telling UAC to run certain apps

[Jeff]

I'm new to 7 so please bear with me.
Everytime I run an app, UAC asks me if it is OK to run it. How do I
tell it that I uses certain apps all the time and the answer will always
be the same for these apps?

Jeff

 

[Dave-UK]

I'm new to 7 so please bear with me.
Everytime I run an app, UAC asks me if it is OK to run it. How do I
tell it that I uses certain apps all the time and the answer will always
be the same for these apps?

Jeff

You can't. All you can do is adjust the UAC settings to your liking.
Control Panel > User Accounts > Change User Accounts Control settings.
( You may have to re-boot, depending on where you set it.)

 

[Jeff]

You can't. All you can do is adjust the UAC settings to your liking.
Control Panel > User Accounts > Change User Accounts Control settings.
( You may have to re-boot, depending on where you set it.)

That's kind of dumb. One would think it would work like a firewall does.

 

[Dave-UK]

That's kind of dumb. One would think it would work like a firewall does.

It isn't dumb; if you could select various programs to go on a list to by-pass security
then a malware author could add a virus to that list.
If there is no list then there is no loophole.
You can always turn off UAC, but then you would be back running like XP. Only you
know your level of expertise in dealing with any malware that may come your way.

 

[DanS]

I'm new to 7 so please bear with me.

It isn't dumb; if you could select various programs to go on a list to
by-pass security then a malware author could add a virus to that list.
If there is no list then there is no loophole.

Actually, the list could be UAC protected too, so that doesn't really
apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
checksum) the exe file and if it changed, then UAC could pop up a warning
saying 'this previously allowed program has changed'.......

There.....problem solved.....and not very hard either.

 

[Jeff]

Actually, the list could be UAC protected too, so that doesn't really
apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
checksum) the exe file and if it changed, then UAC could pop up a warning
saying 'this previously allowed program has changed'.......

There.....problem solved.....and not very hard either.

You beat me to it. As a lonmg time user of ZA that was exactly what I
was thinking.
Jeff

 

[DanS]

That's kind of dumb. One would think it would work like a firewall

You beat me to it. As a lonmg time user of ZA that was exactly what I
was thinking.
Jeff

Yes, I've used ZA for a long time too. One reason I had used it was
because back when, it was a firewall. That was it. Then all the
'security' vendors started to release all these 'security suites' which
included this, that, the other thing, *and* the kitchen sink.

ZoneLabs then did that too, but at the same time, relegated the firewall-
only product to be a free for home use program.

You can't beat that.

 

[Joel]

Actually, the list could be UAC protected too, so that doesn't really
apply. Additionally, just like ZoneAlarm does, UAC could MD5 hash (or
checksum) the exe file and if it changed, then UAC could pop up a warning
saying 'this previously allowed program has changed'.......

There.....problem solved.....and not very hard either.

Dave was right. The whole point of UAC would be defeated by using
(which btw would be something far beyond MD5) cryptographic lists.
Setting permissions on individual folders, and tolerating other
dimensions of UAC, is the viable way to coexist with UAC - which I
don't necessarily think is a bad idea. I prefer the 2K/XP way, but I
also ran them for the last 10 years.

 

[Dave-UK]

I only see your posts in other peoples replies as you are in my kill file.
Probably because you reply to Alias, Yanaire, Frank or the other trolls.
I don't know enough about UAC to offer you a technical argument but if you
think you have a valid point about UAC you can always e-mail your suggestions
to a man who, I think, will listen, Mark Russinovich.

Inside Windows 7 User Account Control.
Mark Russinovich.
http://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx

 

[Ken1943]

I'm new to 7 so please bear with me.
Everytime I run an app, UAC asks me if it is OK to run it. How do I
tell it that I uses certain apps all the time and the answer will always
be the same for these apps?

Jeff

Was reading about a way using Task Schedular, but did not get into it
further. I have UAC turned off !


KenW

 

[DanS]

Dave was right. The whole point of UAC would be defeated by using
(which btw would be something far beyond MD5) cryptographic lists.

The list (in the registry ?) doesn't need to be encrypted. It just needs
to be UAC protected, like much of the registry is now. And the MD5 hash
is just of the exe file. The hash is created, and stored in the UAC
protected area of the registry. When the program is launced, UAC would
check its list, and rehash the exe file. If the hash is still the same as
as when the UAC exception was created, it will run the app. If the hash
has changed, that means something changed the exe file, UAC will report
this, and the exe will not run w/o the UAC prompt.

I fail to see how that defeats anything. We can agree to disagree, and
leave it at that.

 

[Thip]

Was reading about a way using Task Schedular, but did not get into it
further. I have UAC turned off !


KenW

Me too. I hate it.

 

[Joel]

The list (in the registry ?) doesn't need to be encrypted.

The MD5 (or other algorithm) hash is cryptographic - I wasn't
referring to any specific method of storing the allowed-programs list.

It just needs
to be UAC protected, like much of the registry is now. And the MD5 hash
is just of the exe file. The hash is created, and stored in the UAC
protected area of the registry. When the program is launced, UAC would
check its list, and rehash the exe file. If the hash is still the same as
as when the UAC exception was created, it will run the app. If the hash
has changed, that means something changed the exe file, UAC will report
this, and the exe will not run w/o the UAC prompt.

I fail to see how that defeats anything. We can agree to disagree, and
leave it at that.

I'm not suggesting that you couldn't have software to use the
technique you describe - but that it wouldn't relate to the purpose of
UAC. The more exceptions you have to it, the more potential for
breaking it. And in this particular case, it'd be more of a total
backdoor than an exception - UAC is meant to give human interaction by
an authorized user, to approve potentially unsafe behavior.

Personally, I don't see the point of it, but it is necessary if one
wants the kind of file-system protection (and OS-settings monitoring)
that advanced operating systems are capable of. It would still be
possible to tweak one's system to avoid most UAC prompts, without just
disabling it and file-system protection altogether (but I'm glad that
they allow me to do that if I choose to).