Submission details
include a "always allow this program" checkbox in user account control pop-up..
this suggestion is in regards to the popup that appears under certain user account control settings which asks: " Do you want to allow the following program to make changes to this computer?"
the user account control user account settings lack usability in that you can select a level at which notification settings appear, however those settings apply to all programs without the ability to apply exceptions.
it does not seem to be possible (or at least easily, or at all that i have been able to find) to set exceptions to the popup dialogue for individual programs.
i would include a checkbox to "always allow program" in the popup which would easily solve the problem, as well as a white/ black list in the user account settings.
This way trusted programs will not require the sort of multiple clicking that is necessary under certain settings.
Medium
Medium
Not fixed
Discussion (34 comments)
what identifies a program as being the same every time? Seems exploitable to offer a way out
noone is making you check the box.
as it stands i can disable the whole thing
-but not have it so it blocks things until i say they are ok.
: thats all i want.
i understand the risks and have my own additional protections.
Then what would happen when the user allowing cmd,exe automatically elevate and some malware executes "cmd /c "format c:""?
then the user allowing cmd,exe would be an idiot.
since when does windows need to be stupid-proof?
ok so have an admin overide to disable the option for environments where the users are predominently stupid.
The USER should have full control over THEIR systems. This is a great idea. After all if your the only one useing the damn thing, chances are you know what your doing.
and if your using an OS with out a security suite then you'll only asking for trouble.
Chris, shut the fuck up, stop pretending you've got anything valuable to contribute.
Real mature.
i would be fine with the feature requiring an admin password so that other users cant use it to always allow "dangerous" programs.
lets face it- if a user doesnt know what they are doing: when the UAC asks for permission they will just allow it because they dont know whats going on anyway.
What if you dont have a password?
password:
if you want one - set it up.
if you dont- dont.
Right, so....... if you dont have one then setting up an admin password is pontless
yup- unless you want one.
a password is useful for some.
pointless for others.
there is no ONE type of computer user,
there are millions each with different needs.
.chris is right - this stuff should be fully user customisable.
look at firefox and the way it blew IE out of the water.
IE is still scrambling to catch up.
Firefox wins because it can be customised above and beyond IE.
It can become the browser that 'I' want.
a OS is the same:
i am going to use computers whether or not there is a windows OS out there.
i dont use my computer to run windows.
i use windows to run my computer.
can anyone spot the difference.
but i am afraid i may have digressed....
meh, you have the right to freedom of speech. (even though some countries forbid that)
If a program is always asking to have admin access, either update the program cuz you're running an older version, or expect it will always require admin access. I think this is a terrible idea because if you can store a list of programs that is allowed to be automatically put to admin privaleges, then it can be accessed by malware/spyware to then add other programs to that list which you may have not approved.
As for Chris here, UAC is here to stay and you can't stop it. This is how modern OS's now a days work, go back to Windows XP if you don't want UAC.
Woah there. Did I say I didnt like UAC? please go back to school and learn to read you dumb fuck
@Chris said:
"The USER should have full control over THEIR systems. This is a great idea. After all if your the only one useing the damn thing, chances are you know what your doing.
and if your using an OS with out a security suite then you'll only asking for trouble. "
Sounds like you don't like UAC to me. And you advocating a security suite only shows how little you know. Sounds like a marketer to me :) Got any buzz words for us?
Just because I said that, does not mean i dont like UAC
ok, so for example: everytime i use winamp i have to click on the shortcut to run winamp and then click again to give it permission to run.
isnt my initial click an implied permission to run?
why am i required to double-handle this?
i am ALWAYS going to allow winamp when i have clicked to run it.
BUT i would like to have the UAC catch some other programs.
can windows not tell what is a user initiated event and what is program initiated?
in this case: cant a virus/trojan, whatever, be set to give the UAC window focus and send the enter key to it thereby bypassing it anyway? (in some settings)
if you requred admin password to activate the ALWAYS feature: how exactly would the trojan be able to set other programs to always have access?
ok so i just figured out how it could do it- but that way would be just as effective against the system as it now stands.
-1!
That would lead you to a security risk. If you want viruses, just make that option for yourself, nobody stops you from doing that. Or if you can't do that, shut up.
@liquid23au:
And why would Winamp need admin rights? Just infect your system, lameā¦
Winamp tries to associate filetypes to it if they are not already associated with it. Unfortunately when it tries to do that, it fails. Hence why it keeps on attempting to do it.
I got around this by opening an mp3 from windows explorer and setting the default program to winamp, the it stopped asking me.
Not sure who to blame here, but the quicker fix is for winamp to fix their file association attempt so it actually works.
To be honest, I think it's Winamp and the other hostile programs that should be changed. Setting file types should only be done in setup, the options window and the Default Programs control panel, NOT on program launch.
Besides, Default Programs doesn't require admin rights so I guess that file types can be change per-user basis.
Yep because I don't need admin privaleges to set mp3's to always open with winamp, so neither should winamp. And I'm running as a regular user, not a logged in admin whose downgraded to a regular user.
i would agree that it is the programs running on windows that should be changed- but until they do i would apreciate a work around.
i have no idea how to do it myself, if i did i would have no need to make comment in the first place.
i would just modify it and move on.
terlling me to shut up is a bit harsh seeing as how i didnt exactly force you to read about my opinions- you chose to do that yourself.
The work around has been mentioned already. But I'll say it again for ya. Right click mp3, select open with -> choose default program. Select winamp from the list and click the option that says its to be the default program. There ya go. Now it won't ask on launch of winamp.
As for the reason why it asks you for admin privileges, windows does not know the difference between you launching a program and a program launching that same program. Hence why it has to ask. It's done for security reasons and windows is not the only OS that does it, so does linux and Mac OS X. Get use to it because this is the way OS's are going to behave from here on out. Gone are the days of windows xp.
As for you changing the behavior yourself, even if you learn to be a programmer, that's not gonna happen. This is down in the kernel and developers have absolutely no access to that.
Comment edited on March 18, 2010, 8:23am
thanks pyrates.
i apreciate the response.
... i forgot to mention that it is already the default program and it still pops up.
i want to set default responses for each program.
actually- for winamp: i would like it to always select 'no'.
but anyway...
um....
as i said:
seeing as windows cant tell the difference:
what is stopping a trojan from selecting and clicking 'allow'?
... it seems to me that the whole thing is just a giving us all a false sense of security and control anyways.
thanks for giving me an oportunity to give my 2 cents worth.
i just want to customise it to suit the way i use it:
is that wrong?
(the answer you are looking for is no, but dont bother; it was a rhetorical question.)
maybe im in the wrong forum....
is this the: 'lets keep windows 7 just the way it is , because its so perfect' forum?
(another rhetorical question, this time with quite a bit of sarcasm implied.)
heh heh.
have a good one guys!
Malicious software is prevented from selecting and clicking Allow by Secure Desktop - what happens when the screen goes daark for a UAC prompt. This prevents interaction with the prompt by other programs. Of course, you can turn this off by turning the UAC Control Panel slider down one notch.
cool.
yes i have had that turned off...
perhaps i'll turn it on now....
Here's secure desktop explained more. Although it says vista, the same thing happens in windows 7.
http://cybernetnews.com/vista-uac-secure-desktop-explained/
And here is the basic explanation of why you don't want it disabled:
What this does is make it so the UAC dialog can be interfered with (accepted without your knowledge) by another application, including a malicious one that triggered UAC by needing Administrator-level rights.
Comment edited on March 18, 2010, 9:34am
GOOD LINK.
I can see the point of it.
but
it is still REALLY REALLY annoying.
Is there really no other way for this to be done?
Short answer: No.
Long answer: You can't have security and convenience. I choose security over convenience. It costs me less in the long run. And when I mean cost, I mean money. Would you give up the alarm and keys for your car so that you don't have to bother with having to disable the alarm and not have to then unlock the car? I don't think so. Because then you'd know someone else would be able to do the same thing. I don't care if its annoying to you, it's preventing traditional methods of installing viruses, trojans, bots, root kits, and malware from automatically installing themselves. And before someone says that they can have it ask for their password for authorization, with it disabled, that means a key stroke logger can then log you entering in your password. And then that key stroke logger will send the captured password and the malware when it is prompted by UAC, will then automatically enter the captured password because UAC no longer can prevent other programs from entering in keystrokes.
On linux and Mac OS X, it may not darken the desktop, but when it prompts for the password, you can't click else where as far as I know. So it appears to have the same thing. Anyone want to verify this for me?
Calum.Cook wrote on March 5, 2010, 11:26am
What if malware exploits a security hole in an application you've set to automatically elevate every time it wants to? Yeah, exactly: the malware will take your PC down. I say this with great regret, but it's better the way it is IMO.