Post your security setup

[Patrick]

My desktop currently has UAC disabled and chrome. Thats all it needs.

[MAA83]

I'm sure UAC is good and all, but it's a poor implementation for the user. We're generally above average users and a good amount of us I think get annoyed by UAC. I can imagine (and have seen) everyday users want to throw their machine because UAC is constantly hounding them about thing's that are obviously secure. For example, the reason why I disabled it? The only time I got a notification from UAC... was when I got one from D+ regarding something trying to change the registry, reach a service, etc. So maybe it's doing extra stuff in the background, but from the users perspective, it's redundant and annoying (a notification box and a halt on whatever is going on is more than sufficient, I don't need the dim my screen, play the sound, and keep me from doing anything else). And that is so annoying that it negates any marginal security improvements it may provide that isn't covered by the rest of the security products we all use, so I would rather just turn it off. Next time microsoft needs to make it work more in the background, and smarter. D+ learns my system processes and behavior. But if I stick the same damn USB drivie with a boot.ini on it in to W7.. it will ask me over. and over. and over. everytime. If I really, really, positively want to run this. And when it DOES send me a notification, make it less big brother, less intrusive, more user friendly. Another thing..we're not all stupid. I run as administrator for a reason. I KNOW I am running as admin. I KNOW windows doesn't think it's a good idea for me to. But I don't want UAC constantly badgering me and reminding me that it's not a good idea to run as an admin. It's not a bad idea either. Nothing stupid happens unless you tell your computer to do something stupid as an administrator and it does it. It's a risk taken and I guess my point is theres no options for fine tuned control over what UAC monitors or doesn't. Maybe I want registry modifications monitored, but not system file changes... anyways, my point is until UAC matures more, it's just a PITA and it's functions are not integral to system security if you have other means of protecting your system from modification and aren't too clueless about what you're doing it.

That said UAC does have it's time and place to be used. I think it's great in corporate evironments to prohibit user actions etc. but for MY home/personal use its a PITA.

So anyone seen any good movies..

[zakazak]

For me, UAC doesn't really notifiy me except when installing smth or running teamviewer (and that seems to be a bug on my pc.. other people don't get an UAC notification with teamviewer). And that's how it should be. UAC will only warn you when smth is trying to access sensible data (you can check on wiki which paths/registrys/..). Actually no program should need UAC access when running it. Most new programs won't even need admin rights (UAC -> yes) when installing. And that's how it should be.

I surely can understand that it gets annoying when you run a program/file/whatever all the time and even tough you know it's safe, windows will give you the UAC prompt. Since I have that with teamviwer, I can understand that this gets a bit annoying. But really.. its just one password (2 seconds) and I run teamviewer once every 7 days? So I don't mind it at all especially when thinking of the great security layer that UAC offers.

I always was against UAC (annoying annoying !) but I started trying it out a year ago.. and my experience:
If a program (when starting it) asks for admin rights then it is either a bad coded program or a malicious program.

But I think you are right when you say that there is still a lot to improve on UAC(-notifiactions).

[MAA83]

Yeah I think one of the biggest things that they could add that would probably make it a much smoother, seamless service for me personally is adding exceptions. Maybe it is possible and I just don't know how. For example, my office is installation is legit, but the activation is done via an activator which tricks it into thinking it's a volume licensed product and it sets up a fake autokms checker to authenticate, UAC always interrupts me whenever I open an office document to ask me if it's ok for AutoKMS.exe to modify file/create a new process. AutoKMS looks like a "suspicious" exe but I know it's not. Yet there's no way for me to tell UAC to just ignore AutoKMS.exe. Anyways, I'm not trying to hate on UAC, these are just some of the improvements I would like to see.. more integrated and unobtrusive notifications, and more selective settings over what to monitor, and an exceptions/white list capability.