Disable Annoying Vista UAC popups with TweakUAC (free!)

If you’ve used TweakUAC, you’ve seen the “quiet” option it offers that lets you suppress the elevation prompts of UAC without turning the UAC off completely. In such a mode, you keep all the positive effects of UAC, such as Internet Explorer operating in the protected mode, applications starting without the administrative privileges by default, etc. The only thing that gets changed is that you will no longer see the infamous “Windows needs your permission to continue” messages whenever you attempt to make a change to your Vista configuration, or when you run a program that needs administrative rights.

However, reading what other people wrote about TweakUAC in their articles and blogs, I often see comments suggesting that using TweakUAC to operate UAC in the “quiet” mode makes your system less secure. Such comments show that there is a lot of confusion about how UAC works and what it is protecting the system from. Let me try to clarify it a bit here.

I can see how the confusion may occur: whenever someone is presented with the  “Windows needs your permission to continue” message, it creates the impression that UAC is looking after the user, and protects the vital system settings from being destroyed or corrupted. The user is probably thinking, “If a virus or spyware gets into my system and attempts to do something dangerous, UAC will alert me, right?” Wrong.

There is only one single “moment of truth” when it comes to malware getting unlimited access to your system, and it occurs when you attempt to run a program you have downloaded from an unknown web site:

Vista warns you about it no matter whether UAC is in the quiet mode or not, it warns you even if the UAC is turned off, and even if you don’t run Vista at all: a similar message is shown by Windows XP with the latest service pack installed on it. What many users don’t realize is that if they allow the program to run just once with the full administrative privileges, it becomes the “point of no return”: from that moment on the software is free to do whatever it wants to the computer and no UAC messages will be displayed anymore about that particular software or any changes it makes to your system, even if UAC is fully enabled. The software can quietly install a keyboard hook to intercept your passwords, it can get full access to your files and documents (even if you keep them encrypted with the EFS system or Bit Locker), it can install itself to autostart automatically with full administrative rights every time you log on to Vista, and again, Vista UAC will NOT tell you anything about any of the bad things such software can do.

So what is the point of the “Windows needs your permission to continue” messages then, if they don’t protect you from the malware, you might ask? They are there to protect you from yourself. They are there to alert you that you are about to make some change that may have more or less significant effect on the system. They are like those “Are you sure you really want to delete this file” messages, to keep you from inadvertently deleting a file by hitting the Del key accidentally (although even such messages are not necessary if you have the Recycle Bin set up to keep the deleted files without actually deleting them from the hard disk). 

Is it dangerous to use the “quiet” mode of UAC then? It’s only dangerous if you consider yourself as one of the potential damaging factors and want to get an extra warning when you are about to do something potentially dangerous. (Yes, ignorance is always dangerous, not just when it comes to computers). However, if you are an experienced user and have some understanding of how to manage your Windows settings properly, you can safely use the quiet mode of UAC.

Andrei Belogortseff
http://www.winability.com/

DISCLAIMER: THIS INFORMATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

For programmers: We’ve just published a new version of our sample application VistaElevator 2.0. The main improvement is the function RunNonElevated() that makes it possible to start a non-elevated process from an elevated one. The VistaTools.cxx file is also updated to version 2.0. Check them out!

Andrei Belogortseff
WinAbility Software Corp.

I believe I’ve stumbled upon the first bug in Vista UAC (in the final release of Vista, not in a beta version).

It’s very easy to see the bug in action:

• Login to your computer with the Guest account. (You may need to enable the Guest account first, using the Control Panel).
• Download any digitally signed program (such as TweakUAC), save it to the default download folder (C:\Users\Guest\Downloads).
• Now run the file you’ve just downloaded, and take a look at the elevation prompt displayed:

As you can see, UAC cannot recognize that the file contains a valid digital signature, and it warns you that the program is “unidentified”. This is a bug, because you can check that the digital signature of the file is actually valid:

This problem is not limited to the TweakUAC file, any other digitally signed executable (such as the installation utilities of most software packages) will produce the same effect. All you need to do to reproduce this bug is login to Vista with the Guest account and run a digitally signed file from the Guest\Downloads folder. Note that if you copy the executable into the C:\Program Files folder, and run the file from there, its digital signature would magically become recognizable by UAC! Move the file to the root folder C:\, and the file again becomes unidentified to UAC. 

Is this bug dangerous? Yes, it is! The whole idea behind UAC is to shift the responsibility of distinguishing the bad programs from the good ones to the end user (you!). The only tool that UAC gives you in this regard is the digital signature information, and it turns out it’s broken! How are you supposed to make the decision whether to trust a certain program or not if UAC does not provide you with the correct information? (Nevermind, it’s a rhetorical question).

Andrei Belogortseff
WinAbility Software Corp.

When developing applications for Windows Vista, one of the problems that often arises is how to programmatically control the execution level of a process. When the user starts an application, its elevation level is determined by the value of the requestedExecutionLevel attribute in its manifest, and Vista’s User Account Control takes appropriate actions depending on it (such as displaying the elevation prompt when needed, etc.) However, what if the application needs to start a new process with a different execution level than that of the application itself? For example:

• An application that runs at the standard (non-elevated) level determines that an updated version of it is available for download. To be able to update itself, it needs to start a separate process that needs to be elevated in order to perform the upgrade properly. In this case a non-elevated process needs to start a new, elevated process.
   
• Most of the installation utilities offer the user the option to run the application automatically at the end of the installation. The installation utility is executing at the elevated level, however, the application must be started at the standard, non-elevated level.

Microsoft has provided a relatively easy way to accomplish the first task (starting a process elevated), by specifying the “runas” verb when calling the ShellExecuteEx API. However, for some reason they have not offered a similarly easy way of going in the opposite direction: to start a non-elevated process from an elevated one. To solve these and other related problems, we have developed a set of C++ functions as well as a sample application VistaElevator that demonstrates how to use them. If you are a software developer, check them out!

Andrei Belogortseff
WinAbility Software Corp.

Someone left a comment about my earlier post that I am “sending out a dangerous message”. I could not disagree more. What if my message was “You can open email attachments, they do not necessarily contain viruses”, would it be a dangerous message? Or, if I wrote: “You can do online banking, not all web sites are phishing traps”, would such a message be dangerous, as well? The danger is not the message, the danger is the user’s ignorance that allows malware to trick the user into allowing it to do the bad things.

Returning to UAC, the real danger is that it shifts the responsibility of detecting bad software to the user. This is dangerous because a ‘regular’ user does not have enough expertise to tell good software from bad. The only tool that a user has at his/her disposal is the digital signature checker. And that’s a pretty weak indicator of the ‘goodness’ of the software.

Another real danger of UAC is the false sense of security it provides to the users who don’t really understand how to protect their computer from malware. If malware infects a computer, by the time it requests the elevated rights by displaying the UAC prompt, it’s already too late! The malware should have been stopped much earlier, by the firewall, by the anti-virus/anty-spyware software, by the security patches applied to the operating system.

Let me make it as clear as I can: the message I’m trying to convey is not “you should disable the UAC”, it is rather “You can use computer without the UAC, as long as you know how to protect your computer from the malware”.

Andrei Belogortseff
WinAbility Software Corp.

This is just a quick note to let you all know that we have updated TweakUAC for the RTM (final) version of Windows Vista: Download the new version.

Andrei Belogortseff
WinAbility Software Corp. 

To understand the ramifications of disabling UAC (User Account Control of Windows Vista), let’s consider the threats it is supposed to protect us from. Here is what Microsoft has to say about it on their User Account Control Overview page:

“The main goal of User Account Control is to reduce the exposure and attack surface of the operating system by requiring that all users run in standard user mode. This limitation minimizes the ability for users to make changes that could destabilize their computers or inadvertently expose the network to viruses through undetected malware that has infected their computer.”

In other words, if a virus infects your computer, UAC is designed to reduce the impact of it on the operating system. While that’s a good thing, note that UAC does not prevent your computer from being infected with the viruses in the first place, it can only reduce the possible damage caused by the infection. It means that we still have to have anti-virus and anti-spyware software running on our computers (and keep them up to date!) And let’s not forget about the firewall, it’s just as important as antivirus for keeping your computer out of reach of the bad guys.

Let’s re-read the Microsoft’s statement once again. Note that UAC is not designed to protect your personal files from the viruses, it only protects the operating system. That is, if a virus gets into your computer with UAC enabled, it will still have the full ability to damage your documents, or to collect all email addresses from your address book and send email messages to everyone pretending to be you, and so on. Even if your files are encrypted, a virus will have full access to them just like you do, even if it runs with the limited privileges of a standard user. Think of it this way: everything you can do with your computer as a standard user, a virus can do, too, and UAC cannot stop that on its own.

But if UAC protects the operating system from the virus, that must be a good thing, right? Of course it is, but while preventing viruses from attaching to system files was important in the old pre-Internet days, viruses no longer spread themselves that way: when was the last time you copied a system dll on a floppy and gave it to a friend who asked to help him repair his installation of Windows?

As for limiting the ability of a virus to start automatically every time Windows Vista starts (another activity UAC is designed to protect from), such ability gives the virus almost no advantage, because restarting a Vista computer is a very rare event (after it is initially configured and set up). Even if you press the Turn off button on the Start Menu, and then turn the computer back on, the regular operating system restart does NOT occur: Vista simply hibernates the computer and then wakes it up, rather than going through the complete restart routine. It means that it may be days or weeks or even months before Vista gets actually restarted, and all this time a virus in your computer can be active and operational, even without the ability to install itself to auto-run on Windows restart. So, even if UAC keeps the virus from doing that, it does not prevent the virus from running for the extended periods of time.

And let’s keep things in perspective: what is more embarrassing, having a virus send a bunch of emails from your name to every address in your address book, or attach itself to a system dll? Or, what is more damaging, a virus erasing your documents or installing itself to run automatically at Windows start-up? Guess what, I could not care less about the operating system, I can reinstall it from scratch any time I want. Sure, it would take a couple of days and cause a lot of frustration, to reinstall Windows and all applications I use, to configure everything the way I want, but still it’s a lot less stress than trying to recover my files damaged by the virus before I had a chance to back them up, or explaining to my friends how come I’ve started sending them the body parts enlargement offers.

Let me reiterate once again: to be protected from viruses, we still need the anti-virus software and a firewall, because that’s where the real protection is, no matter whether UAC is enabled or not.

One area where UAC can actually serve a useful purpose is, as stated on the Microsoft’s web page I mentioned above, to minimize the ability of users to destabilize their systems by making changes to the global settings of the computers. This is a good thing for the users who get new computers with the administrative accounts set up for them by default, but who do not have enough computer knowledge and experience to make significant changes to the global computer settings. In such a case, UAC can keep the user from messing up his or her system, for the user’s own good. However, even in this case the effectiveness of UAC is limited: after the user learns to click on the Allow button to continue with the task, after a while s/he will be clicking on it automatically, without paying much attention to the text of the message. And that opens a possibility for the malware to trick the user into allowing it to run with the administrative privileges: after all, can you expect an average user to read and analyze the text on the elevation prompt every time it pops up on the screen?

Another area where UAC could be of use is when Vista is installed on a public computer, where anyone can walk in to the computer and mess it up. However, that’s what the limited user accounts are for: you would be insane to allow everyone to access a public computer via an administrative account, even with UAC enabled on it! That means that even for the public computers UAC is essentially a useless addition.

So, would it be wise for you to disable UAC? Ultimately, it’s for you to decide, whether the thin layer of extra protection that UAC provides is worth the extra annoyance it adds to your work. Hopefully, this article will help you make the right choice.

Andrei Belogortseff
WinAbility Software Corp.

If you’ve tried Windows Vista (RC1 build 5728 as of this writing) even for a short time, you have undoubtedly experienced its new security feature called User Account Control (or UAC for short). I bet that after you’ve seen and clicked on a few of the UAC elevation prompts, you were thinking: “With Windows Vista, Microsoft has achieved a new level of annoyance for the computer users” (or something along those lines.) If so, I have good news for you: you don’t have to suffer from those pop-ups anymore!

Fortunately for all of us, Microsoft has left the means in Vista to make UAC less obtrusive, or to even disable it altogether. To make it easier for you to take control of UAC, we’ve created TweakUAC, our new software tool. (It’s free for you and everybody else!) With TweakUAC, you can configure UAC to operate in the silent mode and make those annoying pop-ups disappear. You can also turn UAC off completely, and be done with it once and for all. Of course, if some day you decide that you want to have UAC enabled after all, you can use TweakUAC to turn it back on, too.

TweakUAC is extremely easy to use, as you can see from its screenshot:

Download TweakUAC | Learn more about TweakUAC

(Note: If you are clicking on the screen above and nothing happens, don’t send us bug reports! The screenshot is just a picture of the program, it’s not the actual program. To use TweakUAC, you must download it and run it on your computer, see here for the details.)

Whether silencing or disabling UAC is a wise move is open for debate, and we will discuss pros and cons of it in the future posts here in detail. Meanwhile, if you consider yourself an experienced XP user, you may find TweakUAC of help for those times when you are making extensive changes to the configuration of Vista, such as during its initial setup. You may want to temporarily disable UAC, to be able to make the administrative changes without being constantly interrupted by the UAC pop-ups. After you are done configuring Vista, installing new software, adding the device drivers, etc., use TweakUAC to enable UAC back on, just in case. Or, leave it off: after all, if you have used Windows XP for an extended period of time without getting your computer infected, you will probably get by without UAC just fine.

If, however, the word ‘hacker’ scares the shitaki out of you, or if you’ve disabled your firewall because you did not want you computer to catch fire because of it, then you will be  better off leaving UAC enabled, to let us all sleep a bit better at night.

Andrei Belogortseff
WinAbility Software Corp.

More information:

• What is UAC?
• What is TweakUAC?
• Download TweakUAC
• TweakUAC License (EULA)