UAC Settings Question

[Chip Fossa]

When I click on certain programs [desktop icons] I'll get a UAC flag asking me if "I want to allow this program to make changes to this PC".
Of course I click yes, and then the program fully opens.

So my big question is: If I go into a UAC warning flag
and change my security level to "Never ask me again", for each affected program [Kodak printer; Goldwave; Total Recorder; Audacity etc.], will the CHANGE just affect THAT program, or change the entire PC's security settings for everything else associated with UAC?
I find this a real nuisance for programs that have been fully established for months. How many times do I have to click on YES before the PC gets it, and just allow the program, and quit buggin' me?

Running W7 Home Premium.

Thanks all.

[John Cipriano]

Believe it or not, it's supposed to bug you. Then you're supposed to go bug whoever made the software, then they rewrite it so that it doesn't require admin rights to run.

My understanding is that there isn't a way to disable UAC per-application. If you disable it, it's for everything. Now as to whether or not it affects other users... hopefully UAC changes are per-user in 7, but if not, see this:
http://www.pctipsbox.com/enable-disable ... ows-vista/

If you want a way to do it per app:
http://www.vista4beginners.com/Disable- ... plications
(looks a little involved, but maybe worth doing for a certain few)

In 7 you can make UAC bug you less without turning it off, so maybe try one of the lower settings? I don't know the security implications of that, maybe Wiz can chime in there.

[Mitch Drumm]

Chip;

I don't think there is a per-application setting for UAC in Win 7.

Everything I have read says to leave the UAC slider at one stop down from the top, like this pic.

As far as I can tell, you will always have to click to allow programs to make changes to your system. I guess Windows never "learns" that it OK with you for any particular program.

[Wiz Feinberg]

Chip;
As others have already told you, you cannot get granular control over UAC, without using third party applications (are they really secure?). It is all or nothing for Windows Vista users. Windows 7 offers some extra settings that you might find useful.

[Chip Fossa]

OK fellers,

Here's a snap of KODAK. And actually, Goldwave pops right up; not affected. But many more are.

[Wiz Feinberg]

Chip;
You are running into a situation where the authors of the software you are trying to run have not yet caught up with the new realities of UAC. Evidently, Kodak is one that does not understand these matters.

[Chip Fossa]

Wiz,
I knew that.

Thanks buck-oh.

No big deal, really.

[John Cipriano]

That's too bad about the printer. You have to go through UAC every time you want to print something? Mine would be through a window after a few of those...

[Chip Fossa]

I know John. Waddaya gonna do?

That's why I got this printer, cuz I don't print out much stuff.[$99]

I've actually been hoping to find an under $100 printer that just prints BLACK & WHITE, with about a $10 black ink cartridge.

The Kodak 5100 AiO comes close, except you still have to buy the color cartidge. Black cart. = $10, Color cart. = $15.

I don't why this printer won't print in black when the color cartridge is empty [assuming there's enough black ink].

[Mitch Drumm]

Chip:

You can buy a black and white laser for under 100 from Brother or Samsung and be done with inkjet cartridges. Watch places like Staples for occasional sales and coupons.

I print maybe 100 pages a year at most.

My Brother printer does not bring up that UAC notice when I use it. I've had it for 3 or 4 years with no issues. I paid $58.

I think inkjet cartridges will eventually go bad from inactivity if you don't use them every so often. But I have never had any issue with this laser and I've read that the the toner in them has a shelf life of at least 5 years.

I got tired of spending 30 bucks every year or so for my HP inkjet cartridges.

[Chip Fossa]

Mitch,

Thanks for the great tip. That's exactly what happens. The ink literally dries up. I've run out of more ink from non-printing, than printing.

I'm not sure just how laser printing works, but with a shelf life of about 5 yrs. on the toner, and under $100 for the unit, it's like a no-brainer for me.

Sad to say, I was just in Staples yesterday, buying what? Kodak ink cartridges.

And Kodak inks are about as cheap as it gets for inkjets.

I used to have a Brother Print/Scan/FAX machine years ago, but it just got lost in the shuffle somewhere. I remember, though, it was a fine unit. Worked very well.

I'll definitely be keeping an eye out for any sales, anywhere. Thanks again.

[Storm Rosson]

most of us who tested Veeesta/win7 betas,RC, etc. just turn the UAC crap off as it's more of an annoyance than a worthwhile safety function

[Chip Fossa]

So Storm,

Are you then saying turn off UAC within the UAC Settings page [as shown above]?
Set it to "Never Notify"?

When I download anything that may be questionable, now, I drag it over to Trend Micro's homepage in a blank spot, and that item is immediately scanned. Actually, I won't install anything until I first scan it with TM.

[Storm Rosson]

yep thats bout it, if u use real time protection like TM, Microsoft Sec Essentials, and malware Bytes always enable ip and file protection so the various ports both physical and virtual are constantly scanned u have no need for UAC....hell most of us aren't sure why they use it esp in win7...imho

[John Cipriano]

I don't agree. I like to know when my programs are doing admin-level things. If they're doing those things to the point of annoyance, it's time for new software.

Fun question: how do you know your ports aren't open if you are granting silent access to programs to open them as needed? (Not that open ports are always bad. My point is that you need to know who to trust, and if you log in as root -- into an OS with more malware written for it than actual software -- then you can't trust root anymore.)

I linked to something called "enumerating badness" earlier... and once again I'll say that I think it's much smarter to get a handle on the few things that you actually run than to try and protect yourself from every potentially bad piece of software out there. IMO if you're going take a risk, take it on the antivirus rather than running as root. I wouldn't dream of letting the majority of my users at work run as admin (on XP, which is sort of like Vista/7 with UAC off in terms of what software can do without asking), and at home I avoid the Windows malware scene by throwing the baby out with the bathwater, so to speak.

[Storm Rosson]

:)to each his own, I only have apps loaded that I use and trust and see no use for UAC....much like MS defender it's a just a turd in the mix but thats just imho ....and I was speaking of a personal pc not one at work or that other pinheads have access to....no body messes with my rig but me

[Wiz Feinberg]

Chip originally posted the question about UAC because it is driving him nuts having to tell his computer that he wants to run his printer program. It is a failing of the software from Kodak that is triggering those alerts. Because of the badly written software he is considering disabling UAC because there is no way to tell the operating system to chill, it's ok to run this! That is a shortcoming in the OS.

So, what we have hea is a failua to communicate! Chip, you should contact Kodak to see if they have an updated version of the software for that printer. Set UAC one level down, to ignore changes you initiate, or two levels down if you must, but I don't recommend disabling it altogether.

The reason for leaving some UAC alerts enabled are to at least give you a heads up that something wants to be installed that affects the operating system, which you may not have initiated or been aware was happening. This situation occurs when hackers exploit zero day vulnerabilities in software installed on your computer. It may be a browser exploit, or an Adobe Reader exploit, that if allowed to continue would place a rootkit on your PC. With a UAC warning you will have a chance to at least investigate, or say NO, until you have looked into it.

[Chip Fossa]

Thanks Wiz,

BTW, I just did a latest Kodak update about 4-5 days ago. Just now, when I clicked on FF, I got a UAC warning. It may have been because I just dwnl/instl the latest update for Quicktime. First time I ever got the UAC alert with FF.

As Storm said, "I know all the apps I run on my PC". Me too. I just don't take willy-nilly chances anymore. I just pay a lot more attention to checking out the PC via TM, Malwarebytes, Secunia. Seems to be working pretty well for me; as opposed to the "early years".

John, I had a bit of struggle following your post. When you talk of "root", do you mean as a user or administrator?

Wiz - so you are saying it would be OK to lower UAC to 'never notify'? I never thought to disable it.

Thanks all - good info.

[Chip Fossa]

OK,

I guess the UAC alert with FF was because FF auto-update was in motion. Crossed wires. I was trying to access old FF when new FF was trying to move in. I'd say that's good timing.

[Wiz Feinberg]

Chip;
I do not recommend disabling UAC unless you disconnect the PC from the Internet and never plug in a thumb drive or install software from a CD or DVD.

Also, many risks of operating a Windows any version PC on the 'Net can be reduced by 90 percent by reducing the privileges of your daily account to a Standard User (Win V/7), or XP Power User. I just published an article about this on my blog, titled 90% of critical Windows vulnerabilities mitigated by eliminating administrator rights.

[Chip Fossa]

Wiz,

You must have read me wrong. You must have thought when I said I never thought about disabling UAC, that "boy, this is a good idea".

NO - I meant, I WOULD NEVER THINK OF DISABLING UAC.

About User vs Administrator Accounts?

We've gone round and round with this in the past. I hate using two accounts. I tried it back when I had XP . I'm sure you know what you're talking about.

My beef is that when you set up the 2nd account, things get all messed up. You gotta just about re-install everything. Settings are out of whack.

Why do we have all this virus/malware/trojan/worm etc. protection software, anyway?

I don't spend a lot of time on the internet. And when I do, I usually go to places I'm well familiar with. I've been running in the Admin Mode for quite awhile now. Haven't come across any problems at all.

Just Sun Java & Adobe.

As I say, though, you know of which you speak. I'm just giving my side.

[Wiz Feinberg]

Chip;
I'm glad to hear that you have managed to avoid getting your computer infected, despite running with Administrator privileges. This is quite a feat to achieve! You do, however, have some of the best protection installed on your current PC. I think that were it not installed you would be requesting help getting rid of this or that Trojan, like many others have done.

My point about operating with reduced user privileges is valid. One can continue using the same account and settings as before, by demoting their account privileges, after first creating another account with Admin rights. That account would be used to install and uninstall software and drivers and to defrag and run Windows Updates. The less privileged account would be used just like it was before, but with much less vulnerability due to its reduced user privileges.

Just my 2 cents.

[John Cipriano]

Chip, running as admin and running as standard user are very similar, post-Vista. That's what UAC does, it sort of neuters the admin account. These days, if you want to run a program as admin, you have to right click and hit "run as admin," which triggers a UAC prompt. This is true whether or not your user account is marked as an administrator.

So do whatever you like there.

(I think?? I don't use much of the newer ones so maybe Wiz knows better. From what I've seen there basically are no more "real" admin accounts if you aren't on a domain.)

BTW: a little off-topic now but the entry-level HP laser is P1005, I got one for work and it's fine. I can't say off the top of my head how many pages we get out of a toner cartridge but it's obviously way better than what inkjet cartridges get you and you're not paying for color.

The flip side is that you can't print color when you occasionally want/need to.

And yeah root is just short for administrator. I used root to mean "real admin with all admin privileges" because what "administrator" means gets messy depending on Windows version. I was saying that at work my users run standard (non-admin) accounts and at home it's moot because I'm on a Mac. Mac & Linux do something similar to UAC, btw, called "sudo." Not quite the same thing but generally if you do admin-level things you get prompted for a password. Unfortunately Windows was late to the party with that one and software developers make their own jobs easier when they assume that you have admin privileges all the time (you don't, and shouldn't, which makes it really annoying when you have to keep OKing things).

[Chip Fossa]

Hey Guys,

Easter's tomorrow.

Thanks.

Happy Easter.

I really want to undersand this, better.

Cipriano

[Wiz Feinberg]

Happy Easter everybody!