

on vista, not win7 you are, right now?



and btw, it does NOT make your life "much more difficult". else, you're using your computer wrong.

really.. crybabies all around.

but what file was it? i'm curious.

 

"i got a file"

from a friend, from ??

There is so much wrong with your post I don't know where to begin.

 

yes as the sig implies I am on Vista x64 bit

and it doesn't make your life difficult, but I mean it is really annotying, asks me if I want to delete a file from my D:\Software folder for example, of If I want to even rename a file in the start menu.

however, why didn't it stop that application from copying and running a file on a system folder such as system32!

That to me sounds 10x times more dangerous than renaming a file heh?

verdict, turn UAC off, and just watch what you're doing, + have a good AV and malware scanner.

kthxbye

 

I cannot discuss what file it was as that is against the forum rules. but regardless of what it was .......why wouldn't UAC stop it since it was trying to copy and RUN a file on the system folder? + startup registry entries?

 

i want to know the file.

file, or it didn't happen.


and i know why it doesn't want you to delete a file from d:\software, and i can fix it that easy that it never annoys me again.

i know which files i can't easily rename in the startmenu and why, and it makes sence, did so since years. you don't know, so it annoys you.


but it's unimportant. anyone pissed off by uac is a crybaby that doesn't understand the design of the os. that, per se, isn't a problem. but whining in public instead of learning, that is (for me, at least).

still, i want to see the file.

 

And just what would happen if you put a file named "winuac.exe" into the Windows\System32 folder (i.e., so the file's full path was C:\Windows\System32\winuac.exe)?

There's no such system file in the first place, so it wouldn't be triggered by anything in the OS itself without the user's intervention.

 

that's what i want to see. send it to me. i'm davepermen, and i'm on gmail. the rest is clear

 

Which "rule" would that be? There's not one rule that would forbid the mention of the name of a file that delivered a viral payload.

 

Thhat's the piont! The file path you mentioned is the exact path.....

but tell me, why didn't UAC intervene when some file was being copied to a system folder?

 

well it was a crack for a program called hide my ip

 

it should have. so it's interesting. but without the file, we can't tell..

 

\well i just shared my experience..... it is your call you guys

 

How big is this "winuac.exe" file?

 

I'm still waiting.... for a mail......

 

So what are the permissions on your System32 folder, and what is your user type (standard/admin)?

Code:

icacls %windir%\system32

No. Your thread title says that you have proof. We want the evidence, or you can rename your thread.

 

i bet he has fat32

*joking and running away*

 

People who turn off UAC make OS engineers cry... Linux and UNIX have it hardwired into the core, and somehow no-one complains.

 

Exactly, it is hard-wired into the core. As in, it was not tacked on by Microsoft like some teenagers when they pimp out their Civics and Corollas with sports rims. I use UAC because it can help, but I still think it is poorly implemented.

 

why u guys jumping on him like his lying or he has done something wrong IMO....just help him out on his problem as much as u can that's what this forum is for ...he wants to know simply why UAC didn't jump in to help him or warn him when he needed it the most

 

because it's maximus. he has a history for hyping some stuff, and hating uac.

and i still haven't got mail from him with the file. i want to see this working.

because if it works, it has to quickly be reported to microsoft.

 

To start with, he hasn't given near enough facts for anyone to help him.

 

as long as it doesn't fail (like it might have, in this example), it's not poorly implemented. but as old / crap software still has to learn how to behave in a proper environment, it may look like that. but that's not UACs fault (except for being years too late. it should have been in the NT code right from the start. no one would have ever cried about it, then).

 

Whether or not it works as a security feature is not the only criterion for how well it is implemented. That is why I use it (because it is a useful security feature) but also hate it at the same time; UAC is intrusive and annoying, and even Microsoft has accepted this criticism.

Now they think they'll be fixing it with UAC in Windows 7, but just look at how *nix systems do not pester the user with prompts or requests for a password: by designing the system in such a way that a) the user doesn't often need admin privileges and b) administrative privileges require a password rather than clicking "OK".

 

guess thats true he doesn't seem to really mind anymore he hasn't logged in yet

 

OMG! History going to repeat itself? UAC War =.=!
For my current understanding of this topic here, it seems UAC have a "hole".
I am not UAC lover and I do not use it. So, it doesn't matter if there is a problem in it. I do not use it doesn't mean it is useless(I afraid got people shout at me again).

 

*shouting at you*

no, to each it's own. but the topic title is so dramatic and flamebait chosen, it attracks all of us

a title like "I've got a virus circumventing UAC" or similar would have let the topic be much less flame-style.

(and, you're stupid disabling it. *shoutshout* )

 

Is it safe to call the thread a FAIL as yet?

 

There are ways to bypass UAC, and if you download malware that has code to do so, then there's little that can be done. In fact, there are at least two UAC vulnerabilities in Windows 7 that, according to this article, are serious flaws in Windows 7 UAC that can be easily exploited.

In the future, create a standard user and use that for day to day activities. Sorry Maximus, but if you download cracks sometimes you get burned.

 

You really know you're the one who always shout at me. XD!
Seriously, I don't have UAC for 1 year and I am quite happy with UAC disabled.
My laptop seems work well with Avira, Windows Defender, Windows Firewall, SAS and MBAM.

 

I wont start talking about UAC im sure a lot of you know where i stand

But the chances that a virus/malware will bypass UAC AND your antivirus are really slim.

 

no, he could still mail

 

you know i where just joking

btw, my whole network works well with.. UAC and windows firewall. everything else is off those are the two that work without hurting performance while untriggered, so i let them on

 

and if one doesn't download illegal cracks to funny system tweaking/security software per se, then the chance is 0 by the start

 

I don't use UAC because I can handle my own computer. New things get tried in sandboxes or maybe even a virtual machine, depending on what it is and my planned use. I don't illegally download stuff, and there's little (but not none) malware in legally obtained files - so to start, I have little to worry about. The people who need UAC are users who wouldn't know other precautions to take to protect themselves. But for a user like MaXimus who obviously doesn't know how to determine if a file is safe (I'd personally be suspicious of almost any crack on the net) or how to protect himself and his computer UAC is probably a smart idea - but of course everything will have flaws and vulnerabilities and nothing will be 100%.
Hey man, UAC is like an airbag. Just because your car has airbags, don't drive your car into a wall at 60 MPH and wonder why you got hurt. Downloading executables of questionable origin and executing them without thorough investigation first is not shame on UAC, shame on any Anti-Virus or Anti-Malware - that's shame on the ignorant user.

Oh and again, I don't personally like the implementation of UAC.

 

I would choose OpenSource or Freeware instead of finding cracks. Personally, I have try searching for cracks illegally long time ago with no AVs and UAC turned on. The result = computer get infected.
So, now when searching illegal software(rarely) I would think twice and ask some people to confirm the files are safe to download, then, only I would download it. I would let my friends to test out those illegal software before I get them because they always download illegal software and very familiar with them. LOL.

I don't use UAC too. CHeer~

 

Proof ? not possible. I formatted after that incident and i'm not gona run the crack again and have my system infected just to tell you the details. I deleted it anyway, it was the crack for Hide My IP Pro.

and my account is an admin account offcourse.

 

Thanks for your support d00d.

I will try to get that file again to shut those UAC believers

 

I support you too XD!
I don't use UAC as you known already.
I already influence my friends to shutdown the UAC and all thanks me like crazy. They said the NAG finally gone. LOL. They have been turned it off UAC almost 6-9months and have no problems with it because they installed AV(such as avira and avast and avg) and with Windows Defender and Firewall, very hard to get infected already.

 

you had to reinstall??

haha.


still waiting for the proof.

and just because it may have a flaw doesn't mean it's a proof. if the flaw doesn't get fixed, you have some proof, yes.


what scares me more is, does it work on win7, too? wouldn't be fun to have a virus that works before the os gets deployed at all.


better get the virus, i'll try to contact microsoft, then, to find a solution.



i won't comment on the UAC disabler anymore. as it's ridiculous, it's better to shut up. everyone their own. but UAC on is still more save than UAC off. so telling your friends (who may trust you) that it's better off is not nice.

 

Of course my dear devepermen. UAC is simply too annoying sometime. It is safe to have it ON but it is annoying to have it OFF. When people is in haste suddenly got a NAG screen appear and it slowdown a few seconds(very precious).
Hell yeah. You can't blame or comment on UAC disablers definitely. Because it is their decision and choice. They won't blame you also. But with some AVs and Security tools, UAC would not be needed anymore. I know UAC uses much less resource and AVs used much more resources but everything is worth without the NAG screen.

 

Has the OP simply taken ownership of the system folder at some point in the recent past? This includes applying uxtheme patches or any patches to customize the system, which may involve switching the ownership rights of system folders (so system files can be replaced).

 

Urm. Can I ask you how to use the system files repair by using the command prompt? Like the the windows theme got screwed up and need to be repair. How would it done? I forgot how to do it already. I know with the repair all ownership rights of the system folders would back to the original again.

 

no, it isn't annoying, and no, it's not very precious seconds when they appear maybe once each other day, if at all.
if not, if they really appear often, you should be a good and intelligent friend AND HELP THEM FIXING THE PROBLEM. UAC isn't.

oh, and, teach them, explain them what it does (and learn it if you don't know it yourself really). then, they don't find it annoying anymore.

I blame you for disabling it on people that should have it on, spreading the FUD that it's useless and annoying, supporting the crybaby hatres on the internet and in your friendship, instead of growing up, learning to understand the technology, fix the flaws that happen to be there from stuff wayy older than UAC that still have to learn to work with it.

I blame you for being ignorant.


As long as it's on your machine, it's your choise. The moment you (try to) affect others, it's not. Then it's spreading false information and false knowledge. And then, it's dangerous. very dangerous.

the result of exactly this crybaby behaviour is what we have in win7 now, a less secure UAC. just so that you are happy that it doesn't "take away your precious seconds".

btw, uac here is instant.

 

Chill man chill man. Why're you getting so serious. LOL.
Ignorant LOL. If I am ignorant I won't bother to turn it off. =.=!
Anyway, my friends were glad. Not only myself spreading the UAC disabling words, some of my friends also spreading it. Not spreading just advice to shut it down because while we're installing stuffs and presentation, it is quite annoying. Moreover, with free AVs and paid AVs, no one finds a problem. You did admit it is user preferences. Why you still blame me being ignorant? It is not false knowledge or information, it is "want NAG free? Disable UAC and get strong AVs and security tools".
Well, I won't cry or sad if my PC get infected with UAC turned off, because for me everything would be fine without NAG.

 

you spread lies, ignorant lies.

btw, i have no antivirus. system is much more performant. don't say "AV and security tools" are nagfree, and not harming the system.

i don't support this for my friends, though. they all "have to use" antivir according to me.

UAC is just not quite annoying.

EVERY OS INCLUDING CELLPHONES HAVE IT TODAY.

omg, my computer wants to be sure i know that, right now, i potentially harm my system to no repair AND IT ASKS ME! HOW ANNOYING.

it's annoying when i stab someone a knife into the body that he cries, too..


*still waiting for the mail from maximus*

 

In my case UAC is freaken useless. why? because i dont download or mess with files i dont know about. plus i have proper virus protection and stuff.

 

So you disregard safe computing protocol and run as an admin user constantly. Then you go to find and execute suspect files on your computer as the admin user. Then you post this thread, proclaiming that you have proof that UAC doesn't work, and spin off this -and-bull story about how you got infected from a crack and conveniently wiped all evidence. You can't even tell us what permissions were applied to the folder where the so-called malware was copied to.

Sorry, but it really sounds like you've made this entire "experience" up to start a UAC bashing thread.

UAC is just another tool to help empower the user by telling them what's going on with their system. It also provides low-level browser sandboxing if you use IE7/8 and Chrome. People that disable UAC remind me of people who drive around without wearing their seatbelts and say, "Oh, I'm a responsible driver, I'm really careful, no way I'll crash." I don't understand why people buy a more secure operating system with more features and then go disabling them all just so that they feel like they're experts that know what they're doing.

 

This thread was an interesting read. I found it very amusing (just thought i'd let you guys know ). Keep it up.

P.S. Will someone please send daveperman his email already. He has been very.. forthcoming. And so what if his computer gets infected as well. A little down-time will do him some good (his posts scare me).

 

As expected, you're screaming/shouting at me.
Never mind. Your UAC guide I'll read it when I was free because as told before UAC is not useless. Just don't use it because I don't know use it properly(turn to NAG).
If UAC is godlike, again all AVs would be dumbed. It is godlike for some people who really know them very well but it is doglike for some people like me(idiot) don't know use them wisely. But an idiot like me have no problems without UAC turned off that's why I glad I am an idiot who have failure knowledge of UAC.
Take some rest my friend deverpermen, don't go too serious.